Google Chrome (32-bit) 歷史版本列表
谷歌瀏覽器是一個瀏覽器,結合了最小的設計和先進的技術,使網絡更快,更安全,更容易。一切都使用一個框 - 輸入地址欄,並獲得搜索和網頁的建議。您的熱門網站的縮略圖,讓您立即以任何新標籤閃電般的速度訪問您最喜愛的網頁。桌面快捷方式允許您直接從桌面啟動您最喜愛的 Web 應用程序。 Chrome 瀏覽器的離線安裝程序已經被超過一半的在線用戶使用,它很可能會在其他瀏覽器中迅速獲得動力.為什麼要使用谷歌瀏覽... Google Chrome (32-bit) 軟體介紹更新時間:2018-08-09
更新細節:
What's new in this version:
New Features:
- Option to eject disc after burn in Multiburn tool
- Drag n drop support in Multiburn tool
Enhancements:
- Updated installer and translations
Bug Fixes:
- Resolved problem with "error 5" during installation
- Fixed bug with fonts and dark Windows themes
- Minor fix with update notifications
- Minor bug fixes and improvements
更新時間:2018-06-06
更新細節:
更新時間:2018-05-11
更新細節:
What's new in this version:
Google Chrome 66.0.3359.170 (32-bit)
- Publish DEPS for Chromium 66.0.3359.170 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.170 by chrome-release-bot
- Warmup text color API for pdf compositor service by Wei Li
- Incrementing VERSION to 66.0.3359.169 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.168 by chrome-release-bot
- [Blink] Simplify CompositedLayerMapping::ComputeGraphicsLayerParentLocation() by Tien-Ren Chen
- Incrementing VERSION to 66.0.3359.167 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.166 by chrome-release-bot
- Merge to M66: Apply ExtensionNavigationThrottle filesystem/blob checks to all frames. by Charlie Reis
- Incrementing VERSION to 66.0.3359.165 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.164 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.163 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.162 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.161 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.160 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.159 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.158 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.157 by chrome-release-bot
- [Android O] Stop registering notification channels in Incognito by Anita Woodruff
- m66 merge: Fix crash when the immesriv mode is enabled during initialization by Qiang Xu
- Merge 66: FrameSinkVideoCapture: BeginFrameArgs→DisplayScheduler timestamps by Adam Parker
- Incrementing VERSION to 66.0.3359.156 by chrome-release-bot
- Android: Fix crash when trying to select a photo from an <input> by Andrew Grieve
- Incrementing VERSION to 66.0.3359.155 by chrome-release-bot
- Merge M66 "cros: Move GetCurrentNetworkId call off IO thread." by Xiyuan Xia
- Incrementing VERSION to 66.0.3359.154 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.153 by chrome-release-bot
- [Android] Fix a NPE in ImeAdapterImpl by Shimi Zhang
- Merge the fix for crbug.com/817479 to M66. by Sahel Sharify
- Fix fullscreen app list bounds issue by Weidong Guo
- Incrementing VERSION to 66.0.3359.152 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.151 by chrome-release-bot
- Merge M66: Add Windows RS4/1803/17134 OS version support. by Will Harris
- Chrome OS, first run UI: Update rules for showing Sync Settings screen. by Alexander Alekseev
- Incrementing VERSION to 66.0.3359.150 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.149 by chrome-release-bot
- ONC: Allow client cert properties from UI by Steven Bennetts
- Incrementing VERSION to 66.0.3359.148 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.147 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.146 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.145 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.144 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.143 by chrome-release-bot
- Updating XTBs based on .GRDs from branch 3359 by Krishna Govind
- Incrementing VERSION to 66.0.3359.142 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.141 by chrome-release-bot
- Fix the time origin of delayed MIDIOutput::send by tzik
- Incrementing VERSION to 66.0.3359.140 by chrome-release-bot
Google Chrome 66.0.3359.139 (32-bit)
- Publish DEPS for Chromium 66.0.3359.139
- Incrementing VERSION to 66.0.3359.139
- windows: call l10n_util::OverrideLocaleWithUILanguageList() earlier
- [MemCache] Fix bug while iterating LRU list in range doom
- Reland "Remove ".dd" extension from VR icons"
- Revert "Remove ".dd" extension from VR icons"
- Incrementing VERSION to 66.0.3359.138
- Incrementing VERSION to 66.0.3359.137
- Incrementing VERSION to 66.0.3359.136
- Incrementing VERSION to 66.0.3359.135
- Fix cherrypick of "Update isAtLeastP implementation."
- Incrementing VERSION to 66.0.3359.134
- Incrementing VERSION to 66.0.3359.133
- Update isAtLeastP implementation.
- Fix nullptr crash in UpdateSubFrameScrollOnMainReason
- Remove ".dd" extension from VR icons
- Incrementing VERSION to 66.0.3359.132
- Incrementing VERSION to 66.0.3359.131
- Incrementing VERSION to 66.0.3359.130
- Incrementing VERSION to 66.0.3359.129
- Incrementing VERSION to 66.0.3359.128
- Incrementing VERSION to 66.0.3359.127
- Settings > Display: Use a single div
- Incrementing VERSION to 66.0.3359.126
- Revert "Android Accessibility: Set flag to enable jump to last element on ACTION_PREVIOUS_HTML_ELEMENT"
- Revert "[MacViews] Add Lookup in the Textfield Context Menu"
- Incrementing VERSION to 66.0.3359.125
- Incrementing VERSION to 66.0.3359.124
- Updating XTBs based on .GRDs from branch 3359
- Incrementing VERSION to 66.0.3359.123
- Incrementing VERSION to 66.0.3359.122
- Return null InlineBoxPosition if no last text box.
- Incrementing VERSION to 66.0.3359.121
Ignore null navigation item inside didReceiveRedirectForNavigation:withURL:
- media/gpu/v4l2vda: Execute NotifyFlushDone for Flush if input stream is off
- Incrementing VERSION to 66.0.3359.120
- Incrementing VERSION to 66.0.3359.119
- Unbind binding_ in oom_intervention_tab_helper
- Updating XTBs based on .GRDs from branch 3359
- app_list: fix crashes.
- kUseMonitorColorSpace: mark DISABLED_BY_DEFAULT
- [Merge to M66] Cache command-line switches keyed
- m66 merge: cros: Minimized use pre-minimied show state for caption button update
- m66 merge: Move the caption color handling code from WindowStateDelegate to CustomFrameViewAsh
- Incrementing VERSION to 66.0.3359.118
Google Chrome 66.0.3359.117 (32-bit)
Site Isolation Trial:
- Chrome 66 will include a small percentage trial of Site Isolation, to prepare for a broader upcoming launch. Site Isolation improves Chrome's security and helps mitigate the risks posed by Spectre
- To diagnose whether an issue is caused by Site Isolation, use chrome://flags#site-isolation-trial-opt-out as described here. Please report any trial-specific issues to help us fix them before Site Isolation is launched more broadly
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
- Chrome 66 will not trust website certificates issued by Symantec's legacy PKI before June 1st 2016, continuing the phased distrust outlined in our previous announcements
- This update includes 62 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information
- Critical CVE-2018-6085: Use after free in Disk Cache
- Critical CVE-2018-6086: Use after free in Disk Cache
- High CVE-2018-6087: Use after free in WebAssembly
- High CVE-2018-6088: Use after free in PDFium
- High CVE-2018-6089: Same origin policy bypass in Service Worker
- High CVE-2018-6090: Heap buffer overflow in Skia
- High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
- High CVE-2018-6092: Integer overflow in WebAssembly
- Medium CVE-2018-6093: Same origin bypass in Service Worker
- Medium CVE-2018-6094: Exploit hardening regression in Oilpan
- Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
- Medium CVE-2018-6096: Fullscreen UI spoof
- Medium CVE-2018-6097: Fullscreen UI spoof
- Medium CVE-2018-6098: URL spoof in Omnibox
- Medium CVE-2018-6099: CORS bypass in ServiceWorker
- Medium CVE-2018-6100: URL spoof in Omnibox
- Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools
- Medium CVE-2018-6102: URL spoof in Omnibox
- Medium CVE-2018-6103: UI spoof in Permissions
- Medium CVE-2018-6104: URL spoof in Omnibox
- Medium CVE-2018-6105: URL spoof in Omnibox
- Medium CVE-2018-6106: Incorrect handling of promises in V8
- Medium CVE-2018-6107: URL spoof in Omnibox
- Medium CVE-2018-6108: URL spoof in Omnibox
- Low CVE-2018-6109: Incorrect handling of files by FileAPI
- Low CVE-2018-6110: Incorrect handling of plaintext files via file://
- Low CVE-2018-6111: Heap-use-after-free in DevTools
- Low CVE-2018-6112: Incorrect URL handling in DevTools
- Low CVE-2018-6113: URL spoof in Navigation
- Low CVE-2018-6114: CSP bypass
- Low CVE-2018-6115: SmartScreen bypass in downloads
- Low CVE-2018-6116: Incorrect low memory handling in WebAssembly
- Low CVE-2018-6117: Confusing autofill settings
- Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 65.0.3325.181 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 65.0.3325.162 (32-bit)
- 3c9ddcc Publish DEPS for Chromium 65.0.3325.162
- 5d04e9e Incrementing VERSION to 65.0.3325.162
- bf9a718 Fix print job early termination during PDF conversion (M65)
- 0294d59 Clear the download item's target on dealloc.
