Google Chrome x64 Version 138.0.7204.101
Tuesday; July 8; 2025$$$The Stable channel has been updated to 138.0.7204.100/.101 for Windows; Mac and 138.0.7204.100 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$
Google Chrome x64 Version 138.0.7204.97
Monday; June 30; 2025$$$The Stable channel has been updated to 138.0.7204.96/.97 for Windows; 138.0.7204.92/.93 for Mac and 138.0.7204.96 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted $$$$$$until a majority of users are updated with a fix. We will also retain $$$$$$restrictions if the bug exists in a third party library that other projects$$$$$$similarly depend on; but haven’t yet fixed.$$$$$$$$$$$$This update includes 1 security fix. $$$$$$Below; we highlight fixes that were contributed by external researchers. $$$$$$Please see the Chrome Security Page for more information.$$$$$$$$$$$$[NA][427663123] High CVE-2025-6554: Type Confusion in V8. $$$$$$Reported by Clément Lecigne of Googles Threat Analysis Group on 2025-06-25.$$$$$$This issue was mitigated on 2025-06-26 by a configuration change$$$$$$pushed out to Stable channel across all platforms.$$$$$$$$$Google is aware that an exploit for CVE-2025-6554 exists in the wild.$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$Krishna Govind$$$Google Chrome
Google Chrome x64 Version 138.0.7204.97
Monday; June 30; 2025$$$The Stable channel has been updated to 138.0.7204.96/.97 for Windows; 138.0.7204.92/.93 for Mac and 138.0.7204.96 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted $$$$$$until a majority of users are updated with a fix. We will also retain $$$$$$restrictions if the bug exists in a third party library that other projects$$$$$$similarly depend on; but haven’t yet fixed.$$$$$$$$$$$$This update includes 1 security fix. $$$$$$Below; we highlight fixes that were contributed by external researchers. $$$$$$Please see the Chrome Security Page for more information.$$$$$$$$$$$$[NA][427663123] High CVE-2025-6554: Type Confusion in V8. $$$$$$Reported by Clément Lecigne of Googles Threat Analysis Group on 2025-06-25.$$$$$$This issue was mitigated on 2025-06-26 by a configuration change$$$$$$pushed out to Stable channel across all platforms.$$$$$$$$$Google is aware that an exploit for CVE-2025-6554 exists in the wild.$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$Krishna Govind$$$Google Chrome
Google Chrome x64 Version 138.0.7204.50
Stable Channel Update for Desktop$$$Tuesday; June 24; 2025$$$The Chrome team is delighted to announce the promotion of Chrome 138 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 138.0.7204.49 (Linux) 138.0.7204.49/50 Windows and Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 138.$$$$$$Extended stable channel has also been updated to 138.0.7204.50 for Win/Mac$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed$$$$$$$$$$$$This update includes 11 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$4000][407328533] Medium CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane (rebane2001) on 2025-03-30$$$$$$[$1000][40062462] Low CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim on 2023-01-02$$$$$$[$1000][406631048] Low CVE-2025-6557: Insufficient data validation in DevTools. Reported by Ameen Basha M K on 2025-03-27$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[427296461] Various fixes from internal audits; fuzzing and other initiatives$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 138.0.7204.50
Stable Channel Update for Desktop$$$Tuesday; June 24; 2025$$$The Chrome team is delighted to announce the promotion of Chrome 138 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 138.0.7204.49 (Linux) 138.0.7204.49/50 Windows and Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 138.$$$$$$Extended stable channel has also been updated to 138.0.7204.50 for Win/Mac$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed$$$$$$$$$$$$This update includes 11 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$4000][407328533] Medium CVE-2025-6555: Use after free in Animation. Reported by Lyra Rebane (rebane2001) on 2025-03-30$$$$$$[$1000][40062462] Low CVE-2025-6556: Insufficient policy enforcement in Loader. Reported by Shaheen Fazim on 2023-01-02$$$$$$[$1000][406631048] Low CVE-2025-6557: Insufficient data validation in DevTools. Reported by Ameen Basha M K on 2025-03-27$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[427296461] Various fixes from internal audits; fuzzing and other initiatives$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 137.0.7151.120
Stable Channel Update for Desktop$$$Tuesday; June 17; 2025$$$The Stable channel has been updated to 137.0.7151.119/.120 for Windows; Mac and 137.0.7151.119 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$$$$[$7000][420697404] High CVE-2025-6191: Integer overflow in V8. Reported by Shaheen Fazim on 2025-05-27$$$$$$[$4000][421471016] High CVE-2025-6192: Use after free in Profiler. Reported by Chaoyuan Peng (@ret2happy) on 2025-05-31$$$$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[425443272] Various fixes from internal audits; fuzzing and other initiatives$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$Prudhvikumar Bommana$$$Google Chrome
Google Chrome x64 Version 137.0.7151.69
Stable Channel Update for Desktop$$$Monday; June 2; 2025$$$ The Stable channel has been updated to 137.0.7151.68/.69 for Windows; Mac and 137.0.7151.68 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Google Chrome x64 Version 137.0.7151.56
Stable Channel Update for Desktop$$$Tuesday; May 27; 2025$$$The Chrome team is delighted to announce the promotion of Chrome 137 to the stable channel for Windows; Mac and Linux. $$$$$$Chrome 137.0.7151.55 (Linux) 137.0.7151.55/56 Windows and Mac contains a number of fixes and improvements -- a list of changes is available in the https://chromium.googlesource.com/chromium/src/+log/136.0.7103.116..137.0.7151.55?pretty=fuller&n=10000. Watch out for upcoming Chrome (https://chrome.blogspot.com/) and Chromium (https://blog.chromium.org/) blog posts about new features and big efforts delivered in 137.$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 11 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page (https://www.chromium.org/Home/chromium-security) for more information.$$$$$$High CVE-2025-5063: Use after free in Compositing. $$$High CVE-2025-5280: Out of bounds write in V8. $$$Medium CVE-2025-5064: Inappropriate implementation in Background Fetch API. $$$Medium CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. $$$Medium CVE-2025-5066: Inappropriate implementation in Messages. $$$Medium CVE-2025-5281: Inappropriate implementation in BFCache.$$$Medium CVE-2025-5283: Use after free in libvpx.$$$Low CVE-2025-5067: Inappropriate implementation in Tab Strip. $$$$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[419294325] Various fixes from internal audits; fuzzing and other initiatives$$$$$$
Google Chrome x64 Version 136.0.7103.114
Stable Channel Update for Desktop$$$Wednesday; May 14; 2025$$$ The Stable channel has been updated to 136.0.7103.113/.114 for Windows; Mac and 136.0.7103.113 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[N/A][415810136] High CVE-2025-4664: Insufficient policy enforcement in Loader. Source: X post from @slonser_ on 2025-05-05$$$[TBD][412578726] High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Reported by Micky on 2025-04-22$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel$$$Google is aware that knowledge of CVE-2025-4664 exists in the wild.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[417268830] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Google Chrome x64 Version 136.0.7103.93
Stable Channel Update for Desktop$$$Tuesday; May 6; 2025$$$The Stable channel has been updated to 136.0.7103.92/.93 for Windows; Mac and 136.0.7103.92 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$7000][412057896] Medium CVE-2025-4372: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-04-20$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[415837391] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 136.0.7103.49
Stable Channel Update for Desktop$$$Tuesday; April 29; 2025$$$The Chrome team is delighted to announce the promotion of Chrome 136 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 136.0.7103.59 (Linux) 136.0.7103.48/49 Windows and Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 136.$$$$$$$$$Extended stable channel has been updated to 136.0.7103.48/49 for Windows and Mac and will roll out over coming days/weeks$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 8 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$5000][409911705] High CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11$$$[$2000][409342999] Medium CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09$$$[$2000][404000989] Medium CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-16$$$[$1000][401927528] Low CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10
Google Chrome x64 Version 135.0.7049.115
Stable Channel Update for Desktop$$$Tuesday; April 22; 2025$$$ The Stable channel has been updated to 135.0.7049.114/.115 for Windows; Mac and 135.0.7049.114 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 1 security fix. Please see the Chrome Security Page for more information.$$$Our ongoing internal security work was responsible for a wide range of fixes:$$$[412443038] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 135.0.7049.96
Stable Channel Update for Desktop$$$Tuesday; April 15; 2025$$$ The Stable channel has been updated to 135.0.7049.95/.96 for Windows; Mac and 135.0.7049.95 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[TBD][409619251] Critical CVE-2025-3619: Heap buffer overflow in Codecs. Reported by Elias Hohl on 2025-04-09$$$$$$[TBD][405292639] High CVE-2025-3620: Use after free in USB. Reported by @retsew0x01 on 2025-03-21
Google Chrome x64 Version 135.0.7049.85
This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$4000][405140652] High CVE-2025-3066: Use after free in Site Isolation. Reported by Sven Dysthe (@svn-dys) on 2025-03-21
Google Chrome x64 Version 135.0.7049.42
Stable Channel Update for Desktop$$$Tuesday; April 1; 2025$$$The Chrome team is delighted to announce the promotion of Chrome 135 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 135.0.7049.52 (Linux) 135.0.7049.41/42 Windows and Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 135.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 14 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[TBD][405140652] High CVE-2025-3066: Use after free in Navigations. Reported by Sven Dysthe (@svn-dys) on 2025-03-21$$$$$$[$10000][376491759] Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31$$$$$$[$2000][401823929] Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-09$$$$$$[$1000][40060076] Medium CVE-2025-3069: Inappropriate implementation in Extensions. Reported by NDevTK on 2022-06-26$$$$$$[$1000][40086360] Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions. Reported by Anonymous on 2017-01-01$$$$$$[$2000][40051596] Low CVE-2025-3071: Inappropriate implementation in Navigations. Reported by David Erceg on 2020-02-23$$$$$$[$1000][362545037] Low CVE-2025-3072: Inappropriate implementation in Custom Tabs. Reported by Om Apip on 2024-08-27$$$$$$[$500][388680893] Low CVE-2025-3073: Inappropriate implementation in Autofill. Reported by Hafiizh on 2025-01-09$$$$$$[$500][392818696] Low CVE-2025-3074: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-01-28
Google Chrome x64 Version 134.0.6998.178
Stable Channel Update for Desktop$$$Tuesday; March 25; 2025$$$Security Fixes$$$This update includes 1 security fix. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page (https://www.chromium.org/Home/chromium-security) for more information.$$$[TBD][405143032] High CVE-2025-2783: Incorrect handle provided in unspecified circumstances in Mojo on Windows. $$$$$$Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild.
