Friday , August 7 2020

No, it was not a virus; it was Chrome that stopped running Macs

MacBook photo with colorful blue screen, which shows serious problems.

On Monday night, Variety announced that the editors of the Los Angeles film who installed the Avid Media Composer software suddenly discovered that their Macs were unable to restart. The publication speculated that malware may be the cause. On Wednesday, Google revealed the real reason – updating the Chrome browser.

Specifically, it was a new version of the Chrome Keystone update that caused so many Macs to stop restarting, according to this open Chrome error post. When the update was installed on Macs that disabled a security feature known as an integrity prevention system and several other conditions, a key part of the Mac system file was damaged, a Google employee told the forum.

"This seems to be a problem with the new version of Google Keystone," wrote a different Google employee earlier in the thread. "We stopped the opportunity and are now working on remediation."

When Your Mac Gets a Varsectomy

SIP, since it is usually the abbreviation of the integrity protection system, was introduced in 2015 in the El Capitan version of macOS (at that time called Operating System X). As its name suggests, SIP is designed to protect the integrity of the operating system by, among other things, protecting certain files and folders from being deleted or modified, except by specific, authorized processes.

An error updating Chrome appears to have inadvertently attempted to modify portions of the macOS file system. When SIP was enabled – as is standard, SIP worked as designed and prevented change. However, when protection was disabled, the file system was modified to prevent Macs from restarting. Specifically, according to the Chrome bug topic, a vigilant Chrome update removed a key symbolic link pointing to the / var folder.

"This results in system instability which may include failure to launch new UI applications, failure to resolve name-by-name in most already running programs, and failure to restart successfully," said one Google employee.

The specific requirements needed to update Chrome to make this change are:

  • SIP must be disabled (or not present, as it is before OS X 10.11)
  • The root directory, /, must be able to be written by the logged-in user
  • You must have the bug version of Keystone installed,
  • Keystone must update the product it oversees.

The reason why so many users of the Avid Media Composer program are affected, Mac's blog post, Mr McIntosh, says that some users of the movie editing software have to disable SIP when using third-party graphics cards. sides. He called the publication a "varsectomy" of error / variants.

Google has instructions for restoring a non-active Mac here. The process involves starting in recovery mode and then opening a terminal window, which can be accessed from the utilities folder among other ways. From there, execute the following commands:

chroot / Volume / Macintosh  HD # "Macintosh HD" is the default
rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle
mv var var_back # var may not exist, but this is OK
ln -sh private / var var
chflags -h restricted / var
chflags -h hidden / var
xattr -sw "" / var

Then restart.

If all goes well, the Mac will reboot with a buggy Chrome update no longer installed and repair the damaged file system. It was not clear when a fixed version of the Chrome update was available.

Source link