- fc27079 [M-65] Remove libusb-Windows support for HID devices
- 0f531d1 Incrementing VERSION to 65.0.3325.161
- 502a044 Bail out if there are no stored encryption keys.
- db52a65 Incrementing VERSION to 65.0.3325.160
- a49a99e Incrementing VERSION to 65.0.3325.159
- 98307bfc Incrementing VERSION to 65.0.3325.158
- 03cc863 Incrementing VERSION to 65.0.3325.157
- e939f26 Incrementing VERSION to 65.0.3325.156
- fcbd411 Incrementing VERSION to 65.0.3325.155
- cb9332d [Merge to M65] Fix XFCE frame buttons rendering too large on GTK < 3.20
- dbe7058 Incrementing VERSION to 65.0.3325.154
- e9e37b0 Incrementing VERSION to 65.0.3325.153
- 62c9c15 Incrementing VERSION to 65.0.3325.152
- a0ead6a Fix decidePolicyForNavigationResponse crash for iframes downloads.
- 27ad4eb Logs First Run Sentinel creation failures with FirstRun.SignIn histogram
- 1e3ea2b Incrementing VERSION to 65.0.3325.151
- a6df90f Incrementing VERSION to 65.0.3325.150
- ed7c8bf Devtools: Fix clipping with device emulation.
- 20436a2 Incrementing VERSION to 65.0.3325.149
- d828201 Incrementing VERSION to 65.0.3325.148
- cd60292 Chrome OS OOBE: Change illustration when switching to tablet mode
- f99b7dd android: Fix sensors in device service
- f607cb3 Incrementing VERSION to 65.0.3325.147
Google Chrome 65.0.3325.146 (32-bit)
Security Fixes:
- High CVE-2018-6058: Use after free in Flash
- High CVE-2018-6059: Use after free in Flash
- High CVE-2018-6060: Use after free in Blink
- High CVE-2018-6061: Race condition in V8
- High CVE-2018-6062: Heap buffer overflow in Skia
- High CVE-2018-6057: Incorrect permissions on shared memory
- High CVE-2018-6063: Incorrect permissions on shared memory
- High CVE-2018-6064: Type confusion in V8
- High CVE-2018-6065: Integer overflow in V8
- Medium CVE-2018-6066: Same Origin Bypass via canvas
- Medium CVE-2018-6067: Buffer overflow in Skia
- Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- Medium CVE-2018-6069: Stack buffer overflow in Skia
- Medium CVE-2018-6070: CSP bypass through extensions
- Medium CVE-2018-6071: Heap bufffer overflow in Skia
- Medium CVE-2018-6072: Integer overflow in PDFium
- Medium CVE-2018-6073: Heap bufffer overflow in WebGL
- Medium CVE-2018-6074: Mark-of-the-Web bypass
- Medium CVE-2018-6075: Overly permissive cross origin downloads
- Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- Medium CVE-2018-6077: Timing attack using SVG filters
- Medium CVE-2018-6078: URL Spoof in OmniBox
- Medium CVE-2018-6079: Information disclosure via texture data in WebGL
- Medium CVE-2018-6080: Information disclosure in IPC call
- Low CVE-2018-6081: XSS in interstitials
- Low CVE-2018-6082: Circumvention of port blocking
- Low CVE-2018-6083: Incorrect processing of AppManifests
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version
Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
Google Chrome 64.0.3282.140 (32-bit)
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.119 (32-bit)
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version&l
更新時間:2018-05-11
更新細節:
What's new in this version:
Rank Tracker 8.23.2
- A few minor bugs have been fixed
Rank Tracker 8.23
- Discover the keywords a website is already ranking for with the help of a new Ranking Keywords method
Rank Tracker 8.22.9
- A few minor bugs have been fixed
Rank Tracker 8.22.8
- A few minor bugs have been fixed
Rank Tracker 8.22.7
- The whois library for checking domain age has been updated
- Fixed the issue of Yandex Direct results being collected together with organic rankings
Rank Tracker 8.22.6
- A few minor bugs have been fixed
Rank Tracker 8.22.5
- The problem of blurred interface on retina displays has been fixed
Rank Tracker 8.22.4
- A few minor bugs have been fixed
Rank Tracker 8.22.3
- A few minor bugs have been fixed
Rank Tracker 8.22.2
- A few minor bugs have been fixed
Rank Tracker 8.22.1
- A few minor bugs have been fixed
Rank Tracker 8.22
- Solved the problem with calculating average cost per click value
Rank Tracker 8.21.7
- The issue related to collecting search volume via Google Forecast has been fixed
Rank Tracker 8.21.6
- The fix for new Google Adwords Keyword Planner interface has been implemented
Rank Tracker 8.21.5
- A few minor bugs have been fixed
Rank Tracker 8.21.4
- A few minor bugs have been fixed
Rank Tracker 8.21.3
- Fixed the problem with collecting URLs from Google Top Stories into Keyword Difficulty results
Rank Tracker 8.21.2
- Fixed the bug that caused collecting wrong number of competitors for the 'Keyword Difficulty' tab
Rank Tracker 8.21.1
- A few minor bugs have been fixed
Rank Tracker 8.21
- Fixed the issue with incorrect visibility graph results for project competitors
Rank Tracker 8.20.5
- Fixed duplicated entries for the Keyword Map module, the issue with the filters for Yandex Regions has been fixed
Rank Tracker 8.20.4
- Fixed the problem with Rank Tracker modal windows on MacOS that opened under the main window
Rank Tracker 8.20.3
- Improved UI for minimized interface view and for screens with low resolution and some other minor bugs have been fixed
Rank Tracker 8.20.2
- The time filter from the Keyword Research module has been fixed
Rank Tracker 8.20.1
- New Rank Tracker version with improved memory utilization algorithm for 64-bit Windows machines
Rank Tracker 8.20
- Several bugs have been fixed and UX improvements implemented in Rank Tracker
更新時間:2018-04-27
更新細節:
What's new in this version:
Google Chrome 66.0.3359.139 (32-bit)
- Change log not available for this version
Google Chrome 66.0.3359.117 (32-bit)
Site Isolation Trial:
- Chrome 66 will include a small percentage trial of Site Isolation, to prepare for a broader upcoming launch. Site Isolation improves Chrome's security and helps mitigate the risks posed by Spectre
- To diagnose whether an issue is caused by Site Isolation, use chrome://flags#site-isolation-trial-opt-out as described here. Please report any trial-specific issues to help us fix them before Site Isolation is launched more broadly
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
- Chrome 66 will not trust website certificates issued by Symantec's legacy PKI before June 1st 2016, continuing the phased distrust outlined in our previous announcements
- This update includes 62 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information
- Critical CVE-2018-6085: Use after free in Disk Cache
- Critical CVE-2018-6086: Use after free in Disk Cache
- High CVE-2018-6087: Use after free in WebAssembly
- High CVE-2018-6088: Use after free in PDFium
- High CVE-2018-6089: Same origin policy bypass in Service Worker
- High CVE-2018-6090: Heap buffer overflow in Skia
- High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
- High CVE-2018-6092: Integer overflow in WebAssembly
- Medium CVE-2018-6093: Same origin bypass in Service Worker
- Medium CVE-2018-6094: Exploit hardening regression in Oilpan
- Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
- Medium CVE-2018-6096: Fullscreen UI spoof
- Medium CVE-2018-6097: Fullscreen UI spoof
- Medium CVE-2018-6098: URL spoof in Omnibox
- Medium CVE-2018-6099: CORS bypass in ServiceWorker
- Medium CVE-2018-6100: URL spoof in Omnibox
- Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools
- Medium CVE-2018-6102: URL spoof in Omnibox
- Medium CVE-2018-6103: UI spoof in Permissions
- Medium CVE-2018-6104: URL spoof in Omnibox
- Medium CVE-2018-6105: URL spoof in Omnibox
- Medium CVE-2018-6106: Incorrect handling of promises in V8
- Medium CVE-2018-6107: URL spoof in Omnibox
- Medium CVE-2018-6108: URL spoof in Omnibox
- Low CVE-2018-6109: Incorrect handling of files by FileAPI
- Low CVE-2018-6110: Incorrect handling of plaintext files via file://
- Low CVE-2018-6111: Heap-use-after-free in DevTools
- Low CVE-2018-6112: Incorrect URL handling in DevTools
- Low CVE-2018-6113: URL spoof in Navigation
- Low CVE-2018-6114: CSP bypass
- Low CVE-2018-6115: SmartScreen bypass in downloads
- Low CVE-2018-6116: Incorrect low memory handling in WebAssembly
- Low CVE-2018-6117: Confusing autofill settings
- Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 65.0.3325.181 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 65.0.3325.162 (32-bit)
- 3c9ddcc Publish DEPS for Chromium 65.0.3325.162
- 5d04e9e Incrementing VERSION to 65.0.3325.162
- bf9a718 Fix print job early termination during PDF conversion (M65)
- 0294d59 Clear the download item's target on dealloc.
- fc27079 [M-65] Remove libusb-Windows support for HID devices
- 0f531d1 Incrementing VERSION to 65.0.3325.161
- 502a044 Bail out if there are no stored encryption keys.
- db52a65 Incrementing VERSION to 65.0.3325.160
- a49a99e Incrementing VERSION to 65.0.3325.159
- 98307bfc Incrementing VERSION to 65.0.3325.158
- 03cc863 Incrementing VERSION to 65.0.3325.157
- e939f26 Incrementing VERSION to 65.0.3325.156
- fcbd411 Incrementing VERSION to 65.0.3325.155
- cb9332d [Merge to M65] Fix XFCE frame buttons rendering too large on GTK < 3.20
- dbe7058 Incrementing VERSION to 65.0.3325.154
- e9e37b0 Incrementing VERSION to 65.0.3325.153
- 62c9c15 Incrementing VERSION to 65.0.3325.152
- a0ead6a Fix decidePolicyForNavigationResponse crash for iframes downloads.
- 27ad4eb Logs First Run Sentinel creation failures with FirstRun.SignIn histogram
- 1e3ea2b Incrementing VERSION to 65.0.3325.151
- a6df90f Incrementing VERSION to 65.0.3325.150
- ed7c8bf Devtools: Fix clipping with device emulation.
- 20436a2 Incrementing VERSION to 65.0.3325.149
- d828201 Incrementing VERSION to 65.0.3325.148
- cd60292 Chrome OS OOBE: Change illustration when switching to tablet mode
- f99b7dd android: Fix sensors in device service
- f607cb3 Incrementing VERSION to 65.0.3325.147
Google Chrome 65.0.3325.146 (32-bit)
Security Fixes:
- High CVE-2018-6058: Use after free in Flash
- High CVE-2018-6059: Use after free in Flash
- High CVE-2018-6060: Use after free in Blink
- High CVE-2018-6061: Race condition in V8
- High CVE-2018-6062: Heap buffer overflow in Skia
- High CVE-2018-6057: Incorrect permissions on shared memory
- High CVE-2018-6063: Incorrect permissions on shared memory
- High CVE-2018-6064: Type confusion in V8
- High CVE-2018-6065: Integer overflow in V8
- Medium CVE-2018-6066: Same Origin Bypass via canvas
- Medium CVE-2018-6067: Buffer overflow in Skia
- Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- Medium CVE-2018-6069: Stack buffer overflow in Skia
- Medium CVE-2018-6070: CSP bypass through extensions
- Medium CVE-2018-6071: Heap bufffer overflow in Skia
- Medium CVE-2018-6072: Integer overflow in PDFium
- Medium CVE-2018-6073: Heap bufffer overflow in WebGL
- Medium CVE-2018-6074: Mark-of-the-Web bypass
- Medium CVE-2018-6075: Overly permissive cross origin downloads
- Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- Medium CVE-2018-6077: Timing attack using SVG filters
- Medium CVE-2018-6078: URL Spoof in OmniBox
- Medium CVE-2018-6079: Information disclosure via texture data in WebGL
- Medium CVE-2018-6080: Information disclosure in IPC call
- Low CVE-2018-6081: XSS in interstitials
- Low CVE-2018-6082: Circumvention of port blocking
- Low CVE-2018-6083: Incorrect processing of AppManifests
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version
Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
Google Chrome 64.0.3282.140 (32-bit)
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.119 (32-bit)
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes
Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version
Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals
Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message
Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.
Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version
Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes
Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version
Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings
Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS
Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower
Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version
Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).
Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media
Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes
Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing
Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214
Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
更新時間:2018-03-21
更新細節:
What's new in this version:
Google Chrome 65.0.3325.181 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 65.0.3325.162 (32-bit)
- 3c9ddcc Publish DEPS for Chromium 65.0.3325.162
- 5d04e9e Incrementing VERSION to 65.0.3325.162
- bf9a718 Fix print job early termination during PDF conversion (M65)
- 0294d59 Clear the download item's target on dealloc.
- fc27079 [M-65] Remove libusb-Windows support for HID devices
- 0f531d1 Incrementing VERSION to 65.0.3325.161
- 502a044 Bail out if there are no stored encryption keys.
- db52a65 Incrementing VERSION to 65.0.3325.160
- a49a99e Incrementing VERSION to 65.0.3325.159
- 98307bfc Incrementing VERSION to 65.0.3325.158
- 03cc863 Incrementing VERSION to 65.0.3325.157
- e939f26 Incrementing VERSION to 65.0.3325.156
- fcbd411 Incrementing VERSION to 65.0.3325.155
- cb9332d [Merge to M65] Fix XFCE frame buttons rendering too large on GTK < 3.20
- dbe7058 Incrementing VERSION to 65.0.3325.154
- e9e37b0 Incrementing VERSION to 65.0.3325.153
- 62c9c15 Incrementing VERSION to 65.0.3325.152
- a0ead6a Fix decidePolicyForNavigationResponse crash for iframes downloads.
- 27ad4eb Logs First Run Sentinel creation failures with FirstRun.SignIn histogram
- 1e3ea2b Incrementing VERSION to 65.0.3325.151
- a6df90f Incrementing VERSION to 65.0.3325.150
- ed7c8bf Devtools: Fix clipping with device emulation.
- 20436a2 Incrementing VERSION to 65.0.3325.149
- d828201 Incrementing VERSION to 65.0.3325.148
- cd60292 Chrome OS OOBE: Change illustration when switching to tablet mode
- f99b7dd android: Fix sensors in device service
- f607cb3 Incrementing VERSION to 65.0.3325.147
Google Chrome 65.0.3325.146 (32-bit)
Security Fixes:
- High CVE-2018-6058: Use after free in Flash
- High CVE-2018-6059: Use after free in Flash
- High CVE-2018-6060: Use after free in Blink
- High CVE-2018-6061: Race condition in V8
- High CVE-2018-6062: Heap buffer overflow in Skia
- High CVE-2018-6057: Incorrect permissions on shared memory
- High CVE-2018-6063: Incorrect permissions on shared memory
- High CVE-2018-6064: Type confusion in V8
- High CVE-2018-6065: Integer overflow in V8
- Medium CVE-2018-6066: Same Origin Bypass via canvas
- Medium CVE-2018-6067: Buffer overflow in Skia
- Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- Medium CVE-2018-6069: Stack buffer overflow in Skia
- Medium CVE-2018-6070: CSP bypass through extensions
- Medium CVE-2018-6071: Heap bufffer overflow in Skia
- Medium CVE-2018-6072: Integer overflow in PDFium
- Medium CVE-2018-6073: Heap bufffer overflow in WebGL
- Medium CVE-2018-6074: Mark-of-the-Web bypass
- Medium CVE-2018-6075: Overly permissive cross origin downloads
- Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- Medium CVE-2018-6077: Timing attack using SVG filters
- Medium CVE-2018-6078: URL Spoof in OmniBox
- Medium CVE-2018-6079: Information disclosure via texture data in WebGL
- Medium CVE-2018-6080: Information disclosure in IPC call
- Low CVE-2018-6081: XSS in interstitials
- Low CVE-2018-6082: Circumvention of port blocking
- Low CVE-2018-6083: Incorrect processing of AppManifests
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version
Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
Google Chrome 64.0.3282.140 (32-bit)
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.119 (32-bit)
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes
Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version
Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals
Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message
Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.
Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version
Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes
Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version
Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings
Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS
Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower
Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version
Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).
Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media
Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes
Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing
Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214
Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance
Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue
Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18
Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10
Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers
Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version
Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes
Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes
Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7
Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues
Google Chrome 30.0.1599.69
- Tabs freeze up
- Lag in some games/GPU issues with certain monitors
Google Chrome 30.0.1599.66
- Easier searching by image
更新時間:2018-03-13
更新細節:
What's new in this version:
Google Chrome 65.0.3325.162 (32-bit)
- 3c9ddcc Publish DEPS for Chromium 65.0.3325.162
- 5d04e9e Incrementing VERSION to 65.0.3325.162
- bf9a718 Fix print job early termination during PDF conversion (M65)
- 0294d59 Clear the download item's target on dealloc.
- fc27079 [M-65] Remove libusb-Windows support for HID devices
- 0f531d1 Incrementing VERSION to 65.0.3325.161
- 502a044 Bail out if there are no stored encryption keys.
- db52a65 Incrementing VERSION to 65.0.3325.160
- a49a99e Incrementing VERSION to 65.0.3325.159
- 98307bfc Incrementing VERSION to 65.0.3325.158
- 03cc863 Incrementing VERSION to 65.0.3325.157
- e939f26 Incrementing VERSION to 65.0.3325.156
- fcbd411 Incrementing VERSION to 65.0.3325.155
- cb9332d [Merge to M65] Fix XFCE frame buttons rendering too large on GTK < 3.20
- dbe7058 Incrementing VERSION to 65.0.3325.154
- e9e37b0 Incrementing VERSION to 65.0.3325.153
- 62c9c15 Incrementing VERSION to 65.0.3325.152
- a0ead6a Fix decidePolicyForNavigationResponse crash for iframes downloads.
- 27ad4eb Logs First Run Sentinel creation failures with FirstRun.SignIn histogram
- 1e3ea2b Incrementing VERSION to 65.0.3325.151
- a6df90f Incrementing VERSION to 65.0.3325.150
- ed7c8bf Devtools: Fix clipping with device emulation.
- 20436a2 Incrementing VERSION to 65.0.3325.149
- d828201 Incrementing VERSION to 65.0.3325.148
- cd60292 Chrome OS OOBE: Change illustration when switching to tablet mode
- f99b7dd android: Fix sensors in device service
- f607cb3 Incrementing VERSION to 65.0.3325.147
Google Chrome 65.0.3325.146 (32-bit)
Security Fixes:
- High CVE-2018-6058: Use after free in Flash
- High CVE-2018-6059: Use after free in Flash
- High CVE-2018-6060: Use after free in Blink
- High CVE-2018-6061: Race condition in V8
- High CVE-2018-6062: Heap buffer overflow in Skia
- High CVE-2018-6057: Incorrect permissions on shared memory
- High CVE-2018-6063: Incorrect permissions on shared memory
- High CVE-2018-6064: Type confusion in V8
- High CVE-2018-6065: Integer overflow in V8
- Medium CVE-2018-6066: Same Origin Bypass via canvas
- Medium CVE-2018-6067: Buffer overflow in Skia
- Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- Medium CVE-2018-6069: Stack buffer overflow in Skia
- Medium CVE-2018-6070: CSP bypass through extensions
- Medium CVE-2018-6071: Heap bufffer overflow in Skia
- Medium CVE-2018-6072: Integer overflow in PDFium
- Medium CVE-2018-6073: Heap bufffer overflow in WebGL
- Medium CVE-2018-6074: Mark-of-the-Web bypass
- Medium CVE-2018-6075: Overly permissive cross origin downloads
- Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- Medium CVE-2018-6077: Timing attack using SVG filters
- Medium CVE-2018-6078: URL Spoof in OmniBox
- Medium CVE-2018-6079: Information disclosure via texture data in WebGL
- Medium CVE-2018-6080: Information disclosure in IPC call
- Low CVE-2018-6081: XSS in interstitials
- Low CVE-2018-6082: Circumvention of port blocking
- Low CVE-2018-6083: Incorrect processing of AppManifests
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version
Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
Google Chrome 64.0.3282.140 (32-bit)
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.119 (32-bit)
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes
Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version
Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals
Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message
Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.
Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version
Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes
Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version
Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings
Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS
Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower
Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version
Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).
Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media
Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes
Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing
Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214
Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance
Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue
Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18
Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10
Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers
Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version
Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes
Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes
Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7
Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues
Google Chrome 30.0.1599.69
- Tabs freeze up
- Lag in some games/GPU issues with certain monitors
Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
更新時間:2018-03-13
更新細節:
What's new in this version:
GOM Mix Pro 2.0.1.4
- Fixed error that audio not playing in some video
- Fixed error that audio not playing: Hamomy02.mp3
GOM Mix Pro 2.0.1.3
Addition and improvement of functions:
- Added crop function
- Added custom setting of rotation function
- Changed rotate media icon to video adjustment icon
- (Reverse/Rotate can be set in video adjustment
- The Playback speed setting is in preparation. Please wait a moment.)
- Added 2 kinds of vintage, 2 kinds of camera/film filter
- Added 8 kinds of pastel filter
- Added 8 kinds of gradient cellophane filter
GOM Mix Pro 2.0.1.2
- Fixed freeze error when encoding at 1080p
- Fixed errors related to background music from certain types of formats
- Improved the stability of Preview
GOM Mix Pro 2.0.1.1
- [Urgent] Fixed overlay clip track errors
GOM Mix Pro 2.0.0.10
- [Urgent] Fixed and improved additional package installation errors
更新時間:2018-03-07
更新細節:
What's new in this version:
Google Chrome 65.0.3325.146 (32-bit)
Security Fixes:
- High CVE-2018-6058: Use after free in Flash
- High CVE-2018-6059: Use after free in Flash
- High CVE-2018-6060: Use after free in Blink
- High CVE-2018-6061: Race condition in V8
- High CVE-2018-6062: Heap buffer overflow in Skia
- High CVE-2018-6057: Incorrect permissions on shared memory
- High CVE-2018-6063: Incorrect permissions on shared memory
- High CVE-2018-6064: Type confusion in V8
- High CVE-2018-6065: Integer overflow in V8
- Medium CVE-2018-6066: Same Origin Bypass via canvas
- Medium CVE-2018-6067: Buffer overflow in Skia
- Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- Medium CVE-2018-6069: Stack buffer overflow in Skia
- Medium CVE-2018-6070: CSP bypass through extensions
- Medium CVE-2018-6071: Heap bufffer overflow in Skia
- Medium CVE-2018-6072: Integer overflow in PDFium
- Medium CVE-2018-6073: Heap bufffer overflow in WebGL
- Medium CVE-2018-6074: Mark-of-the-Web bypass
- Medium CVE-2018-6075: Overly permissive cross origin downloads
- Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- Medium CVE-2018-6077: Timing attack using SVG filters
- Medium CVE-2018-6078: URL Spoof in OmniBox
- Medium CVE-2018-6079: Information disclosure via texture data in WebGL
- Medium CVE-2018-6080: Information disclosure in IPC call
- Low CVE-2018-6081: XSS in interstitials
- Low CVE-2018-6082: Circumvention of port blocking
- Low CVE-2018-6083: Incorrect processing of AppManifests
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version
Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
Google Chrome 64.0.3282.140 (32-bit)
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.119 (32-bit)
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes
Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version
Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals
Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message
Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.
Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version
Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes
Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version
Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings
Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS
Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower
Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version
Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).
Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media
Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes
Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing
Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214
Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance
Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue
Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18
Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10
Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers
Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version
Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes
Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes
Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7
Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues
Google Chrome 30.0.1599.69
- Tabs freeze up
- Lag in some games/GPU issues with certain monitors
Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
更新時間:2018-02-23
更新細節:
What's new in this version:
Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version
Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
Google Chrome 64.0.3282.140 (32-bit)
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.119 (32-bit)
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes
Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version
Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals
Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message
Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.
Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version
Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes
Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version
Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings
Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS
Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower
Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version
Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).
Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media
Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes
Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing
Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214
Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance
Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue
Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18
Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10
Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers
Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version
Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes
Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes
Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7
Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues
Google Chrome 30.0.1599.69
- Tabs freeze up
- Lag in some games/GPU issues with certain monitors
Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance