| What's new in this version: Google Chrome 109.0.5414.119
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 109.0.5414.87
Security Fixes and Rewards:
- High CVE-2023-0128: Use after free in Overview Mode
- High CVE-2023-0129: Heap buffer overflow in Network Service
- Medium CVE-2023-0130: Inappropriate implementation in Fullscreen API
- Medium CVE-2023-0131: Inappropriate implementation in iframe Sandbox
- Medium CVE-2023-0132: Inappropriate implementation in Permission prompts
- Medium CVE-2023-0133: Inappropriate implementation in Permission prompts
- Medium CVE-2023-0134: Use after free in Cart
- Medium CVE-2023-0135: Use after free in Cart
- Medium CVE-2023-0136: Inappropriate implementation in Fullscreen API
- Medium CVE-2023-0137: Heap buffer overflow in Platform Apps
- Low CVE-2023-0138: Heap buffer overflow in libphonenumber
- Low CVE-2023-0139: Insufficient validation of untrusted input in Downloads
- Low CVE-2023-0140: Inappropriate implementation in File System API
- Low CVE-2023-0141: Insufficient policy enforcement in CORS
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 108.0.5339.124
Security fixes:
- High CVE-2022-4436: Use after free in Blink Media
- High CVE-2022-4437: Use after free in Mojo IPC
- High CVE-2022-4438: Use after free in Blink Frames
- High CVE-2022-4439: Use after free in Aura
- Medium CVE-2022-4440: Use after free in Profiles
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1400487] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 108.0.5339.98
- Change log not available for this version
Google Chrome 108.0.5339.94
Security fixes:
- Type Confusion in V8
Google Chrome 108.0.5339.71
Security Fixes:
- High CVE-2022-4174: Type Confusion in V8
- High CVE-2022-4175: Use after free in Camera Capture
- High CVE-2022-4176: Out of bounds write in Lacros Graphics
- High CVE-2022-4177: Use after free in Extensions
- High CVE-2022-4178: Use after free in Mojo
- High CVE-2022-4179: Use after free in Audio
- High CVE-2022-4180: Use after free in Mojo
- High CVE-2022-4181: Use after free in Forms
- Medium CVE-2022-4182: Inappropriate implementation in Fenced Frames
- Medium CVE-2022-4183: Insufficient policy enforcement in Popup Blocker
- Medium CVE-2022-4184: Insufficient policy enforcement in Autofill
- Medium CVE-2022-4185: Inappropriate implementation in Navigation
- Medium CVE-2022-4186: Insufficient validation of untrusted input in Downloads
- Medium CVE-2022-4187: Insufficient policy enforcement in DevTools
- Medium CVE-2022-4188: Insufficient validation of untrusted input in CORS
- Medium CVE-2022-4189: Insufficient policy enforcement in DevTools
- Medium CVE-2022-4190: Insufficient data validation in Directory
- Medium CVE-2022-4191: Use after free in Sign-In
- Medium CVE-2022-4192: Use after free in Live Caption
- Medium CVE-2022-4193: Insufficient policy enforcement in File System API
- Medium CVE-2022-4194: Use after free in Accessibility
- Medium CVE-2022-4195: Insufficient policy enforcement in Safe Browsing
As usual, our ongoing internal security work was responsible for a wide range of fixes
- [1394280] Various fixes from internal audits, fuzzing and other initiative
Google Chrome 107.0.5304.121
Security fixes:
- High CVE-2022-4135: Heap buffer overflow in GPU
Google Chrome 107.0.5304.110
Security Fixes and Rewards:
- High CVE-2022-3885: Use after free in V8
- High CVE-2022-3886: Use after free in Speech Recognition
- High CVE-2022-3887: Use after free in Web Workers
- High CVE-2022-3888: Use after free in WebCodecs
- High CVE-2022-3889: Type Confusion in V8
- High CVE-2022-3890: Heap buffer overflow in Crashpad
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1382280] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 107.0.5304.87
Security Fixes:
- High CVE-2022-3723: Type Confusion in V8
Google Chrome 107.0.5304.62
Security Fixes:
- High CVE-2022-3652: Type Confusion in V8
- High CVE-2022-3653: Heap buffer overflow in Vulkan
- High CVE-2022-3654: Use after free in Layout
- Medium CVE-2022-3655: Heap buffer overflow in Media Galleries
- Medium CVE-2022-3656: Insufficient data validation in File System
- Medium CVE-2022-3657: Use after free in Extensions
- Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS
- Medium CVE-2022-3659: Use after free in Accessibility
- Medium CVE-2022-3660: Inappropriate implementation in Full screen mode
- Low CVE-2022-3661: Insufficient data validation in Extensions
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1377543] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 106.0.5249.119
This update includes 6 security fixes:
- High CVE-2022-3445: Use after free in Skia
- High CVE-2022-3446: Heap buffer overflow in WebSQL
- High CVE-2022-3447: Inappropriate implementation in Custom Tabs
- High CVE-2022-3448: Use after free in Permissions API
- High CVE-2022-3449: Use after free in Safe Browsing
- High CVE-2022-3450: Use after free in Peer Connection
Other fixes:
- Updating XTBs based on .GRDs from branch 5249
- [Merge to M106] Use HeapMojoReceiver rather than mojo::Receiver for PeerConnectionTracker
- [skylab_tests] Update skylab tests cros img version
- [M106] Reset the profile pointer in PreferenceValidationDelegate before the profile is destroyed.
- 7e1399e [GURL] Migrate referrer to use GURL
- [M106] infra: Fetch //chrome/VERSION onto orchestrator builds
- Show about:blank in CCTs
- [M106] Reland "remove .vpython"
- chromeos: Disable failing u2fd.WebauthnUsingPassword.*
- [M106] Avoid showing toast after BrandingController destroyed
- [SearchResumption] Add user actions and histogram
- Fix UAF issue around permission status observer list
- CaptivePortalDetector: Test |detection_callback_|
- [M106] sqlite: Upgrade to 3.39.4
- AT actions API: Always expose default action at index 0
- [M106] Clipboard paste: use browser-safe version of user activation
- [CacheStorage] GetStorageKeys shouldn't rely on QuotaManagerProxy
- [M106 merge] Make password fields spellcheck-disabled by default
- [M106] Remove SERVICE_ACCOUNT_JSON from logdog wrapper
- Add missing early return in RunLegacyDataUseMeasurment experiment
- Updating XTBs based on .GRDs from branch 5249
Google Chrome 106.0.5249.103
- Change log not available for this version
Google Chrome 106.0.5249.91
- Change log not available for this version
Google Chrome 106.0.5249.61
Security Fixes:
- High CVE-2022-3304: Use after free in CSS
- High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools
- High CVE-2022-3305: Use after free in Survey
- High CVE-2022-3306: Use after free in Survey
- High CVE-2022-3307: Use after free in Media
- Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools
- Medium CVE-2022-3309: Use after free in Assistant
- Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
- Medium CVE-2022-3311: Use after free in Import
- Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN
- Medium CVE-2022-3313: Incorrect security UI in Full Screen
- Medium CVE-2022-3314: Use after free in Logging
- Medium CVE-2022-3315: Type confusion in Blink
- Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing
- Low CVE-2022-3317: Insufficient validation of untrusted input in Intents
- Low CVE-2022-3318: Use after free in ChromeOS Notifications
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1368115] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 105.0.5195.127
Security Fixes and Rewards:
- High CVE-2022-3195: Out of bounds write in Storage
- High CVE-2022-3196: Use after free in PDF
- High CVE-2022-3197: Use after free in PDF
- High CVE-2022-3198: Use after free in PDF
- High CVE-2022-3199: Use after free in Frames
- High CVE-2022-3200: Heap buffer overflow in Internals
- High CVE-2022-3201: Insufficient validation of untrusted input in DevTools
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1363148] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 105.0.5195.102
Security fixes:
- High CVE-2022-3075: Insufficient data validation in Mojo
Google Chrome 105.0.5195.54
Security Fixes:
- Critical CVE-2022-3038: Use after free in Network Service
- High CVE-2022-3039: Use after free in WebSQL
- High CVE-2022-3040: Use after free in Layout
- High CVE-2022-3041: Use after free in WebSQL
- High CVE-2022-3042: Use after free in PhoneHub
- High CVE-2022-3043: Heap buffer overflow in Screen Capture
- High CVE-2022-3044: Inappropriate implementation in Site Isolation
- High CVE-2022-3045: Insufficient validation of untrusted input in V8
- High CVE-2022-3046: Use after free in Browser Tag
- Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API
- Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
- Medium CVE-2022-3049: Use after free in SplitScreen
- Medium CVE-2022-3050: Heap buffer overflow in WebUI
- Medium CVE-2022-3051: Heap buffer overflow in Exosphere
- Medium CVE-2022-3052: Heap buffer overflow in Window Manager
- Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock
- Medium CVE-2022-3054: Insufficient policy enforcement in DevTools
- Medium CVE-2022-3055: Use after free in Passwords
- Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
- Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox
- Low CVE-2022-3058: Use after free in Sign-In Flow
Various fixes from internal audits, fuzzing and other initiatives:
- Create separate copies of PasswordForms instead of keeping raw pointers
- Use CancelableCallback in ForcedProfileSwitchInterceptionHandle to avoid use-after-free
- Updating XTBs based on .GRDs from branch 5195
- bindings: Remove the prototype chain from observable array handler object
- Revert "[Merge-105][Dr-Dc] Add more devices to be blocklisted."
- Revert "[Merge-105][Dr-Dc] Disable DrDc on some gpus ."
- [M105 Merge][fieldtrial] Add config for NotifyJavaSpuriouslyToMeasurePerf
- [M105] Change API used to show the Tailored Security Desktop Dialog
- [M105 Merge][WebContentsObserverProxy] Add metric for didStartNavigation
- [Merge to M105] Fix buffer overflow in ax_platform_node_auralinux
- Merge 105 / Address flaky test: MultipleBadAccessibilityIPCsKillsRenderer
- [Merge 105] Revert "Add alternate accelerator for IDC_BASIC_PRINT and deprecate the old one"
- [M105 Merge][WebContentsImpl] Don't call DidStartNavigation in child frames
- Handle null WebContents when checking display ID
- [lacros] Update lacros QA qualified version
- [Merge-105][Dr-Dc] Add more devices to be blocklisted
- [CPA] Added feature engagement rate limits to action chip
- [m105][rollicu] Update TZ to 2022b
- [Merge-105][Dr-Dc] Disable DrDc on some gpus
- [M105][infra] Use 8-core machines for branched try/fuchsia-binary-size
- [M105 Merge][SequenceManagerImpl] Increase temp queue capacity to avoid extra alloc
- [M105 Merge][fieldtrial] Add config for jank experiments
- [Start] Fix Start surface doesn't response when changing homepage settings
- [SearchResumption] Change search resumption module header text
- Updating XTBs based on .GRDs from branch 5195
- [Merge to M105] ServiceWorker: Don't run update check during browser shutdown
Google Chrome 104.0.5112.101
Security fixes:
- Critical CVE-2022-2852: Use after free in FedCM
- High CVE-2022-2854: Use after free in SwiftShader
- High CVE-2022-2855: Use after free in ANGLE
- High CVE-2022-2857: Use after free in Blink
- High CVE-2022-2858: Use after free in Sign-In Flow
- High CVE-2022-2853: Heap buffer overflow in Downloads
- High CVE-2022-2856: Insufficient validation of untrusted input in Intents
- Medium CVE-2022-2859: Use after free in Chrome OS Shell
- Medium CVE-2022-2860: Insufficient policy enforcement in Cookies
- Medium CVE-2022-2861: Inappropriate implementation in Extensions API
Google Chrome 103.0.5060.134
Security Fixes:
- High CVE-2022-2477 : Use after free in Guest View
- High CVE-2022-2478 : Use after free in PDF
- High CVE-2022-2479 : Insufficient validation of untrusted input in File
- High CVE-2022-2480 : Use after free in Service Worker API
- High CVE-2022-2481: Use after free in Views
- Low CVE-2022-2163: Use after free in Cast UI and Toolbar
Various fixes from internal audits, fuzzing and other initiatives:
- Keep refptr to ServiceWorkerVersion in MaybeTimeoutRequest
- Updating XTBs based on .GRDs from branch 5060
- Updating XTBs based on .GRDs from branch 5060
- Fix incorrect text itemization for r codepoint
- Updating XTBs based on .GRDs from branch 5060
- [M103 Merge] Fix UAF in CloseBubbleOnTabActivationHelper
- [M103]Fix an issue that content URI can be used to upload files under app dir
- [M103] Allow GPU M1 Macs to use Mac 12
- Fix dawn write handle data update OOB check
- [M103] Reland "Fix UaF in media router dialog"
- Updating XTBs based on .GRDs from branch 5060
- Disable failing test.
- Updating XTBs based on .GRDs from branch 5060
- [OSCrypt] Fix branded GnomeKeyring tests
- [M103][Messages][SaveCard] Fix metrics recording error
- Updating XTBs based on .GRDs from branch 5060
- Try to avoid blocking reads in InputStream reading code
- M103: Use weak ptr for webview JavaScriptDialogHelper callback
- [Sheriff] Restore flaky test expectation for mouse-events-on-node-deletion
- [M103][Messages][SaveCard] Reset metric recording related variables.
- Updating XTBs based on .GRDs from branch 5060
- WebGPU: Mark the context lost on GPU context lost
- Mitigate bad cast in OffscreenCanvas::GetFontSelector
- Filter command responses from detached CDP sessions
- [Merge to 103] Merge fix for crash when enabling calendar in M103"
- Disable flaky InspectUIFencedFrameTest.FencedFrameInFrontEnd
Google Chrome 103.0.5060.114
Security Fixes:
- High CVE-2022-2294: Heap buffer overflow in WebRTC
- High CVE-2022-2295: Type Confusion in V8
- High CVE-2022-2296: Use after free in Chrome OS Shell
Various fixes from internal audits, fuzzing and other initiatives:
- Pre-paint: OOF within monolithic content is contained normally
- Pre-paint: Remove obsolete inline continuation code
- Updating XTBs based on .GRDs from branch 5060
- Switch V8 reference to git hash
- Automatic update from google3
- HDR/Windows: SDR displays must have 80 nits
- Updating XTBs based on .GRDs from branch 5060
- Disable IntegrationTest.SelfUpdateFromOldReal in M103
- Add bot account to transport_security_state_static owners
- M103: [Pinpoint] add pgo bots to M103
- Updating XTBs based on .GRDs from branch 5060
- migrate metrics_python_tests to python3 for M103
- [Sheriff] Disable flaky MachOImageAnnotationsReader tests for M103
- Revert "Move most of partnerbookmarks to the module"
- [M103] Let GPU Intel Macs target 12.4
- Updating XTBs based on .GRDs from branch 5060
- testing: fix check_static_initializers.py for python3 for M103
- sheriff: Disable QuarantineMacTest.*
- [M103] Disable svg/W3C-SVG-1.1/pservers-grad-05-b.svg to satisfy M103 builders
- Updating XTBs based on .GRDs from branch 5060
- Updating XTBs based on .GRDs from branch 5060
- [M103] Disabled crashing test in FirstRunActivitySigninAndSyncTest
- Change ShouldDisableDohForManaged to use IsEnrolledToDomain()
- [Merge 103]Revert "Refresh policies from Registry dynamically"
- 5060: infra: Add the root vpython spec files to orchestrator runtime deps
- [Merge 103] crOS: Support SecondaryGoogleAccountUsage policy
- [Merge103] Fix context nullptr crash
- Updating XTBs based on .GRDs from branch 5060
Google Chrome 103.0.5060.66
- Change log not available for this version
Google Chrome 103.0.5060.53
- Change log not available for this version
Google Chrome 102.0.5005.115
Security Fixes:
- High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17
- High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19
- High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13
- High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31
Various fixes from internal audits, fuzzing and other initiatives:
- [Merge 102] Disable the enterprise dialog being showed for all users
- Revert "Post media log destruction to avoid destruction"
- Post media log destruction to avoid destruction
- [M102] Migrate "chromium.memory:Linux TSan Builder" src side
- Ensure the link data checkbox is always on top of the action buttons
- Set selection range after committed composition only for non-IME input
- Updating XTBs based on .GRDs from branch 5005
- [Reland][Region Capture] Fix blocking of other-tab captures
- [M102] Revert "Remove the AcceptCHFrame base::Feature"
- PaintOpReader: Harden PaintImage deserialization
- [102] Revert "Enable same-process, cross-origin iframe throttle by default."
- [M102][Color Pipeline] Fix extensions badge contrast
- Use the right tex target for video frame for ANGLE/Metal
- Merge M102: "Retrieve optional video profiles asynchronously."
- [Merge 102] [journeys] Respect AllowDeletingBrowserHistory in WebUI Handler
- [M102] Fix a regression that CascadeLayerMap is not rebuilt
- CHECK that detaching a mapped GPUBuffer was successful
- [Merge to M102] [RPM] Add check for 2021 signing key
Google Chrome 102.0.5005.63
Security Fixes:
- Critical CVE-2022-1853: Use after free in Indexed DB
- High CVE-2022-1854: Use after free in ANGLE
- High CVE-2022-1855: Use after free in Messaging
- High CVE-2022-1856: Use after free in User Education
- High CVE-2022-1857: Insufficient policy enforcement in File System API
- High CVE-2022-1858: Out of bounds read in DevTools
- High CVE-2022-1859: Use after free in Performance Manager
- High CVE-2022-1860: Use after free in UI Foundations
- High CVE-2022-1861: Use after free in Sharing
- Medium CVE-2022-1862: Inappropriate implementation in Extensions
- Medium CVE-2022-1863: Use after free in Tab Groups
- Medium CVE-2022-1864: Use after free in WebApp Installs
- Medium CVE-2022-1865: Use after free in Bookmarks
- Medium CVE-2022-1866: Use after free in Tablet Mode
- Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer
- Medium CVE-2022-1868: Inappropriate implementation in Extensions API
- Medium CVE-2022-1869: Type Confusion in V8
- Medium CVE-2022-1870: Use after free in App Service
- Low CVE-2022-1871: Insufficient policy enforcement in File System API
- Low CVE-2022-1872: Insufficient policy enforcement in Extensions API
- Low CVE-2022-1873: Insufficient policy enforcement in COOP
- Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
- Low CVE-2022-1875: Inappropriate implementation in PDF
- Low CVE-2022-1876: Heap buffer overflow in DevTools
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1328866] Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 101.0.4951.64
Security fixes:
- High CVE-2022-1633: Use after free in Sharesheet
- High CVE-2022-1634: Use after free in Browser UI
- High CVE-2022-1635: Use after free in Permission Prompts
- High CVE-2022-1636: Use after free in Performance APIs
- High CVE-2022-1637: Inappropriate implementation in Web Contents
- High CVE-2022-1638: Heap buffer overflow in V8 Internationalization
- High CVE-2022-1639: Use after free in ANGLE
- High CVE-2022-1640: Use after free in Sharing
- Medium CVE-2022-1641: Use after free in Web UI Diagnostics
Google Chrome 101.0.4951.54
- Change log not available for this version
Google Chrome 101.0.4951.41
Security Fixes:
- High CVE-2022-1477: Use after free in Vulkan
- High CVE-2022-1478: Use after free in SwiftShader
- High CVE-2022-1479: Use after free in ANGLE
- High CVE-2022-1480: Use after free in Device API
- High CVE-2022-1481: Use after free in Sharing
- High CVE-2022-1482: Ippropriate implementation in WebGL
- High CVE-2022-1483: Heap buffer overflow in WebGPU
- Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings
- Medium CVE-2022-1485: Use after free in File System API
- Medium CVE-2022-1486: Type Confusion in V8
- Medium CVE-2022-1487: Use after free in Ozone
