| What's new in this version: Google Chrome 95.0.4638.54
Security Fixes:
- High CVE-2021-37981 : Heap buffer overflow in Skia
- High CVE-2021-37982 : Use after free in Incognito
- High CVE-2021-37983 : Use after free in Dev Tools
- High CVE-2021-37984 : Heap buffer overflow in PDFium
- High CVE-2021-37985 : Use after free in V8
- Medium CVE-2021-37986 : Heap buffer overflow in Settings
- Medium CVE-2021-37987 : Use after free in Network APIs
- Medium CVE-2021-37988 : Use after free in Profiles
- Medium CVE-2021-37989 : Inappropriate implementation in Blink
- Medium CVE-2021-37990 : Inappropriate implementation in WebView
- Medium CVE-2021-37991 : Race in V8
- Medium CVE-2021-37992 : Out of bounds read in WebAudio
- Medium CVE-2021-37993 : Use after free in PDF Accessibility. Ltd. on 2021-10-02
- Medium CVE-2021-37996 : Insufficient validation of untrusted input in Downloads
- Low CVE-2021-37994 : Inappropriate implementation in iFrame Sandbox
- Low CVE-2021-37995 : Inappropriate implementation in WebApp Installer
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 94.0.4606.81
- Revert "Do not restore scroll from history if page scrolled between navigation start and commit"
- [omnibox] [bookmark-paths] [short-bookmarks] Revert enable by default
- Fixed crash when adding all bookmarks to new group by Federico Paredes
- [Private Network Access] Disable secure context restriction on webview
- 5b51932 Updating XTBs based on .GRDs from branch 4606
- [merge-m94] [CrOS] Update media_app to coGiL8g_-jt1wKvzRoHIKonIrEXHPsTqmrLgG12siTgC
- [lacros skew tests] Refresh skew tests for M96
- Lens and Voice: Fix tracking and presentation on Search Activity.
- Updating XTBs based on .GRDs from branch 4606
- [Merge to M94] Use WeakPtr for rfh_restored_from_back_forward_cache_ in NavigationRequest
- Use DSE origin for a microphone activity indicator in NTP.ago
- [Merge M-94] mojo: CHECK when array has too many elements to serialize
- 4606: Disable failing ExtensionSettingsApiTest.ManagedStorageEvents test
- Updating XTBs based on .GRDs from branch 4606
- [Android][MFill][Payments] Remove caches from credit card controller
- [lacros skew tests] Refresh skew tests for M96
- XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- Tell clang not to devirtualize TargetServices
- [GMNext] Fix omnibox selection highlight color for Lollipop
- android: handle unusual classloaders correctly
- Temporarily supply a default for primary bg color
- 1320012 Return empty ShoppingPersistedTabData instead of null
- [TTS] Fix tap not dismissing after Long-press
- [TTS] Fix Smart Selection w/ unintelligent search
- Record TabGridSwitched for price drops in the correct place
- Remove extra header from "interests" and "hidden" management pages
- [Merge M94] Initialize font manager when renderer starts
- [Start] Fix location bar width by updating visuals.
- [Merge to M94]bento_bar: Add a boolean histogram Ash.Desks.BentoBarIsVisible
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- [Cherry-pick to M94] Allow reinstallation of SODA
- [ios] Add Tab.RendererTermination.TotalTabCount
- [iOS] Add feature flag for setting request attribution
- ios: Optimize calls to reloadInputViews in autofill
- [M94][ash-chrome] Fix crash in chromeos::LocaleChangeGuard::OnLogin
- Reland: [iOS] Mark requests sent to WKWebView as being user-initiated
- Updating XTBs based on .GRDs from branch 4606
- [M94][CrOSSharingHub] Close sharesheet if tab is closed by
- [lacros skew tests] Refresh skew tests for M96
Security fixes:
- High CVE-2021-37977 : Use after free in Garbage Collection
- High CVE-2021-37978 : Heap buffer overflow in Blink
- High CVE-2021-37979 : Heap buffer overflow in WebRTC
- High CVE-2021-37980 : Inappropriate implementation in Sandbox
Google Chrome 94.0.4606.71
- [M94 merge] personalization: Sync Wallpaper on user's new device.
- [Merge to M94] Prevents non-browser processes from requesting memory dumps.
- Turn off fractional line-height feature
- [Merge 94] Crash fix: do not use parent chain during aria-owns validity check
- [iOS] Cancel touches when displaying context menu
- Stop Chrome crashing: Disable WindowCaptureMacV2
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- [Sheriff] Disable PopupBlockerBrowserTest.PrintPreviewPopUnder
- Revert "Cancel impl-side scroll animation when we get a programmatic..."
- [Merge M94] Observe WebContents in PPAPIDownloadRequest
- Updating XTBs based on .GRDs from branch 4606
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- Temporarily add win10-rel-orchestrator/compilator to m94
- [Sheriff] Disable flaky test on all platforms.
- [Merge to M94] Avoid potential CHECK in TtsExtensionEngineChromeOS
- [WebAPK] Pass icon data as byte arrays through JNI.
- [M94] Collect sizes of direct children of profile data directory.
- [lacros skew tests] Refresh skew tests for M96
- [CrOS WebAPKs] Don't create WebApkManager when Web Apps are disabled
- heap: Fix write barrier for HashTable backing store
- [lacros skew tests] Refresh skew tests for M96
- [M94][ash-chrome] Restore HIDDetectionScreenDisabledAfterRestartTest(s)
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- [web-engine] Push device change notification to system monitor
- [Merge to M94]bento_bar: Counting the number of target users of the experiment
- [94]: Disable failing AppListRemoveSpaceSyncCompatibilityTest.Basics.
- [94] Disable failing KioskUpdateTest.IncompliantPlatformDelayInstall.
- [M94] vaapi: fix use-after-frees
- [Sheriff] Disable flaky ProfilePicker test
- [ios] Cleanup //ios/chrome/app:chrome target
Google Chrome 94.0.4606.61
- Kill a renderer if it provides an unexpected FrameOwnerElementType
- Fix a crash in GpuChannelManager::OnContextLost
- [Sheriff] Disable flaky ProfilePicker test
- [SHERIFF] Disable failing ProfileManagerBrowserTest.AddMultipleProfiles
- [M94] Ash is ready file in test_ash_chrome
- [94]: Bump RDB results experiment to 100% for CI and try
- Updating XTBs based on .GRDs from branch 4606
- Updating XTBs based on .GRDs from branch 4606
- Disable TestClonedInstallClientIdReset in browser_test
- Disable IncognitoSSLHostStateDelegateTest.AfterRestartHttp
- Updating XTBs based on .GRDs from branch 4606
- tracing: Fix browser crash on socket connection failure on CrOS
- Updating XTBs based on .GRDs from branch 4606
- Disable WebXrVrTransitionTest#testPresentationPromiseRejected
Security fixes:
- High CVE-2021-37973 : Use after free in Portals
Google Chrome 94.0.4606.54
Security Fixes:
- High CVE-2021-37956: Use after free in Offline use
- High CVE-2021-37957 : Use after free in WebGPU
- High CVE-2021-37958 : Inappropriate implementation in Navigation
- High CVE-2021-37959 : Use after free in Task Manager
- High CVE-2021-37960 : Inappropriate implementation in Blink graphics
- Medium CVE-2021-37961 : Use after free in Tab Strip
- Medium CVE-2021-37962 : Use after free in Performance Manager
- Medium CVE-2021-37963 : Side-channel information leakage in DevTools
- Medium CVE-2021-37964 : Inappropriate implementation in ChromeOS Networking
- Medium CVE-2021-37965 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37966 : Inappropriate implementation in Compositing
- Medium CVE-2021-37967 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37968 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37969 : Inappropriate implementation in Google Updater
- Medium CVE-2021-37970 : Use after free in File System API
- Low CVE-2021-37971 : Incorrect security UI in Web Browser UI
- Low CVE-2021-37972 : Out of bounds read in libjpeg-turbo
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 93.0.4577.82
- Sync: Reset unreasonably-short polling intervals
- M93: [IndexedDB] Don't ReportBadMessage for Commit calls
- M93: [IndexedDB] Add browser-side checks for committing transactions. [ChromeCart] Add rate control for cart content extraction
- Updating XTBs based on .GRDs from branch 4577
- [BackgroundFetch] Pass a copy of the job ID string to cancel event
- Roll ChromeOS Bigcore AFDO profile from 93-4577.69-1630924723-benchmark-93.0.4577.77-r1 to 93-4577.69-1630924723-benchmark-93.0.4577.80-r1
- Merge "FIELDSET: Fix a crash on dynamic changes of pseudo elements" to M93 branch
- Incrementing VERSION to 93.0.4577.80
- M93: Enable RDB experiment for 5% of all CI and try builds
- Merge 4577: Apply list item quirks only when the nested list is block-level
- [layout] Remove limit from LayoutInline::SplitInlines
- Skip WebGL conformance/programs/program-test.html on all platforms
- Rename ci/mac{,11}-arm64-rel-tests try/mac{,11}-arm64-rel
- Check if profile manager initialized when checking profile
- [ContentIndex] Add Origin checks to mojo methods
- [Merge to M93][bfcache] Remove DumpWithoutCrashing for race conditions
- [Merge to M93] Ignore OnCreateChildFrame when we're missing RVH for proxy creation
- [Merge to M93] Stop crashing when OldPageInfo is sent to non-main frames
- [CCT] Fix white background issue for the rounded corner
- Updating XTBs based on .GRDs from branch 4577
- Incrementing VERSION to 93.0.4577.79
- [M93 Merge] Fix window focus bug on Windows due to a Linux fix
- Remove invalid Terminal app registration pref
- [GMNext] Add android:popupMenuStyle attr for translate infobar
- Disable overscroll when prefers-reduced-motion is set
- [M93 Cherry-Pick] Reland "[Paint Preview] Fix bitmap locking"
- Fix crash trying to observe gesture event when animations disabled
- [M93 merge] compositor: fix bug in sending damage regions
- Tweak android overscroll stretch parameters
- Updating XTBs based on .GRDs from branch 4577 by Ben Mason
- ReadingList Sync: Fix ping-pong-prone logic
- Fix a crash in SavedPasswordsPresenter
- Ensure ShowBubble is a no-op if already showing
- [M93 Merge][tab strip] Move WebContentsDelegate logic to the TabStripPageHandler by tom
- Updating XTBs based on .GRDs from branch 4577
- Ios: Speculative fix for viewWillTransitionToSize crash
- Roll src/third_party/libavif/src/ f8b782aad..efed11856 (16 commits)
- Content-visibility: Force range base/extent when computing visual selection
- [M93] X11: fix tab drag
- M93: [X11] Coalesce mouse motion events when dragging
- Invalidate for changed PaintedOutputInvisible when a PaintLayer is removed
- [segmentation_platform] Fixed segment selector |is_ready|
- [RBD] Avoid appending multiple utm_source tags
- [Start] Add two new variations.
- Updating XTBs based on .GRDs from branch 4577
- [M93 merge] webui: make WebUIAllowlist and WebUIAllowlistProvider thread-safe
- [Messages] Update popup block primary action button text
- [M93] Remove the glob for generated/luci-milo*.cfg
- [M93] Generate the LUCI services configs into a luci subdirectory
- [Fuchsia][M93 merge] Fix FuchsiaAudioRenderer to handle PCM streams correctly
- [M93] Reject AudioData invalid indexes
- [M93] [WebCodecs] Implement support for converting AudioData to float32
- Provide reason for BottomSheetObserver.onSheetStateChanged
Google Chrome 93.0.4577.63
Security Fixes:
- High CVE-2021-30606: Use after free in Blink.
- High CVE-2021-30607: Use after free in Permissions.
- High CVE-2021-30608: Use after free in Web Share.
- High CVE-2021-30609: Use after free in Sign-In.
- N/A1200440 High CVE-2021-30610: Use after free in Extensions API.
- Medium CVE-2021-30611: Use after free in WebRTC.
- Medium CVE-2021-30612: Use after free in WebRTC.
- Medium CVE-2021-30613: Use after free in Base internals.
- Medium CVE-2021-30614: Heap buffer overflow in TabStrip.
- Medium CVE-2021-30615: Cross-origin data leak in Navigation.
- Medium CVE-2021-30616: Use after free in Media.
- Medium CVE-2021-30617: Policy bypass in Blink.
- Medium CVE-2021-30618: Inappropriate implementation in DevTools.
- Medium CVE-2021-30619: UI Spoofing in Autofill.
- NA1063518 Medium CVE-2021-30620: Insufficient policy enforcement in Blink.
- NA1204722 Medium CVE-2021-30621: UI Spoofing in Autofill.
- NA1224419 Medium CVE-2021-30622: Use after free in WebApp Installs.
- Low CVE-2021-30623: Use after free in Bookmarks.
- TBD1230513 Low CVE-2021-30624: Use after free in Autofill.
Various fixes from internal audits, fuzzing and other initiatives:
- [Win] Notify TextInputClient about input type change during Omnibox init
- MediaStreamVideoTrack::GetCaptureHandle: Check WeakPtr before dereferencing
- Migrate PermissionChip to OnWidgetDestroying
- Merge 93: Null check to fix crash in PlatformGetParent
- Updating XTBs based on .GRDs from branch 4577
- [M93] Stop exporting test results to `luci-resultdb.chromium.*`
- Updating XTBs based on .GRDs from branch 4577
- [Merge to M93] bento_bar: Consolidate window state with the bento bar
- [Merge M93] Fix parameter validation for chrome.tcpServer.getInfo()
- [M93] Cleanup branched builders on chromium.fyi console.
- Fix eventsource/format-utf-8.htm wpt
- [Fuchsia][M93 merge] Fix --shared-array-buffer-allowed-origins for worklets
- [CSN] Tweak element paddings
- [CSN] Do not trigger on tablets
- Revert "Stop setting kStabilityExitedCleanly to true in InitializeMetricsState."
- Updating XTBs based on .GRDs from branch 4577
- Updating XTBs based on .GRDs from branch 4577
- Fix X-Geo header not sent despite user explicitly allowing geolocation
- [Merge to M93] bento_bar: Ensure the bento bar is only created in ACTIVE user session
- [Merge 93] Invalidate frame_view in ChromeNativeAppWindowViewsAuraAsh::SetFullscreen
- [Sheriff] Disable CrComponentsMostVisitedTest.Modification on Linux Tests dbg
- [Android] Record metric only when data is wiped on child account sign-in
- [Merge M93] Do not process non-dictionary configurations
- Do not paint fragmented foreign layers
- Fix heap-use-after-free by passing route_id by copy
- Disable printing tests that require the Windows print spooler service.
- Prevent OOB on dragging tab group
- [Offline Measurements] Handled cases with multiple HttpURLConnections
- [PriceTracking] Fix the price drop IPH focus issue
- Don't retain BrowserContext on stopping audio debug recordings
- [Start] Move UndoGroupSnackbarController to TabbedRootUICoordinator.
- [M93 Stylize] Round down the pixel size for template and padding
- Fix Android Fullscreen Rotation with SurfaceSyncThrottle
- Set app menu background color to match items.
- [Traffic Annotation] Roll traffic_annotation_auditor
- [M93] Use ash feature flag for fetching account capabilities for CrOS
- Merge "FIELDSET: Don't reattach on descendant reattach" to M93 branch
Google Chrome 92.0.4515.159
Security Fixes:
- High CVE-2021-30598: Type Confusion in V8.
- High CVE-2021-30599: Type Confusion in V8.
- High CVE-2021-30600: Use after free in Printing.
- High CVE-2021-30601: Use after free in Extensions API.
- High CVE-2021-30602: Use after free in WebRTC.
- High CVE-2021-30603: Race in WebAudio.
- High CVE-2021-30604: Use after free in ANGLE.
Various fixes from internal audits, fuzzing and other initiatives:
- Revert "Forbid script execution for entire lifecycle update"
- Disable kDesktopCaptureMacV2
- Updating XTBs based on .GRDs from branch 4515
- [Merge 92] Protect candidate better from garbage collection during negotiation.
- [segmentation_platform] Add V2 to the feature name
- Move to Python 3 in chrome/installer/mac/BUILD.gn
- [M92][Credentialless] Fix flakes about iframeTest.js
- [M-92] Check if kArcIsManaged is set before triggering transition
- [RBD] Fetch discount immediately after loading carts
- Re-configure "enable_launch_polish" and "enable_launch_bug_fix"
- Fix error running Mac signing under py3.
- M92: Do more class validity checks in PrintViewManagerBase.
- Disable different origin subframe JS dialog suppression
- M92: NativeIO: Fix potential NativeIOHost lifetime issue.
- Merchant: Don't erase ProfileProtoDB in memory.
- [M92] CP icu fix for nb/no res
- Add UMA for metrics related to the DSE autogrant being disabled.
- Fixed bug where Resetting DSE permissions didn't account for kRevertDSEAutomaticPermissions
- [segmentation_platform] Set and validate feature name hash
- Defer looking up the WebContents for the directory confirmation dialog.
- Disable flaky SubresourceRedirectLoginRobotsBrowserTest tests
- Fix bug where the UI still showed "allowed for your default search engine"
- [M92] Fixed a NPE in DownloadController.requestFileAccessPermissionHelper
- Add a feature that allows control over DSE permission logic
- cros: Disable flaky test RestoreBrowserWindowsToDesks
- Fix a flaky test of MediaHistoryForPrerenderBrowserTest
- [segmentation_platform] Add internal metrics.
- [segmentation_platform] Fixed SignalKey collision
- [segmentation_platform] Update signal collection on model updates
- [Android][Sheriff] Disable Flaky LocationBarTest
- Register SyntheticTrialsActiveGroupIdProvider in WebLayer
- [Fuchsia][M92 merge] Signal last release fences in ~OutputPresenterFuchsia
- Protect HRTF database loader thread from access by different threads
- [M92] Set sheriff rotations as a property on builders
- Address NPE in TabGroupUtils
- [M92] Modify branches.value to support values varied per branch selector
- Sheriff: Disable a flaky test
- [Autofill Assistant] Fixed unit test for starter.
- [Sheriff] Disable flaky test CheckHostPointToScreenInMouseWarpRegion
- 4515: Replace the rdb 'enable' field in testing specs with a better name
- Reapply flaky test expectation for animate-fling-to-snap-points-1.html
- 4515: Update the "py" wheel to a version that is compatible with pytest-6.2.2
- [Merge to 4515] Lacros: fine grained control for google rollout.
- [Sheriff] Disable flaky tast test launcher.SearchBuiltInApps
- [M92] Export chromium test results to chrome-luci-data.chromium.*_test_results
Google Chrome 92.0.4515.131
Security Fixes:
- High CVE-2021-30590: Heap buffer overflow in Bookmarks
- High CVE-2021-30591: Use after free in File System API
- High CVE-2021-30592: Out of bounds write in Tab Groups
- High CVE-2021-30593: Out of bounds read in Tab Strip
- N/A1218468 High CVE-2021-30594: Use after free in Page Info UI
- Medium CVE-2021-30596: Incorrect security UI in Navigation
- TBD1232617 Medium CVE-2021-30597: Use after free in Browser UI
- Various fixes from internal audits, fuzzing and other initiatives
- dpwas: Don't show WebAppFrameToolbarView in fullscreen on win10
- [M92] Fix potential UAF in holding space item views
- [RBD] Add UTM tag
- [Merge 92] Revert "[SH] Allow highlighting text fragments on history navigations"
- [segmentation_platform] Hide voice button setting when useless (Merge CL)
- Fix null pointer dereference
- Updating XTBs based on .GRDs from branch 4515
- arc: Fix intent helper metrics use-after-free
- M92: Add 'UnlimitedSize' to extensions.mojom.LocalFrameHost.Request()
- Handle an empty tabstrip in TabStrip::GetDropBounds
- Fix case where an extension could open a pinned grouped tab
- M92: Revert "Allow multiple relayout passes when scrollbars change."
- [sheriff] Mark RTCPeerConnection-reload-sctptransport.html as flaky
- Updating XTBs based on .GRDs from branch 4515
- [PA] Make GetUsableSize() handle nullptr gracefully
- Fix backspace event triggered twice problem
- M92: [printing] Ensure that the quit closures for Mojo are called
- [Merge-M92] Fix JS dialog navigation deferral race
- PreviewTab: Disable Web Share feature and fix the crash
- Add support for DXGI typeless format for SharedImageBackingFactoryD3D
- Forbid script execution for entire lifecycle update
- [Merge 92] [omnibox] Fix Android about:blank security regression
- M92: Sheriff: disable OutOfProcessPPAPITest.Printing on Win7
- Increase robustness of the move assignment operator for ACMatch
- M92: Disable PrintingContextTests that are failing on Win7 bots
- [Fuchsia][M92 Merge] Improve underflow handling in FuchsiaAudioOutputDevice
- [Autofill Assistant] Retain all script parameters
- [Autofill Assistant] Fix potential crashes in trigger scripts
- Update OWNERS for translation artifacts
- [M92 merge] Lift WebMediaPlayer limits much higher
- Manually post task to bind FileUtilitiesHost
- Merge 4515: Fix nested inline box fragmentation
- [Merge to M92]cr-buildbucket.cfg: export gpu test results to chrome-luci-data
- Fix RecentlyUsedFoldersComboModel heap overflows
- [segmentation_platform] Fix various issues for executing models
- [segmentation_platform] Consistent minimum screen width logic
- [segmentation_platform] Add tracing for processor intensive tasks
- [segmentation_platform] Added core metrics
- [Merge to M92]bento_bar: Adding pref kUserHasUsedDesksRecently
- testing: increase shard for blink_web_tests on 'Mac10.15 Tests (dbg)'
- [PageInfo] PageInfo UI handles WebContents being destroyed
Google Chrome 92.0.4515.107
Security Fixes:
- High CVE-2021-30566: Stack buffer overflow in Printing
- High CVE-2021-30567: Use after free in DevTools
- High CVE-2021-30568: Heap buffer overflow in WebGL
- High CVE-2021-30569: Use after free in sqlite
- High CVE-2021-30571: Insufficient policy enforcement in DevTools
- High CVE-2021-30572: Use after free in Autofill
- High CVE-2021-30573: Use after free in GPU
- High CVE-2021-30574: Use after free in protocol handling
- Medium CVE-2021-30575: Out of bounds read in Autofill
- Medium CVE-2021-30576: Use after free in DevTools
- Medium CVE-2021-30577: Insufficient policy enforcement in Installer
- Medium CVE-2021-30578: Uninitialized Use in Media
- Medium CVE-2021-30579: Use after free in UI framework
- Medium CVE-2021-30580: Insufficient policy enforcement in Android intents
- Medium CVE-2021-30581: Use after free in DevTools
- Medium CVE-2021-30582: Inappropriate implementation in Animation
- Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows
- Medium CVE-2021-30584: Incorrect security UI in Downloads
- Medium CVE-2021-30585: Use after free in sensor handling
- Medium CVE-2021-30586: Use after free in dialog box handling on Windows
- Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows
- Low CVE-2021-30588: Type Confusion in V8
- Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1231294] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 91.0.4472.164
Security Fixes:
- Out of bounds write in ANGLE
- Use after free in V8
- [$N/A][1219209] High CVE-2021-30560: Use after free in Blink XSLT
- Type Confusion in V8
- Use after free in WebSerial
- Type Confusion in V8
- Heap buffer overflow in WebXR
Various fixes from internal audits, fuzzing and other initiatives:
- [M91] [Sheriff] Disable flaky mac test
- 4472: infra: Allow CI & try builds to create RDB invocations in their realms
- Revert "Change low stylus battery notification message"
- ChromeAppSorting should ignore bookmark app extensions which obsolete
- ExtensionSyncService::ApplySyncData should not set ChromeAppSorting ordinals for bookmark apps
- Fix use-after-free with XSLT strip-space
- serial: Fix parent class tracing for SerialPort
- Revert "[fuchsia] Use Ubuntu 16.04 or 20.4 for Fuchsia arm64 tests."
- Change low stylus battery notification message
- Fix Samsung Odyssey Input Profile Mismatch
- [fuchsia] Use Ubuntu 16.04 or 20.4 for Fuchsia arm64 tests
- [M91] Migrate all builds to bbagent
- Add luci and test configurations for Win10 20h2 tester and trybot
- Add the ability to not generate location tag metadata at runhooks-time
- [M91][Extensions][Tabs] Allow tabs.query and tabs.get while drag in progress
Google Chrome 91.0.4472.114
- Ensure that XRLayer includes base EventTarget in Trace
- [M91] Disable QRGeneratorUtilTest.GenerateQRCode_ValidData
- Reland "Regenerate group IDs when restoring closed window"
- [ChromeCart] Fix AddToCart false positives for some sites
- Initialize FFT HashMap with all possible keys
- [M91] Reland: PaymentInstrumentIconFetcher avoids using released WebContents
- M91: Update all iOS CI & try builders to accept only Mac 11
- [91] chromeos: Unset BOTO_CONFIG env var when flashing public images
Security Fixes:
- High CVE-2021-30554: Use after free in WebGL
- High CVE-2021-30555: Use after free in Sharing
- High CVE-2021-30556: Use after free in WebAudio
- High CVE-2021-30557: Use after free in TabGroups
Google Chrome 91.0.4472.106
- Change log not available for this version
Google Chrome 91.0.4472.77
- High CVE-2021-30521: Heap buffer overflow in Autofill
- High CVE-2021-30522: Use after free in WebAudio
- High CVE-2021-30523: Use after free in WebRTC
- High CVE-2021-30524: Use after free in TabStrip
- High CVE-2021-30525: Use after free in TabGroups
- High CVE-2021-30526: Out of bounds write in TabStrip
- High CVE-2021-30527: Use after free in WebUI
- NA1206329 High CVE-2021-30528: Use after free in WebAuthentication
- Medium CVE-2021-30529: Use after free in Bookmarks
- Medium CVE-2021-30530: Out of bounds memory access in WebAudio
- Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy
- Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy
- Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
- Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
- Medium CVE-2021-30535: Double free in ICU
- Medium CVE-2021-21212: Insufficient data validation in networking
- Low CVE-2021-30536: Out of bounds read in V8
- Low CVE-2021-30537: Insufficient policy enforcement in cookies
- Low CVE-2021-30538: Insufficient policy enforcement in content security policy
- Low CVE-2021-30539: Insufficient policy enforcement in content security policy
- Low CVE-2021-30540: Incorrect security UI in payments
Various fixes from internal audits, fuzzing and other initiatives:
- Prevent crashes from large origin trial config
- Present FRE on the view controller of the current interface that is active
- [M91] Fix Lacros intermitent build failure
- WebSQL: Re-enable ALTER TABLE ADD COLUMN
- WebLayer: Disable 2 tests for Android 10 x86 skew tests
- Migrate tsan builders to bionic by Stephen Martinis
- Allow for empty full name and icon URL
- [M-91] OOBE: Use wildcard label for authorization key when adding PIN
- [Merge to M-91] capture_mode: Fix being able to capture a window with protected content by Ahmed Fakhry ·
- Updating XTBs based on .GRDs from branch 4472
- [fuchsia] Fix an incorrect use of StringPiece
- [91] Migrate internal linux & CrOS builders' tests to bionic
- Revert "Do not ignore null navigation context on iOS 13"
- Updating XTBs based on .GRDs from branch 4472
- M91: WebUI: Fix dangling observers in two webui handlers. by Matt Falkenhagen
- b5e5 Reland "Fix target=_blank crash for existing-client-navigate link captures" by Alan Cutter
- a4b341cb7 Bumping up the quickoffice chrome flag's expiry version. This gives buffer to investigate how to get rid of this flag, or to present the case to make this flag "never expire". by Harmandeep Singh
- Leave LiveCaption disabled by default on Chrome OS
- Revert "Roll ChromeOS Atom AFDO profile from 91-4472.33-1620643607-benchmark-91.0.4472.63-r1 to 91-4472.60-1621245530-benchmark-91.0.4472.65-r1"
- [M91][Extensions][Tabs] Ensure tab strip is editable before editing
- Revert "Roll ChromeOS Atom AFDO profile from 91-4472.60-1621245530-benchmark-91.0.4472.65-r1 to 91-4472.60-1621245530-benchmark-91.0.4472.66-r1"
- [91] Migrate all tests on the ASan CQ bot to bionic
- [TablesNG] Fix size of table-cell child with overflow and percent height
- Download: Use tab's OTRProfileID when opening download home
- Privacy Sandbox Android: updated the default URL
- Remove tabs and line breaks from the middle of app names when parsing
- Cloud print: Don't double search for empty account [M91]
- [M91] chromium.fyi builders to bionic
- Cloud Print: Give up on loading cloud printers for FAILED event [M91]
- Disable DesktopCaptureMacV2
- [media-router] Remove CancelableTaskTracker from DialServiceImpl
- Updating XTBs based on .GRDs from branch 4472
- Fix use-after-free allocating bt allocating memory for strings
- Make previous fix for Mac z-fighting more specific to avoid Win7 issue
Google Chrome 90.0.4430.212
- Change log not available for this version
Google Chrome 90.0.4430.93
- Disable mac IsUVPAA startup metric
- Merge to 90: Presentational objects should not create a paragraph boundary
- Roll ChromeOS Orderfiles from 90-4430.36-1617012563-benchmark-90.0.4430.53-r1 to 90-4430.73-1618827280-benchmark-90.0.4430.89-r1
- [ChromeCart] Improve cart content extraction
- [ChromeCart] Fix AddToCart detection for some sites
- [MIX-DL] Fix blob: URL handling and clarify console messages
- Remove CHECK on BigBuffer shm failure
- [Merge M90][Extensions] Policy blocked hosts supersede `debugger`
- [printing] Quit the runloop on Mojo disconnectio
- Read later: Add new Finch param and new flag for follow up experiment
- Fix issue on
- [flex] Don't stretch orthog. flex-items in column flexboxes.
- Set OAC correctly when committing a data URL with a base URL.
- Fix CanAccessWindow bindings CHECK failing.
- [M90] Need to populate OriginAccessList for split-mode extensions.
- Trigger full invalidation when frame becomes unthrottled
- Roll ChromeOS Orderfiles from 90-4430.36-1617012563-benchmark-
- [PAS] Escape URL when passed as a QueryParam
- [Merge M90] Unexpire a few histograms to explore page load performanc
- [Merge M90] Add histograms for subresource load timings during navigation
- [M90 merge] weblayer: don't crash if onNativeLoaded called multiple times
- Download: Show a proper URL in download home UI.
- [M90][mac][infra] Remove Mac10.13 Tests (dbg)
Security fixes:
- Insufficient data validation in V8
- Use after free in Dev Tools
- Heap buffer overflow in ANGLE
- Insufficient policy enforcement in extensions
- Incorrect security UI in downloads
- Type Confusion in V8
- Insufficient data validation in V8
Google Chrome 90.0.4430.85
- Reland "Fix the wrong direction with disabling CSSPseudoDir flag"
- [Message] Update scope change on #navigationEntryCommitted
- [DevTools] Use OriginalProfile for DevTools window if possible
- Revert "Resolve Service Worker redirects based on the response"
- [merge][90][GeneratedCodeCache] Copy large data before hashing and writing
- [PriceTracking] Set visibility of menu dialog item before it shows
- [PriceTracking] Add PriceDropNotification feature parameter
- Don't report PaymentRequest CSP errors
- [M90] OOBE - Prevent Renderer Crashes
- Ensure that BrowserContext is not used after it has been freed
- Add null pointer check in RenderWidgetHostInputEventRouter
- vaapi: Fix infinite loop in encrypted sample parsing
- Add weak pointer to RWHIER::FrameSinkIdOwnerMap and RWHIER::TargetMap
- Add crashkeys to identify where |target| is assigned to a stale value
- [views] Handle window deletion during HandleDisplayChange
- Mojo: Properly validate broadcast events
- Fix order of matrix multiplication in playback params
- [M90] OOBE - Improve Renderer Stability
- Disable the default web apps migration on Chrome OS
- [CrOS] Disable touchscreen logging
- Cherry pick: [trigger_script] Include resultdb invocation in tasks
- [Start] Add early return for testShow_SingleAsHomepage_BackButtonOnHomepageWithGroupTabsDialog__Instant_Return
- [M90][Sheriff] Disable flaky test BitmapGeneratorTest#testCapturedNewOne
- [M90][Sheriff] Disable various flaky blink tests
- [4430] Remove nacl_loader_unittests from "Mac11 Tests" builder
Security fixes:
- High CVE-2021-21222: Heap buffer overflow in V8
- High CVE-2021-21223: Integer overflow in Mojo
- High CVE-2021-21224: Type Confusion in V8
- High CVE-2021-21225: Out of bounds memory access in V8
- High CVE-2021-21226: Use after free in navigation
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 90.0.4430.72
Security fixes:
- High: CVE-2021-21201: Use after free in permissions
- High: CVE-2021-21202: Use after free in extensions
- High: CVE-2021-21203: Use after free in Blink
- High: CVE-2021-21204: Use after free in Blink
- High: CVE-2021-21205: Insufficient policy enforcement in navigation
- High: CVE-2021-21221: Insufficient validation of untrusted input in Mojo
- Medium: CVE-2021-21207: Use after free in IndexedDB
- Medium: CVE-2021-21208: Insufficient data validation in QR scanner
- Medium: CVE-2021-21209: Inappropriate implementation in storage
- Medium: CVE-2021-21210: Inappropriate implementation in Network
- Medium: CVE-2021-21211: Inappropriate implementation in Navigation
- Medium: CVE-2021-21212: Incorrect security UI in Network Config UI
- Medium: CVE-2021-21213: Use after free in WebMIDI
- Medium: CVE-2021-21214: Use after free in Network API
- Medium: CVE-2021-21215: Inappropriate implementation in Autofill
- Medium: CVE-2021-21216: Inappropriate implementation in Autofill
- Low: CVE-2021-21217: Uninitialized Use in PDFium
- Low: CVE-2021-21218: Uninitialized Use in PDFium
- Low: CVE-2021-21219: Uninitialized Use in PDFium
Google Chrome 89.0.4389.128
- Forbid script execution while updating the paint lifecycle
- [WPT] Mark permissions policy timing test slow on debug
- [GCPW] Fallback to registry when permitted domains cloud policy is empty
- Pin win10_chromium_x64_rel_ng and win7-rel to 16 cores
- Created a duplicate 'Mac11 Tests' from 'Mac11.0 Tests'
- Launching app inventory, upload device details and fetch experiments
- [Fuchsia] Add Fuchsia official builders to mb_config
- [Fuchsia] Remove unnecessary package vars from yaml files
- Only show krane's custom Demo Mode attract loop on krane devices
- [4389][mac][infra] Add Mac10.15 Tests (dbg)
Security fixes:
- High CVE-2021-21206: Use after free in Blink
- High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64
Google Chrome 89.0.4389.114
Security Fixes:
- High CVE-2021-21194: Use after free in screen capture.
- High CVE-2021-21195: Use after free in V8.
- High CVE-2021-21196: Heap buffer overflow in TabStrip.
- TBD1173903 High CVE-2021-21197: Heap buffer overflow in TabStrip.
- TBD1184399 High CVE-2021-21198: Out of bounds read in IPC.
- High CVE-2021-21199: Use Use after free in Aura.
Various fixes from internal audits, fuzzing and other initiatives:
- Merge 4389: Make ComputeNGCaretPosition() to handle upstream position after soft line wrap
- Enable cloud policies by default
- Read Os version from registries.
- [ChromeCart] Fix URL matching for cart and checkout
- [ChromeCart] Extract product images in absolute URL
- [ChromeCart] Improve cart visit detection heuristics
- Disable flaky CommerceHintCacaoTest.Rejected test.
- [ChromeCart] Exclude products in "saved for later" section
- [ChromeCart] Fix false positives of add-to-cart detection
- Reland "Reland "[ChromeCart] Improve checkout detection heuristics""
- Setting AppType for Win32 apps.
- [privacy_budget] Remove unnecessary kCanvasReadback metrics.
- Upload app data only when device is enrolled.
- Don't use BigBuffer for IPC::Message transport
- Fix container overflow in add to existing window and group tab context menu commands.
- Merge 89: Handle DOM-created tables with atypical structure
- [fuchsia] Recreate web.Context if persisted cache is erased.
- [floats] Fix overlap tests in NGExclusionSpace.
- Avoid starting invalidations multiple times.
- Changes to fetch win32 apps installed on the managed windows device and upload them.
- [Fuchsia] Fix FuchsiaAudioRenderer to call Stop() only after Start()
- Allow logged-in sites to be mentioned via optimization guide
- WebContents bug fix: Device capture only if web contents is valid
- Unlock win7-rel to run on machines with any core count.
- Disable variations layers when low entropy provider is null
- [M89 merge] x11/ozone: fix two edge cases
- Fix PageInfo for https image compression
- [M89][CrOS] Align password to start of password row when no icon is shown
- Allow first K images to load faster
- Add scheme check to crashing login detection code
- [Messages] Control autodismiss duration from Finch experiment
- Record image compression ukm metrics
- [Start] Make tab switcher page scroll to the last selected card.
- Download: Support legacy SD card download path content URI on R.
- [Start] Fix java.lang.NullPointerException at FeedStream.getView(FeedStream.java)
- [fuchsia] Ensure thread safety for ScenicOverlayView
- [fuchsia] Disable memory mitigations for visible LayerTreeHostImpls.
- Sheriff: Disable LoadTimingBrowserTest on the M89 branch.
- Sheriff: Disable broken StartSurface test on M89.
- Pull muted tab audio on a RT thread in the audio process.
- [fuchsia] Add vmodule flag support from config-data for WebEngine
- Allow ServiceWorkerResourceReader::ReadData() to return empty handle
- [fuchsia] Change minimum log level when verbose logging is on
- [fuchsia] Enable the media log as VLOGs on Fuchsia
- [fuchsia] Disable memory-pressure handling in Renderers by default
- Use a longer timeout for android-marshamllow-arm64-rel on branches.
- [CCA] Remove metadata observer when closing streams
- Add auto rollers as OWNERS of the files they touch
- [Fuchsia] Fix crash in VideoCaptureDeviceFactoryFuchsia
- Rename is_master to is_main.
- Get CameraAppDeviceImpl upon using in CrOS VCD
- VCD: Refactor CameraAppDeviceBridgeImpl and CameraAppDeviceImpl
- [ChromeCart] Allow skipping products
- [ChromeCart] Only handle http(s) schemes
- OOBE OfflineLogin: Correct login call to use internal authorization
- [CrOS] Show placeholder text on login/lock screen even with empty pwd
- Fix crash when restoring selection after a drag during which a dragged tab was closed.
- [Merge M89] Multi-User WM: Fix disappearing windows during profile switching.
- [M89][Lacros] Disable multiple Chrome OS sign-in when Lacros is enabled
- m89: Mitigate performance issues in Google tts
- [M89] Adds lacros_version_metadata
Google Chrome 89.0.4389.90
- High CVE-2021-21191: Use after free in WebRTC. Reported
- High CVE-2021-21192: Heap buffer overflow in tab groups. Reported
- High CVE-2021-21193: Use after free in Blink. Reported
- Various fixes from internal audits, fuzzing and other initiatives
- [Merge to M89] Expose langid events from SODA to Chrome and switch to protos
- Disable SVG composited animation if effective zoom is not 1
- Remove pre-target event handler before main widget close
- Fix remaining instances of RevertDragAt losing track of tabs.
- [ChromeCart] Extract products in shopping cart (2/2)
- [headless] Don't CHECK() crash on OSCrypt initialization failure.
- [headless] Move PrefService to HeadlessBrowserMainParts
- [WebLayer] Fix crash in GPU process when using GMS APIs
- [Grid] Auto-scroll to selected tab after tab model switching
- Revert "[headless] Configure renderer preferences from system settings"
- [headless] Configure renderer preferences from system settings
- [Merge to M89] Iterate more carefully over DTLS transports at close
- [ChromeCart] Restore module visibility when cart-action happens
- [ChromeCart] Extract products in shopping cart (1/2)
- Mark additional RootInlineBox dirty when culled inline box is removed
- [ChromeCart] Deflake CommerceHintAgentTest.CartPriority
- [Sheriff] Disable CommerceHintAgentTest.CartPriority on Linux
- Copy CSSM_TP_APPLE_EVIDENCE_INFO immediately after SecTrustGetResult
- Fix null domWindow crash in VisualViewport events
- [ChromeCart] Try to obtain cart URL when add-to-cart is detected
- [ChromeCart] Use optimization guide to filter out non-shopping sites
- M89: Increase BrowsingInstance cleanup delay.
- [ChromeCart] Pick the best source of cart URL
- [ChromeCart] Hide a unused function on CrOS
- [ChromeCart] Disable cart for non-SignIn single-profile users
- [ChromeCart] De-flake CommerceHintAgentTest tests
- [ChromeCart] Look up cart URL and merchant name when adding cart
- [ChromeCart] Add OWNERS file for chrome/renderer/cart
- [ChromeCart] Disable flaky CommerceHintAgentTest tests
- [Sheriff] Disable benchmark under Msan.
- [ChromeCart] Detect more shopping actions
- [ChromeCart] Implement add-to-cart detection
- [fuchsia] Add logging to diagnose a crash in the request rewrite throttles
- Handle resize bitmap operation failing.
- Revert changes to PPD file parsing
- [fuchsia] Suppress |is_main_document_loaded| if navigations are pending.
- Updating XTBs based on .GRDs from branch 4389
- [floc] change the API return type to Promise
- SiteForCookies now computes value for frame tree
- [base/allocator] Intercept (v)asprintf() in the shims on Android.
- [a11y] Accessibility bridge rejects actions on invalidtrees.
- [M89] [sheriff] Disable ExtensionInstallDialogViewInteractiveBrowserTest.InvokeUi_ManyPermissions on Windows for real
Google Chrome 89.0.4389.82
- GMC: Enable Global Media Controls for ChromeOS
- [sheriff] Disable flaky CartHandlerTest.TestEnableFakeData
- [Sheriff] Disable flaky test on TSAN
- Call SetNeedsAssignmentRecalc in HTMLSlotElement::ChildrenChanged
- Stop preloading vr module to avoid racey crash
- Don't crash on reentrant RunMoveLoop call
- Fix download resumption in reduced mode
- Add WebLayer getters for referrer and form submission
- Enable chromium M89 CQ to trigger chrome M90 builders
- [Merge to M89][Multipaste] Restrict the size of the web contents from the copied HTML
- cros: Make AcceleratorHistory higher priority
- Wi-Fi Sync: Default autoconnect to enabled when unspecified
- Active user takes ownership of networks on password updates
- Prevent showing notification when Wi-Fi Sync is not visible in settings
- [M89]Use the chrome.exe path instead of the directory
- [Fuchsia] Fix OutputPresenterFuchsia to send non-decreasing timestamps
- Condition Price Tracking on MBB Consent
- [fuchsia] Add multiple component support for audio/video capturers
- [iOS] Guard against grid view item array overrun
- [iOS][MF] Validate web state
- [iOS][Settings] Fixes clear browsing data link
- [Merge M89] Bento: Save desk names and workspaces after desk reordering
- [M89] ash: Handle nullptr window in WebAuthn request registrar
- [Merge to M-89][Multipaste] Destruct the multipaste menu views asynchronously
- Revert "Use stereo audio processing in stereo calls"
- m89: Makes all accessibility * enable prefs non-synchable
Google Chrome 89.0.4389.72
Fixed:
- Heap buffer overflow in TabStrip
- Heap buffer overflow in WebAudio
- Heap buffer overflow in TabStrip
- Use after free in WebRTC
- Insufficient data validation in Reader Mode
- Insufficient data validation in Chrome for iOS
- Object lifecycle issue in audio
- Object lifecycle issue in audio
- Use after free in bookmarks
- Insufficient policy enforcement in appcache
- Out of bounds memory access in V8
- Incorrect security UI in Loader
- Incorrect security UI in TabStrip and Navigation
- Insufficient policy enforcement in File System API
- Side-channel information leakage in Network Internals
- Inappropriate implementation in Referrer
- Inappropriate implementation in Site isolation
- Inappropriate implementation in full screen mode
- Insufficient policy enforcement in Autofill
- Inappropriate implementation in Compositing
- Use after free in Network Internals
- Use after free in tab search
- Heap buffer overflow in OpenJPEG
- Side-channel information leakage in autofill
- Insufficient policy enforcement in navigations
- Inappropriate implementation in performance APIs
- Inappropriate implementation in performance APIs
- Insufficient policy enforcement in extensions
- Insufficient policy enforcement in QR scanning
- Insufficient data validation in URL formatting
- Use after free in Blink
- Insufficient policy enforcement in payments
- Uninitialized Use in PDFium
Various fixes from internal audits, fuzzing and other initiatives:
- webview: clear the network callback in AwPacProcessor
- Better adhere to the Get rule with SecTrustGetCertificateAtIndex
- Clear the add to submenu before add new items
- Do not register NetworkCallback for AwPacProcessor if network is not specified
- Do not reset shortcuts if no valid Chrome installations were found
- Introduce AudioBuffers for user access in ScriptProcessorNode
- [Merge to M89] Prevent re-dropping when the desk is snapping back
- Merge 89: "Disable AV1 hardware decode w/ D3D11VideoDecoder for Intel GPUs."
- ios: Check for nullptr cert
- [Merge to M89] [X11] Fix incorrect bitmap row-bytes calculation
- [M89] Fix marking device-wide keys as corporate if no Profile was given
- Remove usage of WKUserContentController mock
- [Merge to M-89] Capture Mode: use Env event handler
- Merge 89: Fix null check and reduce DumpWithoutCrashing
- Reland "Prevent calling setSelection with negative values"
- [fuchsia] Enable Partial Site Isolation
- CrOS system tray: check for Media Router after primary profile init
- [fuchsia] Reduce likelihood of integration tests timeout-flaking
- Disable flaky tests
- remoting: Introduce native systemd unit for CRD
- ChromeOS: Disable touchpad finger swipe in the "Locked Mode"
- [Merge to M-89] Capture Mode: fix cursor scale for different displays
- [Blobs] Don't store BlobStorageLimits as a reference in transport strategy
- [Merge M89] Attempt to ensure ClassLoaders are consistent for splits
- [Merge to 89] MediaRecorder: tolerate non-GMB NV12 frames for H264
- Updating XTBs based on .GRDs from branch 4389
- Merge M89 ash: Fix mirror transform when displays have different aspect
- viz: Clip required overlays to display boundaries
- [M89][Signin][Android] Set up sign-in promo only with account list cache
- Move notify call earlier when download is canceled
- m89: Do not process hover events when not expected by ChromeVox
- [ChromeCart] Remove expired cart entries
- Use the correct layer bounds
- Fix dependency
- Add flag to disable AV1 Decoding on d3d11 video decoder
- [merge to 89] Reland "capture_mode: Keyboard navigation and chromevox implementation."
- Fix bug where search_box_view_base active/inactive colors were swapped
Google Chrome 88.0.4324.192
- Change log not available for this version
Google Chrome 88.0.4324.182
- Stop using raw WebContents ptr in DragDownloadFile
- [Messages] Address a CHECK in MessageWrapper on activity destruction
- Make IncognitoCustomTabIntentDataProvider#isIncognito as single
- Use a copy for transferring non detachable buffers
- Add symupload dependency to chrome_cleanup_tool binaries
- M88 Merge: Disable SurfaceControl on capri devices
- WebSocket: Don't clear event queue on destruction
- Make ShapeResult::ComputeGlyphPositions() to calculate safe to break before offset correctly
- [fuchsia] Send a null client certificate
- Video Tutorials : Support videos not available in all languages
- Fix crash in FilePathWatcherKQueue.
- Add metrics for Web Platform notifications.
- [fuchsia] Add feature flag for disabling renderer memory pressure handling.
- Video Tutorials : UI fixes on IPH sequencing and language picker
- Disable GPU acceleration on all Mesa software rasterizers
- Video Tutorials : Added missing metrics for IPH cards
- [Fuchsia] Fix FuchsiaAudioRenderer::GetWallClockTimes()
- [fuchsia] Add memory pressure monitoring support to Renderers.
- [M88] [sheriff] Disable NestedIframeTransformedIntoViewViewportIntersection
- [M88] Disable flaky tests PrerenderBrowserTest.LinkRelPrerender*
- Video tutorials : Fixed toolbar shadow for video list
- [M88] Add strip_binary and strip_binary_chrome target
- [Merge to M88] Avoid spinning a nested message loop for X11 clipboard
- Fix RevertDragAt losing track of tabs in some cases.
- c Fix crash when reverting a drag if the source tabstrip changed during the drag.
- [Merge to M88] [XProto] Switch event queue from a std::list to a base::circular_deque
- [Merge to M88][Web Payment]PR_sheet_controller should not update views during PR abort
- Video Tutorials : Fixed summary card not getting shown
- [fuchsia] Fix AutoPlayTest.*UserActivatedViaSimulatedInteraction
- Change doubletap backwards test to happen on a paused video
- Merge: Update hover button state before calling press callback
- [M88] Skip fast/workers/worker-shared-asm-buffer to unblock V8 roll
- Block HW video decode on AMD driver 8.17.10.1433
- [M88] Disable BackForwardCacheBrowserTestWithFileSystemAPISupported.CacheWithFileSystemAPI due to flakes.
- [M88] Add TRACE_EVENT for RequestTermination and Stop
- Merge M88: "Don't use effective frame count to expire frames."
- Merge M88: "Prevent Windows IMFTransform hangs
- [Merge to M88] Enable ShortcutsMenu during Shortcut creation.
- Reland "Updating XTBs based on .GRDs from branch 4324"
- [M88] ServiceWorker: Fix the lifetime of OnFetchEventFinished()
- [Fuchsia] Send output frames to ImagePipe as soon as possible
- Revert "Updating XTBs based on .GRDs from branch 4324"
- Updating XTBs based on .GRDs from branch 4324
- webauthn: Remove PaaSK USB accessory filter
- [fuchsia] Never use official Google API keys on Fuchsia.
- [Autofill Assistant] Fast path++ CL for M-88 refresh#2
- [Fuchsia] Use embedder origin to determine permissions for iframes
- [fuchsia] Prevent Media Inspector memory leak on Fuchsia in M88
- [fuchsia] Allow official keys to remain unset in Fuchsia builds.
- [fuchsia] Fix a bug in NormalizeConsoleLogMessage
- [fuchsia] Wait for ContextProvider instances to start.
- Read later: Delete reading list in search state should not crash.
- content: adds check for null stop_callback_ in MediaStreamUIProxy
- [fuchsia] Fix NetworkChangeNotifierFuchsia construction race.
- Updating XTBs based on .GRDs from branch 4324
- Fix heap overflow in VideoFrameYUVConverter
- Revert "Roll AFDO from 88.0.4324.144_rc-r1-merged to 88.0.4324.147_rc-r1-merged"
- [M88 merge] weblayer: register android-app scheme
- [m88] Roll ICU to fix Android extra dat file issue
Security Fixes and Rewards:
- High CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki on 2020-10-14
- High CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29
- High CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani on 2021-01-12
- High CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous on 2021-01-14
- High CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge of ERNW GmbH on 2020-12-06
- High CVE-2021-21154: Heap buffer overflow in Tab Strip . Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-01
- High CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil Zhani on 2021-02-07
- High CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-02-11
- Medium CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous on 2021-01-26
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1178973] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 88.0.4324.150
- [infra] Change 'Mac10.13 Tests' tester os dimension to Mac 10.13 or 10.15
- mac: enable input sources before selecting them in ScopedKeyboardLayout
- Remove no_gpu mixin for tasks on Mac 10.13 machines
Security fixes:
- High CVE-2021-21148: Heap buffer overflow in V8
Google Chrome 88.0.4324.146
This update includes 6 security fixes. Below, we highlight fixes that were contributed by external researchers:
- Critical CVE-2021-21142: Use after free in Payments
- High CVE-2021-21143: Heap buffer overflow in Extensions
- High CVE-2021-21144: Heap buffer overflow in Tab Groups
- High CVE-2021-21145: Use after free in Fonts
- High CVE-2021-21146: Use after free in Navigation
- Medium CVE-2021-21147: Inappropriate implementation in Skia
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1154775] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 88.0.4324.96
Security Fixes:
- This update includes 36 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
- Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome
- High CVE-2021-21118: Insufficient data validation in V8
- High CVE-2021-21119: Use after free in Media. Reported by Anonymous on 2020-12-20
- High CVE-2021-21120: Use after free in WebSQL
- High CVE-2021-21121: Use after free in Omnibox
- High CVE-2021-21122: Use after free in Blink
- High CVE-2021-21123: Insufficient data validation in File System API
- High CVE-2021-21124: Potential user after free in Speech Recognizer
- High CVE-2021-21125: Insufficient policy enforcement in File System API
- High CVE-2020-16044: Use after free in WebRTC
- Medium CVE-2021-21126: Insufficient policy enforcement in extensions
- Medium CVE-2021-21127: Insufficient policy enforcement in extensions
- Medium CVE-2021-21128: Heap buffer overflow in Blink
- Medium CVE-2021-21129: Insufficient policy enforcement in File System API
- Medium CVE-2021-21130: Insufficient policy enforcement in File System API
- Medium CVE-2021-21131: Insufficient policy enforcement in File System API
- Medium CVE-2021-21132: Inappropriate implementation in DevTools
- Medium CVE-2021-21133: Insufficient policy enforcement in Downloads
- Medium CVE-2021-21134: Incorrect security UI in Page Info
- Medium CVE-2021-21135: Inappropriate implementation in Performance API
- Low CVE-2021-21136: Insufficient policy enforcement in WebView
- Low CVE-2021-21137: Inappropriate implementation in DevTools
- Low CVE-2021-21138: Use after free in DevTools
- Low CVE-2021-21139: Inappropriate implementation in iframe sandbox
- Low CVE-2021-21140: Uninitialized Use in USB
- Low CVE-2021 |
