If true that strikes me as kind of shitty. I know Apple doesn't care much for maintaining old versions and backwards compatibility but Mavericks isn't all that old.
Ehhh. Maybe. Keep in mind that this bug is probably one of the least serious of the dozens of bugs patched today, as there's very little damage you can really do with it. Hardly anyone runs OSX servers, so you're not going to take down any major web sites with this. You can crash someone's browser, but that's actually already pretty easy to do with some javascript that eats a bunch of resources. Chrome doesn't even consider DoS to be a security issue because there's just nothing they'll ever be able to do about it anyhow.
If the bug in any way threatened data integrity or confidentiality, then yeah, they should backport it. But for a DoS, I can see the case for not really caring.
FWIW, for many of the bugs patched today, Apple did in fact backport to Mavericks and even Mountain Lion, so it seems like they haven't completely abandoned old versions.
You can crash someone's browser, but that's actually already pretty easy to do with some javascript that eats a bunch of resources. Chrome doesn't even consider DoS to be a security issue because there's just nothing they'll ever be able to do about it anyhow
They could implement resource limits and stop consuming more resources once those limits are reached.
It would be challenging to tell the difference between a legitimate but resource-hungry site and a malicious one. In the former case, the user may in fact want the site to page everything else out to get the job done.
In any case, DoS attacks exist yet don't seem to be a big problem in practice, probably because there's not much in it for the attacker.
Judging from the many tabs I have open, it seems that you don't need an exploit to eat resources in Chrome! That thing eats my battery and loves CPU feasts without any prompting.
As biglain pointed out, there are people that can't upgrade. Someone who bought a Mac in 2008 is stuck with a release that doesn't get security updates backported. When you're an engineer it's easy to say "Well, that's a seven year old computer anyway. Just buy a new one." There are however people that either can't for financial reasons or see no point when it still works very well for them.
I know companies can't support old software forever though. I also know Apple has their hardware and software coupled fairly tightly so it may not be as simple as simply basing it on resource constraints the way Windows does. But client security is more important than ever and last I checked Apple won't commit to publishing support timelines which doesn't strike me as very fair if you're trying to make an informed decision when purchasing something. It would be nice if they were able to strike a balance between how they do things and Microsoft's noble but certainly expensive and painful commitment to backwards compatibility.
All that said, I have multiple Macs and I love them.
