What's new in this version: Google Chrome 109.0.5414.119 - Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 109.0.5414.87 Security Fixes and Rewards: - High CVE-2023-0128: Use after free in Overview Mode - High CVE-2023-0129: Heap buffer overflow in Network Service - Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API - Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox - Medium CVE-2023-0132: Inappropriate implementation in Permission prompts - Medium CVE-2023-0133: Inappropriate implementation in Permission prompts - Medium CVE-2023-0134: Use after free in Cart - Medium CVE-2023-0135: Use after free in Cart - Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API - Medium CVE-2023-0137: Heap buffer overflow in Platform Apps - Low CVE-2023-0138: Heap buffer overflow in libphonenumber - Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads - Low CVE-2023-0140: Inappropriate implementation in File System API - Low CVE-2023-0141: Insufficient policy enforcement in CORS
As usual, our ongoing internal security work was responsible for a wide range of fixes: - Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 108.0.5339.124 Security fixes: - High CVE-2022-4436: Use after free in Blink Media - High CVE-2022-4437: Use after free in Mojo IPC - High CVE-2022-4438: Use after free in Blink Frames - High CVE-2022-4439: Use after free in Aura - Medium CVE-2022-4440: Use after free in Profiles
As usual, our ongoing internal security work was responsible for a wide range of fixes: - [1400487] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 108.0.5339.98 - Change log not available for this version
Google Chrome 108.0.5339.94 Security fixes: - Type Confusion in V8
Google Chrome 108.0.5339.71 Security Fixes: - High CVE-2022-4174: Type Confusion in V8 - High CVE-2022-4175: Use after free in Camera Capture - High CVE-2022-4176: Out of bounds write in Lacros Graphics - High CVE-2022-4177: Use after free in Extensions - High CVE-2022-4178: Use after free in Mojo - High CVE-2022-4179: Use after free in Audio - High CVE-2022-4180: Use after free in Mojo - High CVE-2022-4181: Use after free in Forms - Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames - Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker - Medium CVE-2022-4184: Insufficient policy enforcement in Autofill - Medium CVE-2022-4185: Inappropriate implementation in Navigation - Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads - Medium CVE-2022-4187: Insufficient policy enforcement in DevTools - Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS - Medium CVE-2022-4189: Insufficient policy enforcement in DevTools - Medium CVE-2022-4190: Insufficient data validation in Directory - Medium CVE-2022-4191: Use after free in Sign-In - Medium CVE-2022-4192: Use after free in Live Caption - Medium CVE-2022-4193: Insufficient policy enforcement in File System API - Medium CVE-2022-4194: Use after free in Accessibility - Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing
As usual, our ongoing internal security work was responsible for a wide range of fixes - [1394280] Various fixes from internal audits, fuzzing and other initiative
Google Chrome 107.0.5304.121 Security fixes: - High CVE-2022-4135: Heap buffer overflow in GPU
Google Chrome 107.0.5304.110 Security Fixes and Rewards: - High CVE-2022-3885: Use after free in V8 - High CVE-2022-3886: Use after free in Speech Recognition - High CVE-2022-3887: Use after free in Web Workers - High CVE-2022-3888: Use after free in WebCodecs - High CVE-2022-3889: Type Confusion in V8 - High CVE-2022-3890: Heap buffer overflow in Crashpad
As usual, our ongoing internal security work was responsible for a wide range of fixes: - [1382280] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 107.0.5304.87 Security Fixes: - High CVE-2022-3723: Type Confusion in V8
Google Chrome 107.0.5304.62 Security Fixes: - High CVE-2022-3652: Type Confusion in V8 - High CVE-2022-3653: Heap buffer overflow in Vulkan - High CVE-2022-3654: Use after free in Layout - Medium CVE-2022-3655: Heap buffer overflow in Media Galleries - Medium CVE-2022-3656: Insufficient data validation in File System - Medium CVE-2022-3657: Use after free in Extensions - Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS - Medium CVE-2022-3659: Use after free in Accessibility - Medium CVE-2022-3660: Inappropriate implementation in Full screen mode - Low CVE-2022-3661: Insufficient data validation in Extensions
As usual, our ongoing internal security work was responsible for a wide range of fixes: - [1377543] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 106.0.5249.119 This update includes 6 security fixes: - High CVE-2022-3445: Use after free in Skia - High CVE-2022-3446: Heap buffer overflow in WebSQL - High CVE-2022-3447: Inappropriate implementation in Custom Tabs - High CVE-2022-3448: Use after free in Permissions API - High CVE-2022-3449: Use after free in Safe Browsing - High CVE-2022-3450: Use after free in Peer Connection
Other fixes: - Updating XTBs based on .GRDs from branch 5249 - [Merge to M106] Use HeapMojoReceiver rather than mojo::Receiver for PeerConnectionTracker - [skylab_tests] Update skylab tests cros img version - [M106] Reset the profile pointer in PreferenceValidationDelegate before the profile is destroyed. - 7e1399e [GURL] Migrate referrer to use GURL - [M106] infra: Fetch //chrome/VERSION onto orchestrator builds - Show about:blank in CCTs - [M106] Reland "remove .vpython" - chromeos: Disable failing u2fd.WebauthnUsingPassword.* - [M106] Avoid showing toast after BrandingController destroyed - [SearchResumption] Add user actions and histogram - Fix UAF issue around permission status observer list - CaptivePortalDetector: Test |detection_callback_| - [M106] sqlite: Upgrade to 3.39.4 - AT actions API: Always expose default action at index 0 - [M106] Clipboard paste: use browser-safe version of user activation - [CacheStorage] GetStorageKeys shouldn't rely on QuotaManagerProxy - [M106 merge] Make password fields spellcheck-disabled by default - [M106] Remove SERVICE_ACCOUNT_JSON from logdog wrapper - Add missing early return in RunLegacyDataUseMeasurment experiment - Updating XTBs based on .GRDs from branch 5249
Google Chrome 106.0.5249.103 - Change log not available for this version
Google Chrome 106.0.5249.91 - Change log not available for this version
Google Chrome 106.0.5249.61 Security Fixes: - High CVE-2022-3304: Use after free in CSS - High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools - High CVE-2022-3305: Use after free in Survey - High CVE-2022-3306: Use after free in Survey - High CVE-2022-3307: Use after free in Media - Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools - Medium CVE-2022-3309: Use after free in Assistant - Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs - Medium CVE-2022-3311: Use after free in Import - Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN - Medium CVE-2022-3313: Incorrect security UI in Full Screen - Medium CVE-2022-3314: Use after free in Logging - Medium CVE-2022-3315: Type confusion in Blink - Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing - Low CVE-2022-3317: Insufficient validation of untrusted input in Intents - Low CVE-2022-3318: Use after free in ChromeOS Notifications
As usual, our ongoing internal security work was responsible for a wide range of fixes: - [1368115] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 105.0.5195.127 Security Fixes and Rewards: - High CVE-2022-3195: Out of bounds write in Storage - High CVE-2022-3196: Use after free in PDF - High CVE-2022-3197: Use after free in PDF - High CVE-2022-3198: Use after free in PDF - High CVE-2022-3199: Use after free in Frames - High CVE-2022-3200: Heap buffer overflow in Internals - High CVE-2022-3201: Insufficient validation of untrusted input in DevTools
As usual, our ongoing internal security work was responsible for a wide range of fixes: - [1363148] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 105.0.5195.102 Security fixes: - High CVE-2022-3075: Insufficient data validation in Mojo
Google Chrome 105.0.5195.54 Security Fixes: - Critical CVE-2022-3038: Use after free in Network Service - High CVE-2022-3039: Use after free in WebSQL - High CVE-2022-3040: Use after free in Layout - High CVE-2022-3041: Use after free in WebSQL - High CVE-2022-3042: Use after free in PhoneHub - High CVE-2022-3043: Heap buffer overflow in Screen Capture - High CVE-2022-3044: Inappropriate implementation in Site Isolation - High CVE-2022-3045: Insufficient validation of untrusted input in V8 - High CVE-2022-3046: Use after free in Browser Tag - Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API - Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen - Medium CVE-2022-3049: Use after free in SplitScreen - Medium CVE-2022-3050: Heap buffer overflow in WebUI - Medium CVE-2022-3051: Heap buffer overflow in Exosphere - Medium CVE-2022-3052: Heap buffer overflow in Window Manager - Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock - Medium CVE-2022-3054: Insufficient policy enforcement in DevTools - Medium CVE-2022-3055: Use after free in Passwords - Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy - Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox - Low CVE-2022-3058: Use after free in Sign-In Flow
Various fixes from internal audits, fuzzing and other initiatives: - Create separate copies of PasswordForms instead of keeping raw pointers - Use CancelableCallback in ForcedProfileSwitchInterceptionHandle to avoid use-after-free - Updating XTBs based on .GRDs from branch 5195 - bindings: Remove the prototype chain from observable array handler object - Revert "[Merge-105][Dr-Dc] Add more devices to be blocklisted." - Revert "[Merge-105][Dr-Dc] Disable DrDc on some gpus ." - [M105 Merge][fieldtrial] Add config for NotifyJavaSpuriouslyToMeasurePerf - [M105] Change API used to show the Tailored Security Desktop Dialog - [M105 Merge][WebContentsObserverProxy] Add metric for didStartNavigation - [Merge to M105] Fix buffer overflow in ax_platform_node_auralinux - Merge 105 / Address flaky test: MultipleBadAccessibilityIPCsKillsRenderer - [Merge 105] Revert "Add alternate accelerator for IDC_BASIC_PRINT and deprecate the old one" - [M105 Merge][WebContentsImpl] Don't call DidStartNavigation in child frames - Handle null WebContents when checking display ID - [lacros] Update lacros QA qualified version - [Merge-105][Dr-Dc] Add more devices to be blocklisted - [CPA] Added feature engagement rate limits to action chip - [m105][rollicu] Update TZ to 2022b - [Merge-105][Dr-Dc] Disable DrDc on some gpus - [M105][infra] Use 8-core machines for branched try/fuchsia-binary-size - [M105 Merge][SequenceManagerImpl] Increase temp queue capacity to avoid extra alloc - [M105 Merge][fieldtrial] Add config for jank experiments - [Start] Fix Start surface doesn't response when changing homepage settings - [SearchResumption] Change search resumption module header text - Updating XTBs based on .GRDs from branch 5195 - [Merge to M105] ServiceWorker: Don't run update check during browser shutdown
Google Chrome 104.0.5112.101 Security fixes: - Critical CVE-2022-2852: Use after free in FedCM - High CVE-2022-2854: Use after free in SwiftShader - High CVE-2022-2855: Use after free in ANGLE - High CVE-2022-2857: Use after free in Blink - High CVE-2022-2858: Use after free in Sign-In Flow - High CVE-2022-2853: Heap buffer overflow in Downloads - High CVE-2022-2856: Insufficient validation of untrusted input in Intents - Medium CVE-2022-2859: Use after free in Chrome OS Shell - Medium CVE-2022-2860: Insufficient policy enforcement in Cookies - Medium CVE-2022-2861: Inappropriate implementation in Extensions API
Google Chrome 103.0.5060.134 Security Fixes: - High CVE-2022-2477 : Use after free in Guest View - High CVE-2022-2478 : Use after free in PDF - High CVE-2022-2479 : Insufficient validation of untrusted input in File - High CVE-2022-2480 : Use after free in Service Worker API - High CVE-2022-2481: Use after free in Views - Low CVE-2022-2163: Use after free in Cast UI and Toolbar
Various fixes from internal audits, fuzzing and other initiatives: - Keep refptr to ServiceWorkerVersion in MaybeTimeoutRequest - Updating XTBs based on .GRDs from branch 5060 - Updating XTBs based on .GRDs from branch 5060 - Fix incorrect text itemization for r codepoint - Updating XTBs based on .GRDs from branch 5060 - [M103 Merge] Fix UAF in CloseBubbleOnTabActivationHelper - [M103]Fix an issue that content URI can be used to upload files under app dir - [M103] Allow GPU M1 Macs to use Mac 12 - Fix dawn write handle data update OOB check - [M103] Reland "Fix UaF in media router dialog" - Updating XTBs based on .GRDs from branch 5060 - Disable failing test. - Updating XTBs based on .GRDs from branch 5060 - [OSCrypt] Fix branded GnomeKeyring tests - [M103][Messages][SaveCard] Fix metrics recording error - Updating XTBs based on .GRDs from branch 5060 - Try to avoid blocking reads in InputStream reading code - M103: Use weak ptr for webview JavaScriptDialogHelper callback - [Sheriff] Restore flaky test expectation for mouse-events-on-node-deletion - [M103][Messages][SaveCard] Reset metric recording related variables. - Updating XTBs based on .GRDs from branch 5060 - WebGPU: Mark the context lost on GPU context lost - Mitigate bad cast in OffscreenCanvas::GetFontSelector - Filter command responses from detached CDP sessions - [Merge to 103] Merge fix for crash when enabling calendar in M103" - Disable flaky InspectUIFencedFrameTest.FencedFrameInFrontEnd
Google Chrome 103.0.5060.114 Security Fixes: - High CVE-2022-2294: Heap buffer overflow in WebRTC - High CVE-2022-2295: Type Confusion in V8 - High CVE-2022-2296: Use after free in Chrome OS Shell
Various fixes from internal audits, fuzzing and other initiatives: - Pre-paint: OOF within monolithic content is contained normally - Pre-paint: Remove obsolete inline continuation code - Updating XTBs based on .GRDs from branch 5060 - Switch V8 reference to git hash - Automatic update from google3 - HDR/Windows: SDR displays must have 80 nits - Updating XTBs based on .GRDs from branch 5060 - Disable IntegrationTest.SelfUpdateFromOldReal in M103 - Add bot account to transport_security_state_static owners - M103: [Pinpoint] add pgo bots to M103 - Updating XTBs based on .GRDs from branch 5060 - migrate metrics_python_tests to python3 for M103 - [Sheriff] Disable flaky MachOImageAnnotationsReader tests for M103 - Revert "Move most of partnerbookmarks to the module" - [M103] Let GPU Intel Macs target 12.4 - Updating XTBs based on .GRDs from branch 5060 - testing: fix check_static_initializers.py for python3 for M103 - sheriff: Disable QuarantineMacTest.* - [M103] Disable svg/W3C-SVG-1.1/pservers-grad-05-b.svg to satisfy M103 builders - Updating XTBs based on .GRDs from branch 5060 - Updating XTBs based on .GRDs from branch 5060 - [M103] Disabled crashing test in FirstRunActivitySigninAndSyncTest - Change ShouldDisableDohForManaged to use IsEnrolledToDomain() - [Merge 103]Revert "Refresh policies from Registry dynamically" - 5060: infra: Add the root vpython spec files to orchestrator runtime deps - [Merge 103] crOS: Support SecondaryGoogleAccountUsage policy - [Merge103] Fix context nullptr crash - Updating XTBs based on .GRDs from branch 5060
Google Chrome 103.0.5060.66 - Change log not available for this version
Google Chrome 103.0.5060.53 - Change log not available for this version
Google Chrome 102.0.5005.115 Security Fixes: - High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17 - High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19 - High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13 - High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31
Various fixes from internal audits, fuzzing and other initiatives: - [Merge 102] Disable the enterprise dialog being showed for all users - Revert "Post media log destruction to avoid destruction" - Post media log destruction to avoid destruction - [M102] Migrate "chromium.memory:Linux TSan Builder" src side - Ensure the link data checkbox is always on top of the action buttons - Set selection range after committed composition only for non-IME input - Updating XTBs based on .GRDs from branch 5005 - [Reland][Region Capture] Fix blocking of other-tab captures - [M102] Revert "Remove the AcceptCHFrame base::Feature" - PaintOpReader: Harden PaintImage deserialization - [102] Revert "Enable same-process, cross-origin iframe throttle by default." - [M102][Color Pipeline] Fix extensions badge contrast - Use the right tex target for video frame for ANGLE/Metal - Merge M102: "Retrieve optional video profiles asynchronously." - [Merge 102] [journeys] Respect AllowDeletingBrowserHistory in WebUI Handler - [M102] Fix a regression that CascadeLayerMap is not rebuilt - CHECK that detaching a mapped GPUBuffer was successful - [Merge to M102] [RPM] Add check for 2021 signing key
Google Chrome 102.0.5005.63 Security Fixes: - Critical CVE-2022-1853: Use after free in Indexed DB - High CVE-2022-1854: Use after free in ANGLE - High CVE-2022-1855: Use after free in Messaging - High CVE-2022-1856: Use after free in User Education - High CVE-2022-1857: Insufficient policy enforcement in File System API - High CVE-2022-1858: Out of bounds read in DevTools - High CVE-2022-1859: Use after free in Performance Manager - High CVE-2022-1860: Use after free in UI Foundations - High CVE-2022-1861: Use after free in Sharing - Medium CVE-2022-1862: Inappropriate implementation in Extensions - Medium CVE-2022-1863: Use after free in Tab Groups - Medium CVE-2022-1864: Use after free in WebApp Installs - Medium CVE-2022-1865: Use after free in Bookmarks - Medium CVE-2022-1866: Use after free in Tablet Mode - Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer - Medium CVE-2022-1868: Inappropriate implementation in Extensions API - Medium CVE-2022-1869: Type Confusion in V8 - Medium CVE-2022-1870: Use after free in App Service - Low CVE-2022-1871: Insufficient policy enforcement in File System API - Low CVE-2022-1872: Insufficient policy enforcement in Extensions API - Low CVE-2022-1873: Insufficient policy enforcement in COOP - Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing - Low CVE-2022-1875: Inappropriate implementation in PDF - Low CVE-2022-1876: Heap buffer overflow in DevTools
As usual, our ongoing internal security work was responsible for a wide range of fixes: - [1328866] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 101.0.4951.64 Security fixes: - High CVE-2022-1633: Use after free in Sharesheet - High CVE-2022-1634: Use after free in Browser UI - High CVE-2022-1635: Use after free in Permission Prompts - High CVE-2022-1636: Use after free in Performance APIs - High CVE-2022-1637: Inappropriate implementation in Web Contents - High CVE-2022-1638: Heap buffer overflow in V8 Internationalization - High CVE-2022-1639: Use after free in ANGLE - High CVE-2022-1640: Use after free in Sharing - Medium CVE-2022-1641: Use after free in Web UI Diagnostics
Google Chrome 101.0.4951.54 - Change log not available for this version