- Medium CVE-2022-1488: Ippropriate implementation in Extensions API
- Medium CVE-2022-1489: Out of bounds memory access in UI Shelf
- Medium CVE-2022-1490: Use after free in Browser Switcher
- Medium CVE-2022-1491: Use after free in Bookmarks
- Medium CVE-2022-1492: Insufficient data validation in Blink Editing
- Medium CVE-2022-1493: Use after free in Dev Tools
- Medium CVE-2022-1494: Insufficient data validation in Trusted Types
- Medium CVE-2022-1495: Incorrect security UI in Downloads
- Medium CVE-2022-1496: Use after free in File Mager
- Medium CVE-2022-1497: Ippropriate implementation in Input
- Low CVE-2022-1498: Ippropriate implementation in HTML Parser
- Low CVE-2022-1499: Ippropriate implementation in WebAuthentication
- TBD1223475 Low CVE-2022-1500: Insufficient data validation in Dev Tools
- Low CVE-2022-1501: Ippropriate implementation in iframe
Various fixes from internal audits, fuzzing and other initiative:
- Speculative fix for crashes in ScrollableArea::InjectGestureScrollEvent
- Check for error when calling ComputeImageSizeInBytes
- [M101] Ensure that thin testers do not set reclient properties
- sheriff: Disable DiagnosticsAppWithInput.BrowserTest on ChromeOS
- [Sheriff] Disable PolicyToPrefsMapping or ChromeOS dbg
- [M101] Allow for setting try_settings without mirrors
- ServiceImageTransferCacheEntry: Fix uninitialized values
- Check Membership requests should only occur on fresh local state prefs
- [M101][QrCode] Fix QR code icon not appearing in the omnibox for CrOS
- Temporarily disable opening file:// on Android TM
- [M101][infra] Create test specs for linux-blink-rel-dummy try builders
- Don't consume user activation when opening windows in WebView
- Aw: Add the missing ALGORITHMIC_DARKENING
- [M101] stts: don't hold raw view->controller pointer
- SessionRestore: Ensure locked profile sessions are not restored
- Updating XTBs based on .GRDs from branch 4951
- Switch to use WaitForLoadStop to fix flakiness
- Move downloaded models to a randomly generated directory
- M101: Prevent the creation of a duplicate dialog in CupsPrintersHandler
- M101: Prevent the creation of a duplicate dialog in ScanningHandler
- libwebp: update to 1.2.2 (20ef03e)
- m101: Fix dangling pointer in DevToolsUIBindingsEnabler
- [PriceTracking] Add a flag for whether to parse seen offer to server
- [M101][infra] Migrate builder config for chromeos-kevin-rel src-side
- [Merge M101]: Fix crash when stopping speech recognition before it has initialized
- Revert "CCA: Avoid CameraHalDelegate Leak from VCDF"
- Revert "CCA: Moves a Thread subordinate to CameraHalDelegate to its variable"
- Fix null pointer exception in PersistedTabData
- [Merge M101]: SpeechRecognitionPrivate: Prevent dangling callbacks
- Privacy Sandbox Settings: Fix V2 settings always show as on
- Add bounds check to WebGPUDecoderImpl::DoRequestDevice
- [M101] Sanitize DragData markup before inserting it into document
Google Chrome 100.0.4896.127
- Change log not available for this version
Google Chrome 100.0.4896.88
- [Fuchsia] Handle encryption config change in WebEngineAudioRenderer
- Revert "[M100 Merge] Add a crash key "list-of-hung-threads" in the GPU watchdog"
- Crostini_upgrader: Handle content::WebContents through weak pointers
- Disable extension content script IPC enforcement
- [M100][infra] Migrate configs for Android x64 Builder (dbg) src-side
- M100: syncfs_internals: Use WeakPtr for DumpDatabaseHandler
- MediaDevices: Prevent iterator invalidation during Promise resolution
- Fix letterSpacing/wordSpacing for Canvas.Style
- Partial revert of "Updater: Fix signing."
- Updating XTBs based on .GRDs from branch 4896
- Switch to use WaitForLoadStop to fix flakiness
- [Merge 100][iOS] Fix new new FRE bug
- [M100][infra] Migrate configs for Android arm Builder (dbg) src-side
- DGAPI: Flip runtime feature back to "experimental" (merge to M100)
- R[Merge M100] Put Android font lookup cache behind a featureevert "Fix an edge case bug in Windows TSF1 implementation."
- [Merge M100] Put Android font lookup cache behind a feature[M100] Remove noop scheduler job for Win11 Tests x64.
- [M100] Remove noop scheduler job for Win11 Tests x64.
- [M100 Merge] Add a crash key "list-of-hung-threads" in the GPU watchdog
- [m100 cherrypick] Disable IME at non password fields when not at the normal screen
- [Merge to M100] Reland "Expect non-initial NavigationEntry with empty URL on session restore"
- Revert "Enable to iterate DedicatedWorkers from their creators: LocalDOMWindow or DedicatedWorkerGlobalScope"
- Fix crash with JAWS screen reader
- FrameSinkBundle: Lazily observe BeginFrameSource
- Extend force-color-profile forever
- [css-typed-om] Disallow CSS-wide keywords for StylePropertyMap.set
- M100: Change ownership of BlobBytesProvider
- Updating XTBs based on .GRDs from branch 4896
- [M100][infra] Migrate configs for Win x64 Builder src-side
- [skia_renderer]: Use RectF::Intersect in ApplyScissor
- Turn off the Digital Goods API on Android for now, to work around a crash on WebView
- Custom themes should override native color definitions
Security fixes:
- High CVE-2022-1305: Use after free in storage
- High CVE-2022-1306: Inappropriate implementation in compositing
- High CVE-2022-1307: Inappropriate implementation in full screen
- High CVE-2022-1308: Use after free in BFCache
- High CVE-2022-1309: Insufficient policy enforcement in developer tools
- High CVE-2022-1310: Use after free in regular expressions
- High CVE-2022-1311: Use after free in Chrome OS shell
- High CVE-2022-1312: Use after free in storage
- Medium CVE-2022-1313: Use after free in tab groups
- Medium CVE-2022-1314: Type Confusion in V8
Google Chrome 100.0.4896.75
- Updating XTBs based on .GRDs from branch 4896
- Rework menu_bg_tinted to not span deps.
- Revert "Reland "[Tab Switcher] Refactor - moved aspect ratio determination to helper method. Added static aspect ratio for tablet. Added a couple unit tests for new method in TabUtils""
- [m100 cherrypick] Disable autocorrect for system PK at lock screen
- [M100 merge] history: don't handle db error during destruction
- Avoid spawning HangWatcher thread in the GPU process due to conflict with WatchDog
- Allow sdpSemantics:'plan-b' from the web always on Fuchsia
- Updating XTBs based on .GRDs from branch 4896
- [LaCrOS]Temporary workaround to disable RED_8 overlay candidates
- Disable the flaky AccessibilityEventsIframeSrcChanged test
- Post data URL bitmap fetcher callback on correct thread
- Merge to M100: [HPS] Disabled features by default.
- [M100] Remove xenial_or_bionic for try android builders
- Disabling failing test TaskSchedulerTests.RunAProgramNow
- M100: Remove ash-chrome special handling in BrowserView::CanAcrivate
- [M100] Expose is_cfm build flag via chromeInfoPrivate API
- Fix default centering logic in exo
Security Fixes:
- Type Confusion in V8
Google Chrome 100.0.4896.60
Fixed:
- High CVE-2022-1125: Use after free in Portals
- High CVE-2022-1127: Use after free in QR Code Generator
- High CVE-2022-1128: Inappropriate implementation in Web Share API
- High CVE-2022-1129: Inappropriate implementation in Full Screen Mode
- High CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
- High CVE-2022-1131: Use after free in Cast UI
- High CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
- High CVE-2022-1133: Use after free in WebRTC
- High CVE-2022-1134: Type Confusion in V8
- Medium CVE-2022-1135: Use after free in Shopping Cart
- Medium CVE-2022-1136: Use after free in Tab Strip
- Medium CVE-2022-1137: Inappropriate implementation in Extensions
- Medium CVE-2022-1138: Inappropriate implementation in Web Cursor
- Medium CVE-2022-1139: Inappropriate implementation in Background Fetch API
- Medium CVE-2022-1141: Use after free in File Manager
- Medium CVE-2022-1142: Heap buffer overflow in WebUI
- Medium CVE-2022-1143: Heap buffer overflow in WebUI
- Medium CVE-2022-1144: Use after free in WebUI
- Medium CVE-2022-1145: Use after free in Extensions
- Low CVE-2022-1146: Inappropriate implementation in Resource Timing
Google Chrome 99.0.4844.84
- Change log not available for this version
Google Chrome 99.0.4844.83
- Revert "Migrate Hangout Services extension to v3 manifest"
Google Chrome 99.0.4844.82
- Change log not available for this version
Google Chrome 99.0.4844.74
- Change log not available for this version
Google Chrome 99.0.4844.51
Security fixes:
- Heap buffer overflow in ANGLE
- Use after free in Cast UI
- Use after free in Omnibox
- Out of bounds read in ANGLE
- Use after free in Views
- Use after free in WebShare
- Type Confusion in Blink Layout
- Use after free in Media
- Out of bounds memory access in Mojo
- Use after free in MediaStream
- Insufficient policy enforcement in Installer
- Heap buffer overflow in Cast UI
- Inappropriate implementation in HTML parser
- Inappropriate implementation in Full screen mode
- Inappropriate implementation in Permissions
- Inappropriate implementation in Full screen mode
- Use after free in Browser Switcher
- Data leak in Canvas
- Inappropriate implementation in Autofill
- Use after free in Chrome OS Shell
- Out of bounds memory access in WebXR
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 98.0.4758.102
[Extensions] Fix UAF issue in webstorePrivate API.
- Fix color space in DesktopCaptureMacV2
- Use AXTree for AXNode lookups by id
- Handle more corner cases for textrange endpoints node deletion
- [Shopping] Gate access to SubscriptionsManager on feature flag
- Updating XTBs based on .GRDs from branch 4758[Private Network Access] Merge: Fix handling of redirects after preflights.
- [Private Network Access] Merge: Web Platform Tests for redirects.
- [98] Reland "Reland "Take the playout AudioDevice from a MediaStreamTrack's creation frame""
- [Private Network Access] Merge: Test redirects after preflights.
- Code health cleanup: replacing animations.
- M98: FS: Fix FileUtil lifetime issue
- [M98][infra] Stop generating properties.textpb files.
- M98][Android] Fix race condition in assigning groups
- Updating XTBs based on .GRDs from branch 4758
- [Merge to M98] Disable InitialNavigationEntry flag
- M98 merge: [Extensions] Fix a null dereference in CrxInstaller
- fix adding to group that is deleted from the tab_menu_model
- Revert "WebDriver supports non-BMP characters in SendKeys"
- [M98] Unregister Accelerators when AccessiblePaneView is destroyed.
- [M98] Fix UAF in TailoredSecurity on Android
- [Start] Fix the toolbar gone issue.
- [m98] weblayer: Control swallow event only when visible[ios, kSingleNtp] Update LogoVendor's WebState as NTPMediator does
- [M98][infra] Change the file extension of the properties file. Cleanup PausablecriptExecutor usage.
[ios, kSingleNtp] Log IOS.NTP.Impression in displayWebState:
- [ios/crashpad] ios: Actually merge memory snapshot data
- [ios, singlntp] only call ntpDidChangeVisibility: if NTP is active
- [ios] Return early in configureCell if not correct MVT cell class
- [M98] Add a fuchsia branch type.
- [infra] Update active set of LUCI experiments.
- [M98] Update the branch.matches code to accept multiple selectors.
- [sheriffing] Disable PolicyCorruptedOnStartup test on CrOS.
- [M98] add service account in OWNERS file
- [M98] Fix linux-ash-chromium-generator-rel
- CWVCreditCardVerifierTest.IsExpirationDateValid: Bump years
- Fix potential handle reuse in Mojo
- Viz: Fix UAF on context loss
- [M98][Files SWA]: Use WeakPtr to prevent a possible UAR bug
- High CVE-2022-0603: Use after free in File Manager.High CVE-2022-0604: Heap buffer overflow in Tab Groups.
- High CVE-2022-0605: Use after free in Webstore API.
- High CVE-2022-0606: Use after free in ANGLE.
- High CVE-2022-0607: Use after free in GPU.
- High CVE-2022-0608: Integer overflow in Mojo.
- High CVE-2022-0609: Use after free in Animation.
- Medium CVE-2022-0610: Inappropriate implementation in Gamepad API
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 98.0.4758.82
- Change log not available for this version
Google Chrome 98.0.4758.80
Security Fixes:
- High CVE-2022-0452: Use after free in Safe Browsing
- High CVE-2022-0453: Use after free in Reader Mode
- High CVE-2022-0454: Heap buffer overflow in ANGLE
- High CVE-2022-0455: Inappropriate implementation in Full Screen Mode
- High CVE-2022-0456: Use after free in Web Search
- High CVE-2022-0457: Type Confusion in V8
- High CVE-2022-0458: Use after free in Thumbnail Tab Strip
- High CVE-2022-0459: Use after free in Screen Capture
- Medium CVE-2022-0460: Use after free in Window Dialog
- Medium CVE-2022-0461: Policy bypass in COOP
- Medium CVE-2022-0462: Inappropriate implementation in Scroll
- Medium CVE-2022-0463: Use after free in Accessibility
- Medium CVE-2022-0464: Use after free in Accessibility
- Medium CVE-2022-0465: Use after free in Extensions
- Medium CVE-2022-0466: Inappropriate implementation in Extensions Platform
- Medium CVE-2022-0467: Inappropriate implementation in Pointer Lock
- Medium CVE-2022-0468: Use after free in Payments
- Medium CVE-2022-0469: Use after free in Cast
- Low CVE-2022-0470: Out of bounds memory access in V8
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 97.0.4692.99
- Change log not available for this version
Google Chrome 97.0.4692.71
- Change log not available for this version
Google Chrome 96.0.4664.55
- Change log not available for this version
Google Chrome 96.0.4664.45
- Revert "Reland "[CSP] Fix wasm-eval check from workers""
- M96: Storage Foundation: Share FileState ownership with I/O threads.
- Fix bug where interception dialog would hang indefinitely for reauths
- webcodecs: Avoid premature destruction of |media_encoder_|
- [ios] Remove Infobar Overlays from Snapshot drawing
- M96: Storage Foundation: Avoid cross-thread access of DOMArrayBufferView.
- CHECK WebContents removal in UnloadController
- Extend the workaround list to disable hw H264 encoder on some old Intel drivers.
- Add "multi_gpu_category": "any" to H.264 encoder disable.
- Disable hw H264 encoder on some old NVIDIA drivers.
- [Coupon] Parse FL coded coupon response
- [M96] Fix linux-lacros-rel doesn't run on branches
- Use WeakPtr to prevent using the ptr out of scope
- [M96] Revert "[lacros skew tests] Refresh skew tests for M96"
- [WebXR] Make VR intent immutable
- M96: Storage Foundation: read/write tests with non-zero buffer offsets.
- Drop the minor version from macOS web tests
- [Start] Fix isStartSurfaceEnabled in Samsung.
- Fixed NPE in AddToHomescreenIPHController
- Cache HOMEPAGE_PARTNER_CUSTOMIZED_DEFAULT_URI to make getDefaultHomepageUri() correct.
- Update Mac Builder and Mac deterministic (dbg) to use Mac default
- Updating XTBs based on .GRDs from branch 4664
- Send integer values instead of floats for CPSS UKM stats
- Introduce CrossThreadCopier
- [M96][Sheriff] Disable grit_python_unittests on mac11-arm64-rel-tests bot.
- [Merge-M96] [CrOS] Enable the Release Notes notification from M96 onwards.
- [M96] [LensRegionSearch] Mac: use cursor-set rather than push
- Merge "Camera Roll: Prevent settings item from showing when flag is disabled"
- [Sheriff] Disable ReportingBrowserTest.CrashReportUnresponsive for Mac
- [M96 merge] personalization: shrink wallpaper images
- Revert "components: tweak the H264 profile at GAVEA"
- [M96][LensRegionSearch] Fix crosshair cursor on Mac over scrim.
- [layout] Fix performance regression associated with nested tables.
- Fix composited plugin paint offset in multicol
- Fix overlay scrollbar painting order under nested rel and abs pos
- Fix paint location of RemoteFrameView foreign layer
- [Contacts] Check the WebContents are still active/valid before launching picker
- Merge "SVG Text NG: Fix dynamic update of "transform" attribute" to M96 branch
- M96 merge: [STTS] Unregister ReceivingUiHandlers on shutdown
- Merge to 96: [Mac A11y] Check whether object exists before converting to BrowserAccessibilityCocoa.
- [M96] Reset surface param to default if the request is not a side panel request.
- Search History Link Android: fixed the logic to actually follow the signed-in state and not the sync consent
- [Merge 96] Site Storage Controls: Add remove metrics by sauski
- [M96 Merge] Card Unmask Authentication Selection Dialog Metrics
- ComputeContainerNode -> AnchorNode for ScopedForcedUpdate
- Disable release fences since they caused a graphical glitch in lacros
- [M96] Deleting unused field: `FetchEventPreloadHandle::url_loader`.
- [M96 Merge] Make TextOffsetMapping to handle SVG element correctly
- app_restore: Add default value for display id when launch ghost window
- [Merge-M96] [CrOS] Turn off base::Feature kDefaultCalculatorWebApp for M96.
- [merge-m96] [CrOS] Update help_app to BPQAq0LqR4VGeH0ANPn4ci0kkBTVzaLB3ewqcZtRacQC M96 "Reporting: Fix healthd callback not being called""
- [merge-96] [memories] Clear keyword cache when history items are deleted.
- [M96] Avoid scrolling from space key when a form field is in focus.
- [M96 Merge] [VCN] Add card unmask metrics by Siyu An
- Update test certs
- Fix crash in ContentSettingsToRequestType()
- [Merge 96] [memories] Hard cap visit count at kMaxVisitsToCluster
- CacheStorage: Store partial opaque responses.
- [M96 Merge] Fix Crash When Card Unmask Authentication Selection Dialog Displays With No Challenge Options
- content-visibility: Improve interactions with top layer.
- [VirtualCards] Add margin between authenticator icon and description
- Pin linux-chromeos-rel's tryjobs to 8 core machines.
- Updating XTBs based on .GRDs from branch 4664
- [Extensions] Fix a crash when background type is changed from SW to other
Google Chrome 95.0.4638.69
Security Fixes:
- High CVE-2021-37997 : Use after free in Sign-In
- High CVE-2021-37998 : Use after free in Garbage Collection
- High CVE-2021-37999 : Insufficient data validation in New Tab Page
- High CVE-2021-38000 : Insufficient validation of untrusted input in Intents
- High CVE-2021-38001 : Type Confusion in V8
- High CVE-2021-38002 : Use after free in Web Transport
- High CVE-2021-38003 : Inappropriate implementation in V8
Various fixes from internal audits, fuzzing and other initiatives:
- [mojo] Downgrade Mojo handle assertion to DCHECK
- [RBD] Fix cart extraction
- Updating XTBs based on .GRDs from branch 4638
- Prevent ::first-line from styling prefilled values
- Updating XTBs based on .GRDs from branch 4638
- [M95] Regenerate config with updated lucicfg
- [Sheriff/M95] Mark some oopr tests as flaky
- Updating XTBs based on .GRDs from branch 4638
- Disable QuicTransport explicitly in the Network Service
- Merge to M95 release branch: Fix glibc dependency addition
- [mojo] Validate INTRODUCE source node
- Updating XTBs based on .GRDs from branch 4638
- [Merge to 95] Change CHECK for rfh_restored_from_back_forward_cache_ to if condition
- Fix Use-After-Free in ForceSigninVerifier
- [M95] Merge fixes for silently redirecting to other browsers
- Merge M95: [wmp_ms] Add support for ARGB software frames to copy-on-pause
- Force kReadingListMessages flag for testContextMenuSwitch
- [M95][realbox] Treat suggestion answers as text without HTML markup
- [M95] Remove the use_gitiles_trigger experiment
Google Chrome 95.0.4638.54
Security Fixes:
- High CVE-2021-37981 : Heap buffer overflow in Skia
- High CVE-2021-37982 : Use after free in Incognito
- High CVE-2021-37983 : Use after free in Dev Tools
- High CVE-2021-37984 : Heap buffer overflow in PDFium
- High CVE-2021-37985 : Use after free in V8
- Medium CVE-2021-37986 : Heap buffer overflow in Settings
- Medium CVE-2021-37987 : Use after free in Network APIs
- Medium CVE-2021-37988 : Use after free in Profiles
- Medium CVE-2021-37989 : Inappropriate implementation in Blink
- Medium CVE-2021-37990 : Inappropriate implementation in WebView
- Medium CVE-2021-37991 : Race in V8
- Medium CVE-2021-37992 : Out of bounds read in WebAudio
- Medium CVE-2021-37993 : Use after free in PDF Accessibility. Ltd. on 2021-10-02
- Medium CVE-2021-37996 : Insufficient validation of untrusted input in Downloads
- Low CVE-2021-37994 : Inappropriate implementation in iFrame Sandbox
- Low CVE-2021-37995 : Inappropriate implementation in WebApp Installer
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 94.0.4606.81
- Revert "Do not restore scroll from history if page scrolled between navigation start and commit"
- [omnibox] [bookmark-paths] [short-bookmarks] Revert enable by default
- Fixed crash when adding all bookmarks to new group by Federico Paredes
- [Private Network Access] Disable secure context restriction on webview
- 5b51932 Updating XTBs based on .GRDs from branch 4606
- [merge-m94] [CrOS] Update media_app to coGiL8g_-jt1wKvzRoHIKonIrEXHPsTqmrLgG12siTgC
- [lacros skew tests] Refresh skew tests for M96
- Lens and Voice: Fix tracking and presentation on Search Activity.
- Updating XTBs based on .GRDs from branch 4606
- [Merge to M94] Use WeakPtr for rfh_restored_from_back_forward_cache_ in NavigationRequest
- Use DSE origin for a microphone activity indicator in NTP.ago
- [Merge M-94] mojo: CHECK when array has too many elements to serialize
- 4606: Disable failing ExtensionSettingsApiTest.ManagedStorageEvents test
- Updating XTBs based on .GRDs from branch 4606
- [Android][MFill][Payments] Remove caches from credit card controller
- [lacros skew tests] Refresh skew tests for M96
- XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- Tell clang not to devirtualize TargetServices
- [GMNext] Fix omnibox selection highlight color for Lollipop
- android: handle unusual classloaders correctly
- Temporarily supply a default for primary bg color
- 1320012 Return empty ShoppingPersistedTabData instead of null
- [TTS] Fix tap not dismissing after Long-press
- [TTS] Fix Smart Selection w/ unintelligent search
- Record TabGridSwitched for price drops in the correct place
- Remove extra header from "interests" and "hidden" management pages
- [Merge M94] Initialize font manager when renderer starts
- [Start] Fix location bar width by updating visuals.
- [Merge to M94]bento_bar: Add a boolean histogram Ash.Desks.BentoBarIsVisible
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- [Cherry-pick to M94] Allow reinstallation of SODA
- [ios] Add Tab.RendererTermination.TotalTabCount
- [iOS] Add feature flag for setting request attribution
- ios: Optimize calls to reloadInputViews in autofill
- [M94][ash-chrome] Fix crash in chromeos::LocaleChangeGuard::OnLogin
- Reland: [iOS] Mark requests sent to WKWebView as being user-initiated
- Updating XTBs based on .GRDs from branch 4606
- [M94][CrOSSharingHub] Close sharesheet if tab is closed by
- [lacros skew tests] Refresh skew tests for M96
Security fixes:
- High CVE-2021-37977 : Use after free in Garbage Collection
- High CVE-2021-37978 : Heap buffer overflow in Blink
- High CVE-2021-37979 : Heap buffer overflow in WebRTC
- High CVE-2021-37980 : Inappropriate implementation in Sandbox
Google Chrome 94.0.4606.71
- [M94 merge] personalization: Sync Wallpaper on user's new device.
- [Merge to M94] Prevents non-browser processes from requesting memory dumps.
- Turn off fractional line-height feature
- [Merge 94] Crash fix: do not use parent chain during aria-owns validity check
- [iOS] Cancel touches when displaying context menu
- Stop Chrome crashing: Disable WindowCaptureMacV2
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- [Sheriff] Disable PopupBlockerBrowserTest.PrintPreviewPopUnder
- Revert "Cancel impl-side scroll animation when we get a programmatic..."
- [Merge M94] Observe WebContents in PPAPIDownloadRequest
- Updating XTBs based on .GRDs from branch 4606
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- Temporarily add win10-rel-orchestrator/compilator to m94
- [Sheriff] Disable flaky test on all platforms.
- [Merge to M94] Avoid potential CHECK in TtsExtensionEngineChromeOS
- [WebAPK] Pass icon data as byte arrays through JNI.
- [M94] Collect sizes of direct children of profile data directory.
- [lacros skew tests] Refresh skew tests for M96
- [CrOS WebAPKs] Don't create WebApkManager when Web Apps are disabled
- heap: Fix write barrier for HashTable backing store
- [lacros skew tests] Refresh skew tests for M96
- [M94][ash-chrome] Restore HIDDetectionScreenDisabledAfterRestartTest(s)
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- [web-engine] Push device change notification to system monitor
- [Merge to M94]bento_bar: Counting the number of target users of the experiment
- [94]: Disable failing AppListRemoveSpaceSyncCompatibilityTest.Basics.
- [94] Disable failing KioskUpdateTest.IncompliantPlatformDelayInstall.
- [M94] vaapi: fix use-after-frees
- [Sheriff] Disable flaky ProfilePicker test
- [ios] Cleanup //ios/chrome/app:chrome target
Google Chrome 94.0.4606.61
- Kill a renderer if it provides an unexpected FrameOwnerElementType
- Fix a crash in GpuChannelManager::OnContextLost
- [Sheriff] Disable flaky ProfilePicker test
- [SHERIFF] Disable failing ProfileManagerBrowserTest.AddMultipleProfiles
- [M94] Ash is ready file in test_ash_chrome
- [94]: Bump RDB results experiment to 100% for CI and try
- Updating XTBs based on .GRDs from branch 4606
- Updating XTBs based on .GRDs from branch 4606
- Disable TestClonedInstallClientIdReset in browser_test
- Disable IncognitoSSLHostStateDelegateTest.AfterRestartHttp
- Updating XTBs based on .GRDs from branch 4606
- tracing: Fix browser crash on socket connection failure on CrOS
- Updating XTBs based on .GRDs from branch 4606
- Disable WebXrVrTransitionTest#testPresentationPromiseRejected
Security fixes:
- High CVE-2021-37973 : Use after free in Portals
Google Chrome 94.0.4606.54
Security Fixes:
- High CVE-2021-37956: Use after free in Offline use
- High CVE-2021-37957 : Use after free in WebGPU
- High CVE-2021-37958 : Inappropriate implementation in Navigation
- High CVE-2021-37959 : Use after free in Task Manager
- High CVE-2021-37960 : Inappropriate implementation in Blink graphics
- Medium CVE-2021-37961 : Use after free in Tab Strip
- Medium CVE-2021-37962 : Use after free in Performance Manager
- Medium CVE-2021-37963 : Side-channel information leakage in DevTools
- Medium CVE-2021-37964 : Inappropriate implementation in ChromeOS Networking
- Medium CVE-2021-37965 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37966 : Inappropriate implementation in Compositing
- Medium CVE-2021-37967 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37968 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37969 : Inappropriate implementation in Google Updater
- Medium CVE-2021-37970 : Use after free in File System API
- Low CVE-2021-37971 : Incorrect security UI in Web Browser UI
- Low CVE-2021-37972 : Out of bounds read in libjpeg-turbo
As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
Google Chrome 93.0.4577.82
- Sync: Reset unreasonably-short polling intervals
- M93: [IndexedDB] Don't ReportBadMessage for Commit calls
- M93: [IndexedDB] Add browser-side checks for committing transactions. [ChromeCart] Add rate control for cart content extraction
- Updating XTBs based on .GRDs from branch 4577
- [BackgroundFetch] Pass a copy of the job ID string to cancel event
- Roll ChromeOS Bigcore AFDO profile from 93-4577.69-1630924723-benchmark-93.0.4577.77-r1 to 93-4577.69-1630924723-benchmark-93.0.4577.80-r1
- Merge "FIELDSET: Fix a crash on dynamic changes of pseudo elements" to M93 branch
- Incrementing VERSION to 93.0.4577.80
- M93: Enable RDB experiment for 5% of all CI and try builds
- Merge 4577: Apply list item quirks only when the nested list is block-level
- [layout] Remove limit from LayoutInline::SplitInlines
- Skip WebGL conformance/programs/program-test.html on all platforms
- Rename ci/mac{,11}-arm64-rel-tests try/mac{,11}-arm64-rel
- Check if profile manager initialized when checking profile
- [ContentIndex] Add Origin checks to mojo methods
- [Merge to M93][bfcache] Remove DumpWithoutCrashing for race conditions
- [Merge to M93] Ignore OnCreateChildFrame when we're missing RVH for proxy creation
- [Merge to M93] Stop crashing when OldPageInfo is sent to non-main frames
- [CCT] Fix white background issue for the rounded corner
- Updating XTBs based on .GRDs from branch 4577
- Incrementing VERSION to 93.0.4577.79
- [M93 Merge] Fix window focus bug on Windows due to a Linux fix
- Remove invalid Terminal app registration pref
- [GMNext] Add android:popupMenuStyle attr for translate infobar
- Disable overscroll when prefers-reduced-motion is set
- [M93 Cherry-Pick] Reland "[Paint Preview] Fix bitmap locking"
- Fix crash trying to observe gesture event when animations disabled
- [M93 merge] compositor: fix bug in sending damage regions
- Tweak android overscroll stretch parameters
- Updating XTBs based on .GRDs from branch 4577 by Ben Mason
- ReadingList Sync: Fix ping-pong-prone logic
- Fix a crash in SavedPasswordsPresenter
- Ensure ShowBubble is a no-op if already showing
- [M93 Merge][tab strip] Move WebContentsDelegate logic to the TabStripPageHandler by tom
- Updating XTBs based on .GRDs from branch 4577
- Ios: Speculative fix for viewWillTransitionToSize crash
- Roll src/third_party/libavif/src/ f8b782aad..efed11856 (16 commits)
- Content-visibility: Force range base/extent when computing visual selection
- [M93] X11: fix tab drag
- M93: [X11] Coalesce mouse motion events when dragging
- Invalidate for changed PaintedOutputInvisible when a PaintLayer is removed
- [segmentation_platform] Fixed segment selector |is_ready|
- [RBD] Avoid appending multiple utm_source tags
- [Start] Add two new variations.
- Updating XTBs based on .GRDs from branch 4577
- [M93 merge] webui: make WebUIAllowlist and WebUIAllowlistProvider thread-safe
- [Messages] Update popup block primary action button text
- [M93] Remove the glob for generated/luci-milo*.cfg
- [M93] Generate the LUCI services configs into a luci subdirectory
- [Fuchsia][M93 merge] Fix FuchsiaAudioRenderer to handle PCM streams correctly
- [M93] Reject AudioData invalid indexes
- [M93] [WebCodecs] Implement support for converting AudioData to float32
- Provide reason for BottomSheetObserver.onSheetStateChanged
Google Chrome 93.0.4577.63
Security Fixes:
- High CVE-2021-30606: Use after free in Blink.
- High CVE-2021-30607: Use after free in Permissions.
- High CVE-2021-30608: Use after free in Web Share.
- High CVE-2021-30609: Use after free in Sign-In.
- N/A1200440 High CVE-2021-30610: Use after free in Extensions API.
- Medium CVE-2021-30611: Use after free in WebRTC.
- Medium CVE-2021-30612: Use after free in WebRTC.
- Medium CVE-2021-30613: Use after free in Base internals.
- Medium CVE-2021-30614: Heap buffer overflow in TabStrip.
- Medium CVE-2021-30615: Cross-origin data leak in Navigation.
- Medium CVE-2021-30616: Use after free in Media.
- Medium CVE-2021-30617: Policy bypass in Blink.
- Medium CVE-2021-30618: Inappropriate implementation in DevTools.
- Medium CVE-2021-30619: UI Spoofing in Autofill.
- NA1063518 Medium CVE-2021-30620: Insufficient policy enforcement in Blink.
- NA1204722 Medium CVE-2021-30621: UI Spoofing in Autofill.
- NA1224419 Medium CVE-2021-30622: Use after free in WebApp Installs.
- Low CVE-2021-30623: Use after free in Bookmarks.
- TBD1230513 Low CVE-2021-30624: Use after free in Autofill.
Various fixes from internal audits, fuzzing and other initiatives:
- [Win] Notify TextInputClient about input type change during Omnibox init
- MediaStreamVideoTrack::GetCaptureHandle: Check WeakPtr before dereferencing
- Migrate PermissionChip to OnWidgetDestroying
- Merge 93: Null check to fix crash in PlatformGetParent
- Updating XTBs based on .GRDs from branch 4577
- [M93] Stop exporting test results to `luci-resultdb.chromium.*`
- Updating XTBs based on .GRDs from branch 4577
- [Merge to M93] bento_bar: Consolidate window state with the bento bar
- [Merge M93] Fix parameter validation for chrome.tcpServer.getInfo()
- [M93] Cleanup branched builders on chromium.fyi console.
- Fix eventsource/format-utf-8.htm wpt
- [Fuchsia][M93 merge] Fix --shared-array-buffer-allowed-origins for worklets
- [CSN] Tweak element paddings
- [CSN] Do not trigger on tablets
- Revert "Stop setting kStabilityExitedCleanly to true in InitializeMetricsState."
- Updati |
