They close a critical WebKit flaw discovered by Google TAG under a CISA order requiring federal agencies to patch by August 12.