Google Chrome 101.0.4951.41 Security Fixes: - High CVE-2022-1477: Use after free in Vulkan - High CVE-2022-1478: Use after free in SwiftShader - High CVE-2022-1479: Use after free in ANGLE - High CVE-2022-1480: Use after free in Device API - High CVE-2022-1481: Use after free in Sharing - High CVE-2022-1482: Ippropriate implementation in WebGL - High CVE-2022-1483: Heap buffer overflow in WebGPU - Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings - Medium CVE-2022-1485: Use after free in File System API - Medium CVE-2022-1486: Type Confusion in V8 - Medium CVE-2022-1487: Use after free in Ozone - Medium CVE-2022-1488: Ippropriate implementation in Extensions API - Medium CVE-2022-1489: Out of bounds memory access in UI Shelf - Medium CVE-2022-1490: Use after free in Browser Switcher - Medium CVE-2022-1491: Use after free in Bookmarks - Medium CVE-2022-1492: Insufficient data validation in Blink Editing - Medium CVE-2022-1493: Use after free in Dev Tools - Medium CVE-2022-1494: Insufficient data validation in Trusted Types - Medium CVE-2022-1495: Incorrect security UI in Downloads - Medium CVE-2022-1496: Use after free in File Mager - Medium CVE-2022-1497: Ippropriate implementation in Input - Low CVE-2022-1498: Ippropriate implementation in HTML Parser - Low CVE-2022-1499: Ippropriate implementation in WebAuthentication - TBD1223475 Low CVE-2022-1500: Insufficient data validation in Dev Tools - Low CVE-2022-1501: Ippropriate implementation in iframe
Various fixes from internal audits, fuzzing and other initiative: - Speculative fix for crashes in ScrollableArea::InjectGestureScrollEvent - Check for error when calling ComputeImageSizeInBytes - [M101] Ensure that thin testers do not set reclient properties - sheriff: Disable DiagnosticsAppWithInput.BrowserTest on ChromeOS - [Sheriff] Disable PolicyToPrefsMapping or ChromeOS dbg - [M101] Allow for setting try_settings without mirrors - ServiceImageTransferCacheEntry: Fix uninitialized values - Check Membership requests should only occur on fresh local state prefs - [M101][QrCode] Fix QR code icon not appearing in the omnibox for CrOS - Temporarily disable opening file:// on Android TM - [M101][infra] Create test specs for linux-blink-rel-dummy try builders - Don't consume user activation when opening windows in WebView - Aw: Add the missing ALGORITHMIC_DARKENING - [M101] stts: don't hold raw view->controller pointer - SessionRestore: Ensure locked profile sessions are not restored - Updating XTBs based on .GRDs from branch 4951 - Switch to use WaitForLoadStop to fix flakiness - Move downloaded models to a randomly generated directory - M101: Prevent the creation of a duplicate dialog in CupsPrintersHandler - M101: Prevent the creation of a duplicate dialog in ScanningHandler - libwebp: update to 1.2.2 (20ef03e) - m101: Fix dangling pointer in DevToolsUIBindingsEnabler - [PriceTracking] Add a flag for whether to parse seen offer to server - [M101][infra] Migrate builder config for chromeos-kevin-rel src-side - [Merge M101]: Fix crash when stopping speech recognition before it has initialized - Revert "CCA: Avoid CameraHalDelegate Leak from VCDF" - Revert "CCA: Moves a Thread subordinate to CameraHalDelegate to its variable" - Fix null pointer exception in PersistedTabData - [Merge M101]: SpeechRecognitionPrivate: Prevent dangling callbacks - Privacy Sandbox Settings: Fix V2 settings always show as on - Add bounds check to WebGPUDecoderImpl::DoRequestDevice - [M101] Sanitize DragData markup before inserting it into document
Google Chrome 100.0.4896.127 - Change log not available for this version
Google Chrome 100.0.4896.88 - [Fuchsia] Handle encryption config change in WebEngineAudioRenderer - Revert "[M100 Merge] Add a crash key "list-of-hung-threads" in the GPU watchdog" - Crostini_upgrader: Handle content::WebContents through weak pointers - Disable extension content script IPC enforcement - [M100][infra] Migrate configs for Android x64 Builder (dbg) src-side - M100: syncfs_internals: Use WeakPtr for DumpDatabaseHandler - MediaDevices: Prevent iterator invalidation during Promise resolution - Fix letterSpacing/wordSpacing for Canvas.Style - Partial revert of "Updater: Fix signing." - Updating XTBs based on .GRDs from branch 4896 - Switch to use WaitForLoadStop to fix flakiness - [Merge 100][iOS] Fix new new FRE bug - [M100][infra] Migrate configs for Android arm Builder (dbg) src-side - DGAPI: Flip runtime feature back to "experimental" (merge to M100) - R[Merge M100] Put Android font lookup cache behind a featureevert "Fix an edge case bug in Windows TSF1 implementation." - [Merge M100] Put Android font lookup cache behind a feature[M100] Remove noop scheduler job for Win11 Tests x64. - [M100] Remove noop scheduler job for Win11 Tests x64. - [M100 Merge] Add a crash key "list-of-hung-threads" in the GPU watchdog - [m100 cherrypick] Disable IME at non password fields when not at the normal screen - [Merge to M100] Reland "Expect non-initial NavigationEntry with empty URL on session restore" - Revert "Enable to iterate DedicatedWorkers from their creators: LocalDOMWindow or DedicatedWorkerGlobalScope" - Fix crash with JAWS screen reader - FrameSinkBundle: Lazily observe BeginFrameSource - Extend force-color-profile forever - [css-typed-om] Disallow CSS-wide keywords for StylePropertyMap.set - M100: Change ownership of BlobBytesProvider - Updating XTBs based on .GRDs from branch 4896 - [M100][infra] Migrate configs for Win x64 Builder src-side - [skia_renderer]: Use RectF::Intersect in ApplyScissor - Turn off the Digital Goods API on Android for now, to work around a crash on WebView - Custom themes should override native color definitions
Security fixes: - High CVE-2022-1305: Use after free in storage - High CVE-2022-1306: Inappropriate implementation in compositing - High CVE-2022-1307: Inappropriate implementation in full screen - High CVE-2022-1308: Use after free in BFCache - High CVE-2022-1309: Insufficient policy enforcement in developer tools - High CVE-2022-1310: Use after free in regular expressions - High CVE-2022-1311: Use after free in Chrome OS shell - High CVE-2022-1312: Use after free in storage - Medium CVE-2022-1313: Use after free in tab groups - Medium CVE-2022-1314: Type Confusion in V8
Google Chrome 100.0.4896.75 - Updating XTBs based on .GRDs from branch 4896 - Rework menu_bg_tinted to not span deps. - Revert "Reland "[Tab Switcher] Refactor - moved aspect ratio determination to helper method. Added static aspect ratio for tablet. Added a couple unit tests for new method in TabUtils"" - [m100 cherrypick] Disable autocorrect for system PK at lock screen - [M100 merge] history: don't handle db error during destruction - Avoid spawning HangWatcher thread in the GPU process due to conflict with WatchDog - Allow sdpSemantics:'plan-b' from the web always on Fuchsia - Updating XTBs based on .GRDs from branch 4896 - [LaCrOS]Temporary workaround to disable RED_8 overlay candidates - Disable the flaky AccessibilityEventsIframeSrcChanged test - Post data URL bitmap fetcher callback on correct thread - Merge to M100: [HPS] Disabled features by default. - [M100] Remove xenial_or_bionic for try android builders - Disabling failing test TaskSchedulerTests.RunAProgramNow - M100: Remove ash-chrome special handling in BrowserView::CanAcrivate - [M100] Expose is_cfm build flag via chromeInfoPrivate API - Fix default centering logic in exo
Security Fixes: - Type Confusion in V8
Google Chrome 100.0.4896.60 Fixed: - High CVE-2022-1125: Use after free in Portals - High CVE-2022-1127: Use after free in QR Code Generator - High CVE-2022-1128: Inappropriate implementation in Web Share API - High CVE-2022-1129: Inappropriate implementation in Full Screen Mode - High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP - High CVE-2022-1131: Use after free in Cast UI - High CVE-2022-1132: Inappropriate implementation in Virtual Keyboard - High CVE-2022-1133: Use after free in WebRTC - High CVE-2022-1134: Type Confusion in V8 - Medium CVE-2022-1135: Use after free in Shopping Cart - Medium CVE-2022-1136: Use after free in Tab Strip - Medium CVE-2022-1137: Inappropriate implementation in Extensions - Medium CVE-2022-1138: Inappropriate implementation in Web Cursor - Medium CVE-2022-1139: Inappropriate implementation in Background Fetch API - Medium CVE-2022-1141: Use after free in File Manager - Medium CVE-2022-1142: Heap buffer overflow in WebUI - Medium CVE-2022-1143: Heap buffer overflow in WebUI - Medium CVE-2022-1144: Use after free in WebUI - Medium CVE-2022-1145: Use after free in Extensions - Low CVE-2022-1146: Inappropriate implementation in Resource Timing
Google Chrome 99.0.4844.84 - Change log not available for this version
Google Chrome 99.0.4844.83 - Revert "Migrate Hangout Services extension to v3 manifest"
Google Chrome 99.0.4844.82 - Change log not available for this version
Google Chrome 99.0.4844.74 - Change log not available for this version
Google Chrome 99.0.4844.51 Security fixes: - Heap buffer overflow in ANGLE - Use after free in Cast UI - Use after free in Omnibox - Out of bounds read in ANGLE - Use after free in Views - Use after free in WebShare - Type Confusion in Blink Layout - Use after free in Media - Out of bounds memory access in Mojo - Use after free in MediaStream - Insufficient policy enforcement in Installer - Heap buffer overflow in Cast UI - Inappropriate implementation in HTML parser - Inappropriate implementation in Full screen mode - Inappropriate implementation in Permissions - Inappropriate implementation in Full screen mode - Use after free in Browser Switcher - Data leak in Canvas - Inappropriate implementation in Autofill - Use after free in Chrome OS Shell - Out of bounds memory access in WebXR - Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 98.0.4758.102 [Extensions] Fix UAF issue in webstorePrivate API. - Fix color space in DesktopCaptureMacV2 - Use AXTree for AXNode lookups by id - Handle more corner cases for textrange endpoints node deletion - [Shopping] Gate access to SubscriptionsManager on feature flag - Updating XTBs based on .GRDs from branch 4758[Private Network Access] Merge: Fix handling of redirects after preflights. - [Private Network Access] Merge: Web Platform Tests for redirects. - [98] Reland "Reland "Take the playout AudioDevice from a MediaStreamTrack's creation frame"" - [Private Network Access] Merge: Test redirects after preflights. - Code health cleanup: replacing animations. - M98: FS: Fix FileUtil lifetime issue - [M98][infra] Stop generating properties.textpb files. - M98][Android] Fix race condition in assigning groups - Updating XTBs based on .GRDs from branch 4758 - [Merge to M98] Disable InitialNavigationEntry flag - M98 merge: [Extensions] Fix a null dereference in CrxInstaller - fix adding to group that is deleted from the tab_menu_model - Revert "WebDriver supports non-BMP characters in SendKeys" - [M98] Unregister Accelerators when AccessiblePaneView is destroyed. - [M98] Fix UAF in TailoredSecurity on Android - [Start] Fix the toolbar gone issue. - [m98] weblayer: Control swallow event only when visible[ios, kSingleNtp] Update LogoVendor's WebState as NTPMediator does - [M98][infra] Change the file extension of the properties file. Cleanup PausablecriptExecutor usage.
[ios, kSingleNtp] Log IOS.NTP.Impression in displayWebState: - [ios/crashpad] ios: Actually merge memory snapshot data - [ios, singlntp] only call ntpDidChangeVisibility: if NTP is active - [ios] Return early in configureCell if not correct MVT cell class - [M98] Add a fuchsia branch type. - [infra] Update active set of LUCI experiments. - [M98] Update the branch.matches code to accept multiple selectors. - [sheriffing] Disable PolicyCorruptedOnStartup test on CrOS. - [M98] add service account in OWNERS file - [M98] Fix linux-ash-chromium-generator-rel - CWVCreditCardVerifierTest.IsExpirationDateValid: Bump years - Fix potential handle reuse in Mojo - Viz: Fix UAF on context loss - [M98][Files SWA]: Use WeakPtr to prevent a possible UAR bug - High CVE-2022-0603: Use after free in File Manager.High CVE-2022-0604: Heap buffer overflow in Tab Groups. - High CVE-2022-0605: Use after free in Webstore API. - High CVE-2022-0606: Use after free in ANGLE. - High CVE-2022-0607: Use after free in GPU. - High CVE-2022-0608: Integer overflow in Mojo. - High CVE-2022-0609: Use after free in Animation. - Medium CVE-2022-0610: Inappropriate implementation in Gamepad API - Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 98.0.4758.82 - Change log not available for this version
Google Chrome 98.0.4758.80 Security Fixes: - High CVE-2022-0452: Use after free in Safe Browsing - High CVE-2022-0453: Use after free in Reader Mode - High CVE-2022-0454: Heap buffer overflow in ANGLE - High CVE-2022-0455: Inappropriate implementation in Full Screen Mode - High CVE-2022-0456: Use after free in Web Search - High CVE-2022-0457: Type Confusion in V8 - High CVE-2022-0458: Use after free in Thumbnail Tab Strip - High CVE-2022-0459: Use after free in Screen Capture - Medium CVE-2022-0460: Use after free in Window Dialog - Medium CVE-2022-0461: Policy bypass in COOP - Medium CVE-2022-0462: Inappropriate implementation in Scroll - Medium CVE-2022-0463: Use after free in Accessibility - Medium CVE-2022-0464: Use after free in Accessibility - Medium CVE-2022-0465: Use after free in Extensions - Medium CVE-2022-0466: Inappropriate implementation in Extensions Platform - Medium CVE-2022-0467: Inappropriate implementation in Pointer Lock - Medium CVE-2022-0468: Use after free in Payments - Medium CVE-2022-0469: Use after free in Cast - Low CVE-2022-0470: Out of bounds memory access in V8 - Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 97.0.4692.99 - Change log not available for this version
Google Chrome 97.0.4692.71 - Change log not available for this version
Google Chrome 96.0.4664.55 - Change log not available for this version
Google Chrome 96.0.4664.45 - Revert "Reland "[CSP] Fix wasm-eval check from workers"" - M96: Storage Foundation: Share FileState ownership with I/O threads. - Fix bug where interception dialog would hang indefinitely for reauths - webcodecs: Avoid premature destruction of |media_encoder_| - [ios] Remove Infobar Overlays from Snapshot drawing - M96: Storage Foundation: Avoid cross-thread access of DOMArrayBufferView. - CHECK WebContents removal in UnloadController - Extend the workaround list to disable hw H264 encoder on some old Intel drivers. - Add "multi_gpu_category": "any" to H.264 encoder disable. - Disable hw H264 encoder on some old NVIDIA drivers. - [Coupon] Parse FL coded coupon response - [M96] Fix linux-lacros-rel doesn't run on branches - Use WeakPtr to prevent using the ptr out of scope - [M96] Revert "[lacros skew tests] Refresh skew tests for M96" - [WebXR] Make VR intent immutable - M96: Storage Foundation: read/write tests with non-zero buffer offsets. - Drop the minor version from macOS web tests - [Start] Fix isStartSurfaceEnabled in Samsung. - Fixed NPE in AddToHomescreenIPHController - Cache HOMEPAGE_PARTNER_CUSTOMIZED_DEFAULT_URI to make getDefaultHomepageUri() correct. - Update Mac Builder and Mac deterministic (dbg) to use Mac default - Updating XTBs based on .GRDs from branch 4664 - Send integer values instead of floats for CPSS UKM stats - Introduce CrossThreadCopier - [M96][Sheriff] Disable grit_python_unittests on mac11-arm64-rel-tests bot. - [Merge-M96] [CrOS] Enable the Release Notes notification from M96 onwards. - [M96] [LensRegionSearch] Mac: use cursor-set rather than push - Merge "Camera Roll: Prevent settings item from showing when flag is disabled" - [Sheriff] Disable ReportingBrowserTest.CrashReportUnresponsive for Mac - [M96 merge] personalization: shrink wallpaper images - Revert "components: tweak the H264 profile at GAVEA" - [M96][LensRegionSearch] Fix crosshair cursor on Mac over scrim. - [layout] Fix performance regression associated with nested tables. - Fix composited plugin paint offset in multicol - Fix overlay scrollbar painting order under nested rel and abs pos - Fix paint location of RemoteFrameView foreign layer - [Contacts] Check the WebContents are still active/valid before launching picker - Merge "SVG Text NG: Fix dynamic update of "transform" attribute" to M96 branch - M96 merge: [STTS] Unregister ReceivingUiHandlers on shutdown - Merge to 96: [Mac A11y] Check whether object exists before converting to BrowserAccessibilityCocoa. - [M96] Reset surface param to default if the request is not a side panel request. - Search History Link Android: fixed the logic to actually follow the signed-in state and not the sync consent - [Merge 96] Site Storage Controls: Add remove metrics by sauski - [M96 Merge] Card Unmask Authentication Selection Dialog Metrics - ComputeContainerNode -> AnchorNode for ScopedForcedUpdate - Disable release fences since they caused a graphical glitch in lacros - [M96] Deleting unused field: `FetchEventPreloadHandle::url_loader`. - [M96 Merge] Make TextOffsetMapping to handle SVG element correctly - app_restore: Add default value for display id when launch ghost window - [Merge-M96] [CrOS] Turn off base::Feature kDefaultCalculatorWebApp for M96. - [merge-m96] [CrOS] Update help_app to BPQAq0LqR4VGeH0ANPn4ci0kkBTVzaLB3ewqcZtRacQC M96 "Reporting: Fix healthd callback not being called"" - [merge-96] [memories] Clear keyword cache when history items are deleted. - [M96] Avoid scrolling from space key when a form field is in focus. - [M96 Merge] [VCN] Add card unmask metrics by Siyu An - Update test certs - Fix crash in ContentSettingsToRequestType() - [Merge 96] [memories] Hard cap visit count at kMaxVisitsToCluster - CacheStorage: Store partial opaque responses. - [M96 Merge] Fix Crash When Card Unmask Authentication Selection Dialog Displays With No Challenge Options - content-visibility: Improve interactions with top layer. - [VirtualCards] Add margin between authenticator icon and description - Pin linux-chromeos-rel's tryjobs to 8 core machines. - Updating XTBs based on .GRDs from branch 4664 - [Extensions] Fix a crash when background type is changed from SW to other
Google Chrome 95.0.4638.69 Security Fixes: - High CVE-2021-37997 : Use after free in Sign-In - High CVE-2021-37998 : Use after free in Garbage Collection - High CVE-2021-37999 : Insufficient data validation in New Tab Page - High CVE-2021-38000 : Insufficient validation of untrusted input in Intents - High CVE-2021-38001 : Type Confusion in V8 - High CVE-2021-38002 : Use after free in Web Transport - High CVE-2021-38003 : Inappropriate implementation in V8
Various fixes from internal audits, fuzzing and other initiatives: - [mojo] Downgrade Mojo handle assertion to DCHECK - [RBD] Fix cart extraction - Updating XTBs based on .GRDs from branch 4638 - Prevent ::first-line from styling prefilled values - Updating XTBs based on .GRDs from branch 4638 - [M95] Regenerate config with updated lucicfg - [Sheriff/M95] Mark some oopr tests as flaky - Updating XTBs based on .GRDs from branch 4638 - Disable QuicTransport explicitly in the Network Service - Merge to M95 release branch: Fix glibc dependency addition - [mojo] Validate INTRODUCE source node - Updating XTBs based on .GRDs from branch 4638 - [Merge to 95] Change CHECK for rfh_restored_from_back_forward_cache_ to if condition - Fix Use-After-Free in ForceSigninVerifier - [M95] Merge fixes for silently redirecting to other browsers - Merge M95: [wmp_ms] Add support for ARGB software frames to copy-on-pause - Force kReadingListMessages flag for testContextMenuSwitch - [M95][realbox] Treat suggestion answers as text without HTML markup - [M95] Remove the use_gitiles_trigger experiment
Google Chrome 95.0.4638.54 Security Fixes: - High CVE-2021-37981 : Heap buffer overflow in Skia - High CVE-2021-37982 : Use after free in Incognito - High CVE-2021-37983 : Use after free in Dev Tools - High CVE-2021-37984 : Heap buffer overflow in PDFium - High CVE-2021-37985 : Use after free in V8 - Medium CVE-2021-37986 : Heap buffer overflow in Settings - Medium CVE-2021-37987 : Use after free in Network APIs - Medium CVE-2021-37988 : Use after free in Profiles - Medium CVE-2021-37989 : Inappropriate implementation in Blink - Medium CVE-2021-37990 : Inappropriate implementation in WebView - Medium CVE-2021-37991 : Race in V8 - Medium CVE-2021-37992 : Out of bounds read in WebAudio - Medium CVE-2021-37993 : Use after free in PDF Accessibility. Ltd. on 2021-10-02 - Medium CVE-2021-37996 : Insufficient validation of untrusted input in Downloads - Low CVE-2021-37994 : Inappropriate implementation in iFrame Sandbox - Low CVE-2021-37995 : Inappropriate implementation in WebApp Installer
As usual, our ongoing internal security work was responsible for a wide range of fixes: - Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 94.0.4606.81 - Revert "Do not restore scroll from history if page scrolled between navigation start and commit" - [omnibox] [bookmark-paths] [short-bookmarks] Revert enable by default - Fixed crash when adding all bookmarks to new group by Federico Paredes - [Private Network Access] Disable secure context restriction on webview - 5b51932 Updating XTBs based on .GRDs from branch 4606 - [merge-m94] [CrOS] Update media_app to coGiL8g_-jt1wKvzRoHIKonIrEXHPsTqmrLgG12siTgC - [lacros skew tests] Refresh skew tests for M96 - Lens and Voice: Fix tracking and presentation on Search Activity. - Updating XTBs based on .GRDs from branch 4606 - [Merge to M94] Use WeakPtr for rfh_restored_from_back_forward_cache_ in NavigationRequest - Use DSE origin for a microphone activity indicator in NTP.ago - [Merge M-94] mojo: CHECK when array has too many elements to serialize - 4606: Disable failing ExtensionSettingsApiTest.ManagedStorageEvents test - Updating XTBs based on .GRDs from branch 4606 - [Android][MFill][Payments] Remove caches from credit card controller - [lacros skew tests] Refresh skew tests for M96 - XTBs based on .GRDs from branch 4606 - [lacros skew tests] Refresh skew tests for M96 - Tell clang not to devirtualize TargetServices - [GMNext] Fix omnibox selection highlight color for Lollipop - android: handle unusual classloaders correctly - Temporarily supply a default for primary bg color - 1320012 Return empty ShoppingPersistedTabData instead of null - [TTS] Fix tap not dismissing after Long-press - [TTS] Fix Smart Selection w/ unintelligent search - Record TabGridSwitched for price drops in the correct place - Remove extra header from "interests" and "hidden" management pages - [Merge M94] Initialize font manager when renderer starts - [Start] Fix location bar width by updating visuals. - [Merge to M94]bento_bar: Add a boolean histogram Ash.Desks.BentoBarIsVisible - Updating XTBs based on .GRDs from branch 4606 - [lacros skew tests] Refresh skew tests for M96 - [Cherry-pick to M94] Allow reinstallation of SODA - [ios] Add Tab.RendererTermination.TotalTabCount - [iOS] Add feature flag for setting request attribution - ios: Optimize calls to reloadInputViews in autofill - [M94][ash-chrome] Fix crash in chromeos::LocaleChangeGuard::OnLogin - Reland: [iOS] Mark requests sent to WKWebView as being user-initiated - Updating XTBs based on .GRDs from branch 4606 - [M94][CrOSSharingHub] Close sharesheet if tab is closed by - [lacros skew tests] Refresh skew tests for M96
Security fixes: - High CVE-2021-37977 : Use after free in Garbage Collection - High CVE-2021-37978 : Heap buffer overflow in Blink - High CVE-2021-37979 : Heap buffer overflow in WebRTC - High CVE-2021-37980 : Inappropriate implementation in Sandbox
Google Chrome 94.0.4606.71 - [M94 merge] personalization: Sync Wallpaper on user's new device. - [Merge to M94] Prevents non-browser processes from requesting memory dumps. - Turn off fractional line-height feature - [Merge 94] Crash fix: do not use parent chain during aria-owns validity check - [iOS] Cancel touches when displaying context menu - Stop Chrome crashing: Disable WindowCaptureMacV2 - Updating XTBs based on .GRDs from branch 4606 - [lacros skew tests] Refresh skew tests for M96 - [Sheriff] Disable PopupBlockerBrowserTest.PrintPreviewPopUnder - Revert "Cancel impl-side scroll animation when we get a programmatic..." - [Merge M94] Observe WebContents in PPAPIDownloadRequest - Updating XTBs based on .GRDs from branch 4606 - Updating XTBs based on .GRDs from branch 4606 - [lacros skew tests] Refresh skew tests for M96 - Temporarily add win10-rel-orchestrator/compilator to m94 - [Sheriff] Disable flaky test on all platforms. - [Merge to M94] Avoid potential CHECK in TtsExtensionEngineChromeOS - [WebAPK] Pass icon data as byte arrays through JNI. - [M94] Collect sizes of direct children of profile data directory. - [lacros skew tests] Refresh skew tests for M96 - [CrOS WebAPKs] Don't create WebApkManager when Web Apps are disabled - heap: Fix write barrier for HashTable backing store - [lacros skew tests] Refresh skew tests for M96 - [M94][ash-chrome] Restore HIDDetectionScreenDisabledAfterRestartTest(s) - Updating XTBs based on .GRDs from branch 4606 - [lacros skew tests] Refresh skew tests for M96 - [web-engine] Push device change notification to system monitor - [Merge to M94]bento_bar: Counting the number of target users of the experiment - [94]: Disable failing AppListRemoveSpaceSyncCompatibilityTest.Basics. - [94] Disable failing KioskUpdateTest.IncompliantPlatformDelayInstall. - [M94] vaapi: fix use-after-frees - [Sheriff] Disable flaky ProfilePicker test - [ios] Cleanup //ios/chrome/app:chrome target
Google Chrome 94.0.4606.61 - Kill a renderer if it provides an unexpected FrameOwnerElementType - Fix a crash in GpuChannelManager::OnContextLost - [Sheriff] Disable flaky ProfilePicker test - [SHERIFF] Disable failing ProfileManagerBrowserTest.AddMultipleProfiles - [M94] Ash is ready file in test_ash_chrome - [94]: Bump RDB results experiment to 100% for CI and try - Updating XTBs based on .GRDs from branch 4606 - Updating XTBs based on .GRDs from branch 4606 - Disable TestClonedInstallClientIdReset in browser_test - Disable IncognitoSSLHostStateDelegateTest.AfterRestartHttp - Updating XTBs based on .GRDs from branch 4606 - tracing: Fix browser crash on socket connection failure on CrOS - Updating XTBs based on .GRDs from branch 4606 - Disable WebXrVrTransitionTest#testPresentationPromiseRejected
Security fixes: - High CVE-2021-37973 : Use after free in Portals
Google Chrome 94.0.4606.54 Security Fixes: - High CVE-2021-37956: Use after free in Offline use - High CVE-2021-37957 : Use after free in WebGPU - High CVE-2021-37958 : Inappropriate implementation in Navigation - High CVE-2021-37959 : Use after free in Task Manager - High CVE-2021-37960 : Inappropriate implementation in Blink graphics - Medium CVE-2021-37961 : Use after free in Tab Strip - Medium CVE-2021-37962 : Use after free in Performance Manager - Medium CVE-2021-37963 : Side-channel information leakage in DevTools - Medium CVE-2021-37964 : Inappropriate implementation in ChromeOS Networking - Medium CVE-2021-37965 : Inappropriate implementation in Background Fetch API - Medium CVE-2021-37966 : Inappropriate implementation in Compositing - Medium CVE-2021-37967 : Inappropriate implementation in Background Fetch API - Medium CVE-2021-37968 : Inappropriate implementation in Background Fetch API - Medium CVE-2021-37969 : Inappropriate implementation in Google Updater - Medium CVE-2021-37970 : Use after free in File System API - Low CVE-2021-37971 : Incorrect security UI in Web Browser UI - Low CVE-2021-37972 : Out of bounds read in libjpeg-turbo
As usual, our ongoing internal security work was responsible for a wide range of fixes: - Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 93.0.4577.82 - Sync: Reset unreasonably-short polling intervals - M93: [IndexedDB] Don't ReportBadMessage for Commit calls - M93: [IndexedDB] Add browser-side checks for committing transactions. [ChromeCart] Add rate control for cart content extraction - Updating XTBs based on .GRDs from branch 4577 - [BackgroundFetch] Pass a copy of the job ID string to cancel event - Roll ChromeOS Bigcore AFDO profile from 93-4577.69-1630924723-benchmark-93.0.4577.77-r1 to 93-4577.69-1630924723-benchmark-93.0.4577.80-r1 - Merge "FIELDSET: Fix a crash on dynamic changes of pseudo elements" to M93 branch - Incrementing VERSION to 93.0.4577.80 - M93: Enable RDB experiment for 5% of all CI and try builds - Merge 4577: Apply list item quirks only when the nested list is block-level - [layout] Remove limit from LayoutInline::SplitInlines - Skip WebGL conformance/programs/program-test.html on all platforms - Rename ci/mac{,11}-arm64-rel-tests try/mac{,11}-arm64-rel - Check if profile manager initialized when checking profile - [ContentIndex] Add Origin checks to mojo methods - [Merge to M93][bfcache] Remove DumpWithoutCrashing for race conditions - [Merge to M93] Ignore OnCreateChildFrame when we're missing RVH for proxy creation - [Merge to M93] Stop crashing when OldPageInfo is sent to non-main frames - [CCT] Fix white background issue for the rounded corner - Updating XTBs based on .GRDs from branch 4577 - Incrementing VERSION to 93.0.4577.79 - [M93 Merge] Fix window focus bug on Windows due to a Linux fix - Remove invalid Terminal app registration pref - [GMNext] Add android:popupMenuStyle attr for translate infobar - Disable overscroll when prefers-reduced-motion is set - [M93 Cherry-Pick] Reland "[Paint Preview] Fix bitmap locking" - Fix crash trying to observe gesture event when animations disabled - [M93 merge] compositor: fix bug in sending damage regions - Tweak android overscroll stretch parameters - Updating XTBs based on .GRDs from branch 4577 by Ben Mason - ReadingList Sync: Fix ping-pong-prone logic - Fix a crash in SavedPasswordsPresenter - Ensure ShowBubble is a no-op if already showing - [M93 Merge][tab strip] Move WebContentsDelegate logic to the TabStripPageHandler by tom - Updating XTBs based on .GRDs from branch 4577 - Ios: Speculative fix for viewWillTransitionToSize crash - Roll src/third_party/libavif/src/ f8b782aad..efed11856 (16 commits) - Content-visibility: Force range base/extent when computing visual selection - [M93] X11: fix tab drag - M93: [X11] Coalesce mouse motion events when dragging - Invalidate for changed PaintedOutputInvisible when a PaintLayer is removed - [segmentation_platform] Fixed segment selector |is_ready| - [RBD] Avoid appending multiple utm_source tags - [Start] Add two new variations. - Updating XTBs based on .GRDs from branch 4577 - [M93 merge] webui: make WebUIAllowlist and WebUIAllowlistProvider thread-safe - [Messages] Update popup block primary action button text - [M93] Remove the glob for generated/luci-milo*.cfg - [M93] Generate the LUCI services configs into a luci subdirectory - [Fuchsia][M93 merge] Fix FuchsiaAudioRenderer to handle PCM streams correctly - [M93] Reject AudioData invalid indexes - [M93] [WebCodecs] Implement support for converting AudioData to float32 - Provide reason for BottomSheetObserver.onSheetStateChanged
Google Chrome 93.0.4577.63 Security Fixes: - High CVE-2021-30606: Use after free in Blink. - High CVE-2021-30607: Use after free in Permissions. - High CVE-2021-30608: Use after free in Web Share. - High CVE-2021-30609: Use after free in Sign-In. - N/A1200440 High CVE-2021-30610: Use after free in Extensions API. - Medium CVE-2021-30611: Use after free in WebRTC. - Medium CVE-2021-30612: Use after free in WebRTC. - Medium CVE-2021-30613: Use after free in Base internals. - Medium CVE-2021-30614: Heap buffer overflow in TabStrip. - Medium CVE-2021-30615: Cross-origin data leak in Navigation. - Medium CVE-2021-30616: Use after free in Media. - Medium CVE-2021-30617: Policy bypass in Blink. - Medium CVE-2021-30618: Inappropriate implementation in DevTools. - Medium CVE-2021-30619: UI Spoofing in Autofill. - NA1063518 Medium CVE-2021-30620: Insufficient policy enforcement in Blink. - NA1204722 Medium CVE-2021-30621: UI Spoofing in Autofill. - NA1224419 Medium CVE-2021-30622: Use after free in WebApp Installs. - Low CVE-2021-30623: Use after free in Bookmarks. - TBD1230513 Low CVE-2021-30624: Use after free in Autofill.
Various fixes from internal audits, fuzzing and other initiatives: - [Win] Notify TextInputClient about input type change during Omnibox init - MediaStreamVideoTrack::GetCaptureHandle: Check WeakPtr before dereferencing - Migrate PermissionChip to OnWidgetDestroying - Merge 93: Null check to fix crash in PlatformGetParent - Updating XTBs based on .GRDs from branch 4577 - [M93] Stop exporting test results to `luci-resultdb.chromium.*` - Updating XTBs based on .GRDs from branch 4577 - [Merge to M93] bento_bar: Consolidate window state with the bento bar - [Merge M93] Fix parameter validation for chrome.tcpServer.getInfo() - [M93] Cleanup branched builders on chromium.fyi console. - Fix eventsource/format-utf-8.htm wpt - [Fuchsia][M93 merge] Fix --shared-array-buffer-allowed-origins for worklets - [CSN] Tweak element paddings - [CSN] Do not trigger on tablets - Revert "Stop setting kStabilityExitedCleanly to true in InitializeMetricsState." - Updati |