Google Chrome (32-bit) 歷史版本列表
更新時間:2018-02-14
更新細節:
What's new in this version:
Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26
Google Chrome 64.0.3282.140 (32-bit)
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.119 (32-bit)
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes
Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version
Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals
Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message
Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.
Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version
Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes
Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version
Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings
Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS
Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower
Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version
Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).
Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media
Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes
Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing
Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214
Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance
Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue
Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18
Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10
Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers
Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version
Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes
Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes
Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7
Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues
Google Chrome 30.0.1599.69
- Tabs freeze up
- Lag in some games/GPU issues with certain monitors
Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
更新時間:2018-02-12
更新細節:
What's new in this version:
Outputs:
- Two additional independent outputs for vMix Call, Replay and NDI (Pro and 4K editions only)
- Second recorder with an independent recording format that can be assigned to one of the 4 outputs. (Pro and 4K editions only)
Production Clocks:
- New Dual Production Clock can now be enabled from Settings -> Options
- Each of the clocks can display either the current time, recording duration, streaming duration or a countdown to an event
- Clock display can also be added as an input which can be assigned to the MultiView Output
- Clock input can also be enabled as an NDI source on the network, providing a mobile clock that can be displayed anywhere using the free NDI tools!
vMix Call:
- Audio and Video sources sent to guests can now be changed independently at any time from the right click menu
- All vMix editions including Basic HD can now connect to a remote vMix Call running HD or higher
- New Low Latency option added. This can be used on reliable, high bandwidth point to point connections where the lowest possible delay is required
Audio:
- New Channel Matrix option available for every input that supports audio
- Provides a 8x16 channel audio router to every input that can be assigned to any of the audio output buses in any combination
- Live audio meters added to each channel in the Input Channel Mixer
Streaming:
- Improved streaming settings layout
- Each of the 3 destinations now supports independent bitrate and resolution settings
- Hardware Encoder can also be controlled independently on each stream to assist with systems where GeForce cards only support 2 encoders at a time
PTZ:
- Added new Visca Over IP support to connect to newer Sony SRG series cameras in addition to the new IP model from Lumens
Titles:
- Added support for controlling NewBlue Titler Live 3.0 via NDI
- Supports commands such as AnimateIn, AnimateOut which can be accessed from the Input right click menu or assigned to controllers using the new shortcut function NDICommand
- Supports live editing of Titler Live templates from within the vMix Title Editor and Web Controller, with the ability to assign data sources as well
- vMix now includes the vMix Title Pack for free! This includes 36 additional templates including scoreboards and lower thirds.
Other:
- Added support for X-keys XK-68 Jog/Shuttle controller
- Improved CPU usage when streaming, particularly with 4K
- Improved performance with 4K Magewell capture cards
- New TCP API for embedded devices. See Developer Information in the help for more information
更新時間:2018-02-01
更新細節:
What's new in this version:
Google Chrome 64.0.3282.140 (32-bit)
Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 64.0.3282.119 (32-bit)
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes
Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version
Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals
Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message
Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.
Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version
Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes
Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version
Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings
Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS
Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower
Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version
Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).
Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media
Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes
Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing
Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214
Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance
Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue
Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18
Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10
Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers
Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version
Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes
Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes
Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7
Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues
Google Chrome 30.0.1599.69
- Tabs freeze up
- Lag in some games/GPU issues with certain monitors
Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
更新時間:2018-01-25
更新細節:
What's new in this version:
Google Chrome 64.0.3282.119 (32-bit)
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes
Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version
Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals
Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message
Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.
Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version
Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes
Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version
Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings
Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS
Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower
Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version
Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).
Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media
Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes
Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing
Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214
Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance
Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue
Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18
Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10
Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers
Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version
Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes
Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes
Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7
Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues
Google Chrome 30.0.1599.69
- Tabs freeze up
- Lag in some games/GPU issues with certain monitors
Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
更新時間:2017-12-27
更新細節:
What's new in this version:
- Interoperability with vSphere 6.5 Update 1
- Support for additional guest operating systems: Windows Server 2016, Ubuntu 16.
- Converter Standalone 6.2 adds a new configuration option in converter-worker.xml for Linux migrations. You can provide a path for the temporary files of vmware-sysinfo to be extracted and executed. If the Linux policy does not allow running code from /tmp directory from a privileged user, you can uncomment and add proper directory in the tag in converter-worker.xml, and then restart the worker service.
- Note: This affects all future Linux conversions until the value is restored and the service is restarted again.
- With Converter Standalone 6.2 you can change the default destination provisioning disk type from thick to thin. You must open the converter-worker.xml file, change the value of the tag to 'true', and restart the worker service.
- Note: This affects all future conversions until the value is restored to 'false' and the service is restarted again.
- Note: Converter Standalone 6.2 does not support Virtual Hardware versions above 11. For selected hardware versions above 11, features are limited to the features in version 11.
更新時間:2017-12-15
更新細節:
What's new in this version:
Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot
Google Chrome 62.0.3202.89 (32-bit)
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8
Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8
Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL
Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version
Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102
Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version
Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot
Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot
Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version
Google Chrome 59.0.3071.104 (32-bit)
Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer
Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.
Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba
Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC
Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8
Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null
Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version
Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative
Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version
Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version
Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version
Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP
Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).
Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version
Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.
Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.
Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version
Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."
Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.
Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).
Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.
Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)
Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome
Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.
Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version
Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.
Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)
Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267
Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing
Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version
Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)
Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer
Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).
Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8
Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)
Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version
Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink
Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version
Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue
Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported
Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards
Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160
Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print
Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).
Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance
Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.
Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version
Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes
Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version
Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals
Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message
Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.
Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version
Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes
Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version
Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes
Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings
Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS
Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower
Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version
Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).
Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media
Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes
Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing
Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214
Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance
Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue
Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18
Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10
Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers
Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version
Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes
Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes
Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7
Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues
Google Chrome 30.0.1599.69
- Tabs freeze up
- Lag in some games/GPU issues with certain monitors
Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance