macOS? More like mac-woe-ess: Google Chrome slip-up trips up SIP-less Apple Macs

Fresh code gives file systems a /var-sectomy – see inside for a manual fix

Sad Mac face

On Tuesday, Google halted deployment of a Chrome update that damaged the file system on some macOS computers and rendered them unable to boot up as normal.

The issue affected enough Mac Pro workstations to warrant attention from Avid, a maker of professional audio and video applications. The company on Tuesday reassured customers that it was looking into the problem, and then said Google had accepted responsibility.

Alerted to the snafu by a bug report, Google suspended its update process – the Chrome update application called Keystone – to fix the flaw.

"We recently discovered that a Chrome update may have shipped with a bug that damages the file system on macOS machines with System Integrity Protection (SIP) disabled, including machines that do not support SIP," the web giant said in a support post. "We've paused the release while we finalize a new update that addresses the problem."

The problem was made possible by disabling SIP, a security enhancement added in 2015 to macOS, starting from version 10.11, that's active by default. Without SIP's file protection, Chrome's Keystone updater managed to remove a symbolic link, or symlink, needed by the macOS file system.

"This symlink is not a directory itself, but points to another directory (/private/var) which contains software necessary for the operating system to boot and function correctly, so removing the /var symlink rendered the affected Macs unbootable," explained Rich Trouton, a Mac sysadmin, in a blog post.

Apple

Breaking news: Apple un-breaks break on jailbreak break

READ MORE

Users of macOS 10.9 and 10.10 may be affected because those OS versions don't have SIP at all; users with macOS 10.11+ should be unaffected if they left SIP in its default setting.

Developers, who often need access to protected system files, and users of audio and video software like Avid's tools, are among those most likely disable SIP.

For those affected by the screw-up – dubbed /var-sectomy – Google has provided a command line fix that can be applied through the Terminal program when in macOS Recovery mode.

From the Terminal, assuming the name of your primary drive is "Macintosh HD", enter:

chroot /Volumes/Macintosh\ HD   # "Macintosh HD" is the default
rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle
mv var var_back  # var may not exist, but this is fine
ln -sh private/var var
chflags -h restricted /var
chflags -h hidden /var
xattr -sw com.apple.rootless "" /var

Now reboot. Google's Keystone update should be removed and the /var symlink should be restored. ®

Sponsored: How to Process, Wrangle, Analyze and Visualize your Data with Three Complementary Tools

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2019