A serious flaw in Google Keystone, which controls Chrome updates, is capable of doing major damage to macOS file systems on some computers and has been linked to data corruption that struck Hollywood video editors and others on Tuesday, Variety reported.
Initially, blame for the corrupted file systems was largely directed at Avid and its Media Composer software, which was identified as a common link by film and TV editors who said they could not reboot their Mac Pros after shutdown.
But on Wednesday, Google told users via its support forums that it had “recently discovered that a Chrome update may have shipped with a bug that damages the file system on MacOS machines” and “paused the release while we finalise a new update that addresses the problem.”
According to 9to5Google, what actually happened is that version 126.96.36.199 of the Keystone software shipped with an update that damages the macOS filesystem when System Integrity Protection (SIP) — a security measure that keeps unauthorised software from modifying protected data — had been disabled or is not installed (versions of OS X predating the 2015 El Capitan update). News of the real cause of the issue was first identified by the Mr. Macintosh blog.
“If you have not taken steps to disable System Integrity Protection and your computer is on OS X 10.9 or later, this issue cannot affect you,” Google said in its support note.
Apparently, video editors may have raised the alarm about the issue first because disabling SIP is a requirement to run third-party graphics cards. Variety reported that “dozens of machines at multiple studios” were disabled, including the entire video editing team working on Modern Family.
In the forum post, Google detailed the procedure to restore machines affected by the bug to full function, which can be seen below:
To recover a machine that has been affected by this bug, please boot into recovery mode, and then from the Utilities menu open the Terminal application.
In the Terminal application, you can run the following commands:
chroot /Volumes/Macintosh HD # "Macintosh HD" is the default
rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle
mv var var_back # var may not exist, but this is fine
ln -sh private/var var
chflags -h restricted /var
chflags -h hidden /var
xattr -sw com.apple.rootless " /var
Then reboot. This will remove the affected version of Google Software Update, then restore the damaged portion of the file system.