Google Chrome x64 Version 134.0.6998.166
Stable Channel Update for Desktop$$$Friday; March 21; 2025$$$The Stable channel has been updated to 134.0.6998.165/.166 for Windows; Mac and 134.0.6998.165 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$Extended stable channel has been updated to 134.0.6998.166 for Win/Mac and will roll out over coming days/weeks$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$$$$$$$$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 134.0.6998.118
Stable Channel Update for Desktop$$$Wednesday; March 19; 2025$$$The Stable channel has been updated to 134.0.6998.117/.118 for Windows; Mac and 134.0.6998.117 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$Extended stable channel has been updated to 134.0.6998.89 for Win/Mac and will roll out over coming days/weeks$$$$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[TBD][401029609] Critical CVE-2025-2476: Use after free in Lens. Reported by SungKwon Lee of Enki Whitehat on 2025-03-05$$$$$$[404324707] Various fixes from internal audits; fuzzing and other initiatives$$$
Google Chrome x64 Version 134.0.6998.89
Stable Channel Update for Desktop$$$Monday; March 10; 2025$$$The Stable channel has been updated to 134.0.6998.88/.89 for Windows; Mac and 134.0.6998.88 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$Extended stable channel has been updated to 134.0.6998.89 for Win/Mac and will roll out over coming days/weeks$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 5 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$7000][398065918] High CVE-2025-1920: Type Confusion in V8. Reported by Excello s.r.o. on 2025-02-21$$$[TBD][400052777] High CVE-2025-2135: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2025-03-02$$$[NA][401059730] High CVE-TBD: Out of bounds write in GPU. Reported on 2025-03-05$$$[$3000][395032416] Medium CVE-2025-2136: Use after free in Inspector. Reported by Sakana.S on 2025-02-10$$$[$2000][398999390] Medium CVE-2025-2137: Out of bounds read in V8. Reported by zeroxiaobai@ on 2025-02-25$$$
Google Chrome x64 Version 134.0.6998.36
Stable Channel Update for Desktop$$$Tuesday; March 4; 2025$$$ The Chrome team is delighted to announce the promotion of Chrome 134 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 134.0.6998.35 (Linux) 134.0.6998.35/36 ( Windows) 134.0.6998.44/45 (Mac) contains a number of fixes and improvements.$$$Security Fixes and Rewards$$$$$$This update includes 14 security fixes. $$$[397731718] High CVE-2025-1914: Out of bounds read in V8.$$$[391114799] Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools.$$$[376493203] Medium CVE-2025-1916: Use after free in Profiles. $$$[329476341] Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. $$$[388557904] Medium CVE-2025-1918: Out of bounds read in PDFium.$$$[392375312] Medium CVE-2025-1919: Out of bounds read in Media.$$$[387583503] Medium CVE-2025-1921: Inappropriate Implementation in Media Stream. $$$[384033062] Low CVE-2025-1922: Inappropriate Implementation in Selection. $$$[382540635] Low CVE-2025-1923: Inappropriate Implementation in Permission Prompts.$$$$$$internal security work was responsible for a wide range of fixes:$$$[400559715] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 133.0.6943.142
The Stable channel has been updated to 133.0.6943.141/.142 for Windows$$$Security Fixes and Rewards$$$This update includes 1 security fix.
Google Chrome x64 Version 133.0.6943.127
Stable Channel Update for Desktop$$$Tuesday; February 18; 2025$$$The Stable channel has been updated to 133.0.6943.126/.127 for Windows; Mac and 133.0.6943.126 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$11000][394350433] High CVE-2025-0999: Heap buffer overflow in V8. Reported by Seunghyun Lee (@0x10n) on 2025-02-04$$$$$$[TBD][383465163] High CVE-2025-1426: Heap buffer overflow in GPU. Reported by un3xploitable && GF on 2024-12-11$$$$$$[$4000][390590778] Medium CVE-2025-1006: Use after free in Network. Reported by Tal Keren; Sam Agranat; Eran Rom; Edouard Bochin; Adam Hatsir of Palo Alto Networks on 2025-01-18
Google Chrome x64 Version 133.0.6943.99
The Stable channel has been updated to 133.0.6943.98/.99 for Windows; Mac and 133.0.6943.98 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$55000][391907159] High CVE-2025-0995: Use after free in V8. Reported by Popax21 on 2025-01-24$$$$$$[TBD][391788835] High CVE-2025-0996: Inappropriate implementation in Browser UI. Reported by yuki yamaoto on 2025-01-23$$$$$$[TBD][391666328] High CVE-2025-0997: Use after free in Navigation. Reported by asnine on 2025-01-23$$$$$$[TBD][386857213] High CVE-2025-0998: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-31
Google Chrome x64 Version 133.0.6943.60
Release notes not yet updated by vendor
Google Chrome x64 Version 133.0.6943.54
Stable Channel Update for Desktop$$$Tuesday; February 4; 2025$$$The Chrome team is delighted to announce the promotion of Chrome 133 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 133.0.6943.53 (Linux) 133.0.6943.53/54( Windows; Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 133.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 12 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$7000][390889644] High CVE-2025-0444: Use after free in Skia. Reported by Francisco Alonso (@revskills) on 2025-01-19$$$$$$[TBD][392521083] High CVE-2025-0445: Use after free in V8. Reported by 303f06e3 on 2025-01-27$$$$$$[$2000][40061026] Medium CVE-2025-0451: Inappropriate implementation in Extensions API. Reported by Vitor Torres and Alesandro Ortiz on 2022-09-18$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[394135363]Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.
Google Chrome x64 Version 132.0.6834.160
Stable Channel Update for Desktop$$$Tuesday; January 28; 2025$$$The Stable channel has been updated to 132.0.6834.159/160 for Windows; Mac and 132.0.6834.159 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The extended stable channel has been updated to 132.0.6834.160( Windows; Mac) and will roll out over the coming days/weeks.$$$$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$2000][384844003] Medium CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S on 2024-12-18$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[392630675] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Google Chrome x64 Version 132.0.6834.111
Stable Channel Update for Desktop$$$Wednesday; January 22; 2025$$$The Stable channel has been updated to 132.0.6834.110/111 for Windows; Mac and 132.0.6834.110 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$The extended stable channel has been updated to 132.0.6834.110/111( Windows; Mac) and will roll out over the coming days/weeks.$$$$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$11000][386143468] High CVE-2025-0611: Object corruption in V8. Reported by 303f06e3 on 2024-12-26$$$$$$[$8000][385155406] High CVE-2025-0612: Out of bounds memory access in V8. Reported by Alan Goodman on 2024-12-20$$$$$$[391144311] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 132.0.6834.84
Stable Channel Update for Desktop$$$Tuesday; January 14; 2025$$$The Chrome team is delighted to announce the promotion of Chrome 132 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 132.0.6834.83 (Linux) 132.0.6834.83/84( Windows; Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 132.$$$$$$The extended stable channel has been updated to 132.0.6834.83/84( Windows; Mac) and will roll out over the coming days/weeks.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 16 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$7000][374627491] High CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21$$$[$7000][379652406] High CVE-2025-0435: Inappropriate implementation in Navigation. Reported by Alesandro Ortiz on 2024-11-18$$$[$3000][382786791] High CVE-2025-0436: Integer overflow in Skia. Reported by Han Zheng (HexHive) on 2024-12-08$$$[$2000][378623799] High CVE-2025-0437: Out of bounds read in Metrics. Reported by Xiantong Hou of Wuheng Lab and Pisanbao on 2024-11-12$$$[TBD][384186539] High CVE-2025-0438: Stack buffer overflow in Tracing. Reported by Han Zheng (HexHive) on 2024-12-15$$$[$5000][371247941] Medium CVE-2025-0439: Race in Frames. Reported by Hafiizh on 2024-10-03$$$[$5000][40067914] Medium CVE-2025-0440: Inappropriate implementation in Fullscreen. Reported by Umar Farooq on 2023-07-22$$$[$2000][368628042] Medium CVE-2025-0441: Inappropriate implementation in Fenced Frames. Reported by someoneverycurious on 2024-09-21$$$[$2000][40940854] Medium CVE-2025-0442: Inappropriate implementation in Payments. Reported by Ahmed ElMasry on 2023-11-08$$$[$1000][376625003] Medium CVE-2025-0443: Insufficient data validation in Extensions. Reported by Anonymous on 2024-10-31$$$[$1000][359949844] Low CVE-2025-0446: Inappropriate implementation in Extensions. Reported by Hafiizh on 2024-08-15$$$[$1000][375550814] Low CVE-2025-0447: Inappropriate implementation in Navigation. Reported by Khiem Tran (@duckhiem) on 2024-10-25$$$[$1000][377948403] Low CVE-2025-0448: Inappropriate implementation in Compositing. Reported by Dahyeon Park on 2024-11-08
Google Chrome x64 Version 131.0.6778.265
Stable Channel Update for Desktop$$$Tuesday; January 7; 2025$$$The Stable channel has been updated to 131.0.6778.264/.265 for Windows; Mac and 131.0.6778.264 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$55000][383356864] High CVE-2025-0291: Type Confusion in V8. Reported by Popax21 on 2024-12-11$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[388088544] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 131.0.6778.205
Stable Channel Update for Desktop$$$Wednesday; December 18; 2024$$$ The Stable channel has been updated to 131.0.6778.204/.205 for Windows; Mac and 131.0.6778.204 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 5 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$55000][382291459] High CVE-2024-12692: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-12-05$$$[$20000][382190919] High CVE-2024-12693: Out of bounds memory access in V8. Reported by 303f06e3 on 2024-12-04$$$[TBD][368222741] High CVE-2024-12694: Use after free in Compositing. Reported by Anonymous on 2024-09-19$$$[TBD][383647255] High CVE-2024-12695: Out of bounds write in V8. Reported by 303f06e3 on 2024-12-12$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[384734545] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.
Google Chrome x64 Version 131.0.6778.140
Stable Channel Update for Desktop$$$Tuesday; December 10; 2024$$$ The Stable channel has been updated to 131.0.6778.139/.140 for Windows; Mac and 131.0.6778.139 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$55000][381696874] High CVE-2024-12381: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-12-02$$$$$$[TBD][379516109] High CVE-2024-12382: Use after free in Translate. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-11-18$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[383165073] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 131.0.6778.109
Stable Channel Update for Desktop$$$Tuesday; December 3; 2024$$$The Stable channel has been updated to 131.0.6778.108/.109 for Windows; Mac and 131.0.6778.108 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$8000][379009132] High CVE-2024-12053: Type Confusion in V8. Reported by gal1ium and chluo on 2024-11-14$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[381909656] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$Prudhvikumar Bommana$$$Google Chrome
Google Chrome x64 Version 131.0.6778.86
Stable Channel Update for Desktop$$$Tuesday; November 19; 2024$$$ The Stable channel has been updated to 131.0.6778.85/.86 for Windows; Mac and 131.0.6778.85 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$8000][377384894] High CVE-2024-11395: Type Confusion in V8. Reported by Anonymous on 2024-11-05$$$$$$
Google Chrome x64 Version 131.0.6778.70
Stable Channel Update for Desktop$$$Tuesday; November 12; 2024$$$The Chrome team is delighted to announce the promotion of Chrome 131 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$Chrome 131.0.6778.69 (Linux) 131.0.6778.69/.70( Windows; Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 131.$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 12 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[TBD][373263969] High CVE-2024-11110: Inappropriate implementation in Blink. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2024-10-14$$$$$$[$1000][360520331] Medium CVE-2024-11111: Inappropriate implementation in Autofill. Reported by Narendra Bhati; Suma Soft Pvt. Ltd - Pune (India) on 2024-08-18$$$$$$[TBD][354824998] Medium CVE-2024-11112: Use after free in Media. Reported by Nan Wang(@eternalsakura13) and Zhenghang Xiao(@Kipreyyy) of 360 Vulnerability Research Institute on 2024-07-23$$$$$$[TBD][360274917] Medium CVE-2024-11113: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-08-16$$$$$$[TBD][370856871] Medium CVE-2024-11114: Inappropriate implementation in Views. Reported by Micky on 2024-10-02$$$$$$[TBD][371929521] Medium CVE-2024-11115: Insufficient policy enforcement in Navigation. Reported by mastersplinter on 2024-10-07$$$$$$[TBD][40942531] Medium CVE-2024-11116: Inappropriate implementation in Paint. Reported by Thomas Orlita on 2023-11-14$$$$$$[TBD][40062534] Low CVE-2024-11117: Inappropriate implementation in FileSystem. Reported by Ameen Basha M K on 2023-01-06$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[378550209] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$Prudhvikumar Bommana$$$Google Chrome
Google Chrome x64 Version 130.0.6723.117
Stable Channel Update for Desktop$$$Tuesday; November 5; 2024$$$The Stable channel has been updated to 130.0.6723.116/.117 for Windows; Mac and 130.0.6723.116 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 130.0.6723.117 for Windows and Mac which will roll out over the coming days/weeks. $$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[TBD][370217726] High CVE-2024-10826: Use after free in Family Experiences. Reported by Anonymous on 2024-09-29$$$[TBD][375065084] High CVE-2024-10827: Use after free in Serial. Reported by Anonymous on 2024-10-23$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome$$$Share on Twitter Share on Facebook$$$Labels: Desktop Update ; Extended Stable updates ; Stable updates$$$Stable Channel Update for Desktop$$$Tuesday; October 29; 2024$$$The Stable channel has been updated to 130.0.6723.91/.92 for Windows; Mac and 130.0.6723.91 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$The Extended Stable channel has been updated to 130.0.6723.92 for Windows and Mac which will roll out over the coming days/weeks. $$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[TBD][375123371] Critical CVE-2024-10487: Out of bounds write in Dawn. Reported by Apple Security Engineering and Architecture (SEAR) on 2024-10-23$$$$$$[TBD][374310077] High CVE-2024-10488: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-10-18$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 130.0.6723.92
Stable Channel Update for Desktop$$$Tuesday; October 29; 2024$$$The Stable channel has been updated to 130.0.6723.91/.92 for Windows; Mac and 130.0.6723.91 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$The Extended Stable channel has been updated to 130.0.6723.92 for Windows and Mac which will roll out over the coming days/weeks. $$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[TBD][375123371] Critical CVE-2024-10487: Out of bounds write in Dawn. Reported by Apple Security Engineering and Architecture (SEAR) on 2024-10-23$$$$$$[TBD][374310077] High CVE-2024-10488: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-10-18$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 130.0.6723.70
Stable Channel Update for Desktop$$$Tuesday; October 22; 2024$$$The Stable channel has been updated to 130.0.6723.69/.70 for Windows; Mac and 130.0.6723.69 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$The Extended Stable channel has been updated to 130.0.6723.70 for Windows and Mac which will roll out over the coming days/weeks. $$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[TBD][371011220] High CVE-2024-10229: Inappropriate implementation in Extensions. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2024-10-02$$$$$$[TBD][371565065] High CVE-2024-10230: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-05$$$$$$[TBD][372269618] High CVE-2024-10231: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-09$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 130.0.6723.59
Stable Channel Update for Desktop$$$Tuesday; October 15; 2024$$$The Stable channel has been updated to 130.0.6723.58/.59 for Windows; Mac and 130.0.6723.58 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 130.0.6723.59 for Windows and Mac which will roll out over the coming days/weeks. $$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$This update includes 17 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$36000][367755363] High CVE-2024-9954: Use after free in AI. Reported by DarkNavy on 2024-09-18$$$$$$[$6000][370133761] Medium CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous on 2024-09-29$$$$$$[$6000][370482421] Medium CVE-2024-9956: Inappropriate implementation in Web Authentication. Reported by mastersplinter on 2024-09-30$$$$$$[$5000][358151317] Medium CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-08$$$$$$[$5000][40076120] Medium CVE-2024-9958: Inappropriate implementation in PictureInPicture. Reported by Lyra Rebane (rebane2001) on 2023-11-02$$$$$$[$4000][368672129] Medium CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S on 2024-09-21$$$$$$[$2000][354748063] Medium CVE-2024-9960: Use after free in Dawn. Reported by Anonymous on 2024-07-23$$$$$$[$2000][357776197] Medium CVE-2024-9961: Use after free in Parcel Tracking. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-06$$$$$$[$1000][364508693] Medium CVE-2024-9962: Inappropriate implementation in Permissions. Reported by Shaheen Fazim on 2024-09-04$$$$$$[TBD][328278718] Medium CVE-2024-9963: Insufficient data validation in Downloads. Reported by Anonymous on 2024-03-06$$$$$$[$3000][361711121] Low CVE-2024-9964: Inappropriate implementation in Payments. Reported by Hafiizh on 2024-08-23$$$$$$[$1000][352651673] Low CVE-2024-9965: Insufficient data validation in DevTools. Reported by Shaheen Fazim on 2024-07-12$$$$$$[$1000][364773822] Low CVE-2024-9966: Inappropriate implementation in Navigations. Reported by Harry Chen on 2024-09-05$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$[373456817] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 129.0.6668.101
Stable Channel Update for Desktop$$$Tuesday; October 8; 2024$$$ The Stable channel has been updated to 129.0.6668.100/.101 for Windows; Mac and 129.0.6668.100 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$55000][368241697] High CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-09-20$$$[TBD][367818758] High CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs on 2024-09-18$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[372089531] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 129.0.6668.90
Stable Channel Update for Desktop$$$Tuesday; October 1; 2024$$$The Stable channel has been updated to 129.0.6668.89/.90 for Windows; Mac and 129.0.6668.89 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$10000][367764861] High CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security on 2024-09-18$$$[TBD][368208152] High CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab on 2024-09-19$$$[TBD][368311899] High CVE-2024-9370: Inappropriate implementation in V8. Reported by Nguy?n Hoàng Th?ch; Ð? Minh Tu?n; and Wu JinLin of STAR Labs SG Pte. Ltd. on 2024-09-19$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[370570301] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 129.0.6668.71
Stable Channel Update for Desktop$$$Tuesday; September 24; 2024$$$The Stable channel has been updated to 129.0.6668.70/.71 for Windows; Mac and 129.0.6668.70 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 5 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Google Chrome x64 Version 129.0.6668.59
Stable Channel Update for Desktop$$$Tuesday; September 17; 2024$$$ The Chrome team is delighted to announce the promotion of Chrome 129 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 129.0.6668.58 (Linux) 129.0.6668.58/.59( Windows; Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 129.
Google Chrome x64 Version 128.0.6613.138
Stable Channel Update for Desktop$$$Tuesday; September 10; 2024$$$The Stable channel has been updated to 128.0.6613.137/.138 for Windows; Mac and 128.0.6613.137 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 128.0.6613.138 for Windows and Mac which will roll out over the coming days/weeks.$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 5 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$15000][361461526] High CVE-2024-8636: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100) on 2024-08-22$$$$$$[$11000][361784548] High CVE-2024-8637: Use after free in Media Router. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-23$$$$$$[TBD][362539773] High CVE-2024-8638: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-08-28$$$$$$[TBD][362658609] High CVE-2024-8639: Use after free in Autofill. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-08-28$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[365619166] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 128.0.6613.120
Stable Channel update for Desktop$$$Monday; September 2; 2024$$$The Stable channel has been updated to 128.0.6613.119/.120 for Windows; Mac and 128.0.6613.119 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 128.0.6613.120 for Windows and Mac which will roll out over the coming days/weeks.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$7000][357391257] High CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-08-05$$$$$$[TBD][358485426] High CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim(@cassidy6564) on 2024-08-09$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[364012614] Various fixes from internal audits; fuzzing and other initiatives$$$$$$
Google Chrome x64 Version 128.0.6613.114
Stable Channel Update for Desktop$$$Wednesday; August 28; 2024$$$ The Stable channel has been updated to 128.0.6613.113/.114 for Windows; Mac and 128.0.6613.113 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 128.0.6613.114 for Windows and Mac which will roll out over the coming days/weeks.$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.
Google Chrome x64 Version 128.0.6613.85
Stable Channel Update for Desktop$$$Wednesday; August 21; 2024$$$The Chrome team is delighted to announce the promotion of Chrome 128 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 128.0.6613.84 (Linux) 128.0.6613.84/.85( Windows; Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 126.$$$Chrome 128.0.6613.84( Windows; Mac) has been pushed to extended stable channel as well$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 38 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$36000][358296941] High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08$$$$$$[$11000][356196918] High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30$$$$$$[$10000][355465305] High CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25$$$$$$[$7000][355731798] High CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024-07-27$$$$$$[$1000][349253666] High CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024-06-25$$$$$$[TBD][351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09$$$$$$[TBD][360700873] High CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC); Microsoft Security Response Center (MSRC) on 2024-08-19$$$$$$[$11000][345960102] Medium CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10$$$$$$[$7000][345518608] Medium CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax on 2024-06-06$$$$$$[$3000][339141099] Medium CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024-05-07$$$$$$[$3000][347588491] Medium CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16$$$$$$[$2000][339654392] Medium CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-10$$$$$$[$1000][324770940] Medium CVE-2024-7977: Insufficient data validation in Installer. Reported by Kim Dong-uk (@justlikebono) on 2024-02-11$$$$$$[$1000][40060358] Medium CVE-2024-7978: Insufficient policy enforcement in Data Transfer. Reported by NDevTK on 2022-07-21$$$$$$[TBD][356064205] Medium CVE-2024-7979: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-29$$$$$$[TBD][356328460] Medium CVE-2024-7980: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-30$$$$$$[$1000][40067456] Low CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023-07-14$$$$$$[$500][350256139] Low CVE-2024-8033: Inappropriate implementation in WebApp Installs. Reported by Lijo A.T on 2024-06-30$$$$$$[$500][353858776] Low CVE-2024-8034: Inappropriate implementation in Custom Tabs. Reported by Bharat (mrnoob) on 2024-07-18$$$$$$[TBD][40059470] Low CVE-2024-8035: Inappropriate implementation in Extensions. Reported by Microsoft on 2022-04-26$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$Google is aware that an exploit for CVE-2024-7971 exists in the wild.$$$$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[361165957] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using Addres
Google Chrome x64 Version 127.0.6533.120
Stable Channel Update for Desktop$$$Tuesday; August 13; 2024$$$The Stable channel has been updated to 127.0.6533.119/.120 for Windows; Mac and 127.0.6533.119 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 127.0.6533.100
Stable Channel Update for Desktop$$$Tuesday; August 6; 2024$$$The Stable channel has been updated to 127.0.6533.99/.100 for Windows; Mac and 127.0.6533.99 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 5 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[TBD][350528343] Critical CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz on 2024-07-02$$$$$$[$11000][353552540] High CVE-2024-7533: Use after free in Sharing. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-07-17$$$$$$[$7000][355256380] High CVE-2024-7550: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-07-25$$$$$$[TBD][352467338] High CVE-2024-7534: Heap buffer overflow in Layout. Reported by Tashita Software Security on 2024-07-11$$$$$$[TBD][352690885] High CVE-2024-7535: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-07-12$$$$$$[TBD][354847246] High CVE-2024-7536: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-07-23$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 127.0.6533.89
Stable Channel Update for Desktop$$$Tuesday; July 30; 2024$$$The Stable channel has been updated to 127.0.6533.88/89 for Windows; Mac and 127.0.6533.88 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[TBD][353034820] Critical CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert on 2024-07-15$$$[TBD][352872238] High CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter on 2024-07-13$$$[TBD][354748060] High CVE-2024-7256: Insufficient data validation in Dawn. Reported by gelatin dessert on 2024-07-23$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 127.0.6533.73
Stable Channel Update for Desktop$$$Tuesday; July 23; 2024$$$The Stable channel has been updated to 127.0.6533.72/73 for Windows; Mac and 127.0.6533.72 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 24 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$11000][349198731] High CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25$$$$$$[$8000][349342289] High CVE-2024-6989: Use after free in Loader. Reported by Anonymous on 2024-06-25$$$$$$[TBD][346618785] High CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz on 2024-06-12$$$$$$[TBD][349653220] High CVE-2024-6992: Out of bounds memory access in ANGLE. Reported by Xiantong Hou of Wuheng Lab and Pisanbao on 2024-06-27$$$$$$[TBD][349903568] High CVE-2024-6993: Inappropriate implementation in Canvas. Reported by Anonymous on 2024-06-30$$$$$$[$8000][339686368] Medium CVE-2024-6994: Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2024-05-10$$$$$$[$6000][343938078] Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Reported by Alesandro Ortiz on 2024-06-01$$$$$$[$5000][333708039] Medium CVE-2024-6996: Race in Frames. Reported by Louis Jannett (Ruhr University Bochum) on 2024-04-10$$$$$$[$3000][325293263] Medium CVE-2024-6997: Use after free in Tabs. Reported by Sven Dysthe (@svn-dys) on 2024-02-15$$$$$$[$2000][340098902] Medium CVE-2024-6998: Use after free in User Education. Reported by Sven Dysthe (@svn-dys) on 2024-05-13$$$$$$[$2000][340893685] Medium CVE-2024-6999: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-15$$$$$$[$500][339877158] Medium CVE-2024-7000: Use after free in CSS. Reported by Anonymous on 2024-05-11$$$$$$[TBD][347509736] Medium CVE-2024-7001: Inappropriate implementation in HTML. Reported by Jake Archibald on 2024-06-17$$$$$$[$2000][338233148] Low CVE-2024-7003: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-01$$$$$$[TBD][40063014] Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous on 2023-02-10$$$$$$[TBD][40068800] Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Reported by Umar Farooq on 2023-08-04$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[354788491] Various fixes from internal audits; fuzzing and other initiatives$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 126.0.6478.183
Stable Channel Update for Desktop$$$Tuesday; July 16; 2024$$$The Stable channel has been updated to 126.0.6478.182/183 for Windows; Mac and 126.0.6478.182 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 124.0.6367.182 for Windows and Mac which will roll out over the coming days/weeks. $$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 10 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$10000][346597059] High CVE-2024-6772: Inappropriate implementation in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-06-12$$$$$$[$7000][347724915] High CVE-2024-6773: Type Confusion in V8. Reported by 2ourc3 | Salim Largo on 2024-06-17$$$$$$[$6000][346898524] High CVE-2024-6774: Use after free in Screen Capture. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-13$$$$$$[$5000][347373236] High CVE-2024-6775: Use after free in Media Stream. Reported by Anonymous on 2024-06-15$$$$$$[$4000][346692546] High CVE-2024-6776: Use after free in Audio. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-12$$$$$$[$2500][345640549] High CVE-2024-6777: Use after free in Navigation. Reported by Sven Dysthe (@svn-dys) on 2024-06-07$$$$$$[TBD][341136300] High CVE-2024-6778: Race in DevTools. Reported by Allen Ding on 2024-05-16$$$$$$[TBD][351327767] High CVE-2024-6779: Out of bounds memory access in V8. Reported by Seunghyun Lee (@0x10n) on 2024-07-06$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[353373259] Various fixes from internal audits; fuzzing and other initiatives$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[349138278] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 126.0.6478.127
Stable Channel Update for Desktop$$$Monday; June 24; 2024$$$The Stable channel has been updated to 126.0.6478.126/127 for Windows; Mac and 126.0.6478.126 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 5 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$10000][342428008] High CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz on 2024-05-23$$$[$4000][40942995] High CVE-2024-6291: Use after free in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-15$$$[TBD][342545100] High CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz on 2024-05-24$$$[TBD][345993680] High CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz on 2024-06-09$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[349138278] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 126.0.6478.115
Stable Channel Update for Desktop$$$Tuesday; June 18; 2024$$$The Stable channel has been updated to 126.0.6478.114/115 for Windows; Mac and 126.0.6478.114 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 6 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$20000][344608204] High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) participating in SSD Secure Disclosures TyphoonPWN 2024 on 2024-06-04$$$[$7000][343748812] High CVE-2024-6101: Inappropriate implementation in WebAssembly. Reported by @ginggilBesel on 2024-05-31$$$[TBD][339169163] High CVE-2024-6102: Out of bounds memory access in Dawn. Reported by wgslfuzz on 2024-05-07$$$[TBD][344639860] High CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz on 2024-06-04$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[347958670] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 126.0.6478.62
Stable Channel Update for Desktop$$$Thursday; June 13; 2024$$$The Stable channel has been updated to 126.0.6478.61/.62 for Windows; Mac and 126.0.6478.61 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$Srinivas Sista$$$Google Chrome$$$
Google Chrome x64 Version 126.0.6478.57
Stable Channel Update for Desktop$$$Tuesday; June 11; 2024$$$The Chrome team is delighted to announce the promotion of Chrome 126 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 126.0.6478.54 (Linux) 126.0.6478.56/57( Windows; Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 126.$$$$$$Chrome 126.0.6478.56/57( Windows; Mac) has been pushed to extended stable channel as well$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 21 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$25000][342456991] High CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-05-24$$$[$10000][339171223] High CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz on 2024-05-07$$$[$10000][340196361] High CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz on 2024-05-13$$$[$7000][342602616] High CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel on 2024-05-24$$$[$5000][342840932] High CVE-2024-5834: Inappropriate implementation in Dawn. Reported by gelatin dessert on 2024-05-26$$$[$3000][341991535] High CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI on 2024-05-22$$$[TBD][341875171] High CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding on 2024-05-21$$$[TBD][342415789] High CVE-2024-5837: Type Confusion in V8. Reported by Anonymous on 2024-05-23$$$[TBD][342522151] High CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-05-24$$$[$100115][340122160] Medium CVE-2024-5839: Inappropriate Implementation in Memory Allocator. Reported by Micky on 2024-05-13$$$[$5000][41492103] Medium CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard on 2024-01-17$$$[$2000][326765855] Medium CVE-2024-5841: Use after free in V8. Reported by Cassidy Kim(@cassidy6564) on 2024-02-26$$$[$1000][40062622] Medium CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy) on 2023-01-12$$$[$500][333940412] Medium CVE-2024-5843: Inappropriate implementation in Downloads. Reported by hjy79425575 on 2024-04-12$$$[TBD][331960660] Medium CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri on 2024-04-01$$$[TBD][340178596] Medium CVE-2024-5845: Use after free in Audio. Reported by anonymous on 2024-05-13$$$[TBD][341095523] Medium CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng (HexHive) on 2024-05-16$$$[TBD][341313077] Medium CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng (HexHive) on 2024-05-18
Google Chrome x64 Version 125.0.6422.142
Stable Channel Update for Desktop$$$Thursday; May 30; 2024$$$The Stable channel has been updated to 125.0.6422.141/.142 for Windows; Mac and 125.0.6422.141 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$
Google Chrome x64 Version 125.0.6422.113
Stable Channel Update for Desktop$$$Thursday; May 23; 2024$$$ The Stable channel has been updated to 125.0.6422.112/.113 for Windows; Mac and 125.0.6422.112 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 1 security fix. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[N/A][341663589] High CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Googles Threat Analysis Group and Brendon Tiszka of Chrome Security on 2024-05-20$$$$$$$$$Google is aware that an exploit for CVE-2024-5274 exists in the wild.$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$
Google Chrome x64 Version 125.0.6422.77
Stable Channel Update for Desktop$$$Tuesday; May 21; 2024$$$The Stable channel has been updated to 125.0.6422.76/.77 for Windows; Mac and 125.0.6422.76 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 6 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$11000][336012573] High CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang on 2024-04-21$$$$$$[$10000][338908243] High CVE-2024-5158: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-05-06$$$$$$[$5000][335613092] High CVE-2024-5159: Heap buffer overflow in ANGLE. Reported by David Sievers (@loknop) on 2024-04-18$$$$$$[TBD][338161969] High CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz on 2024-05-01$$$$$$
Google Chrome x64 Version 125.0.6422.61
Stable Channel Update for Desktop$$$Wednesday; May 15; 2024$$$ The Chrome team is delighted to announce the promotion of Chrome 125 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$Chrome 125.0.6422.60 (Linux) 125.0.6422.60/.61( Windows; Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 125.$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 9 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[TBD][340221135] High CVE-2024-4947: Type Confusion in V8. Reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky on 2024-05-13$$$$$$[TBD][333414294] High CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09$$$$$$[$7000][326607001] Medium CVE-2024-4949: Use after free in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-02-24$$$$$$[$1000][40065403] Low CVE-2024-4950: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-06-06$$$$$$Google is aware that an exploit for CVE-2024-4947 exists in the wild.$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[340880302] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$
Google Chrome x64 Version 124.0.6367.208
Stable Channel Update for Desktop$$$Monday; May 13; 2024$$$The Stable channel has been updated to 124.0.6367.207/.208 for Mac and Windows and 124.0.6367.207 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 124.0.6367.207 for Mac and Windows which will roll out over the coming days/weeks.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 1 security fix. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[N/A][339458194] High CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09$$$$$$$$$Google is aware that an exploit for CVE-2024-4761 exists in the wild.
Google Chrome x64 Version 124.0.6367.202
Stable Channel Update for Desktop$$$Thursday; May 9; 2024$$$The Stable channel has been updated to 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 124.0.6367.201 for Mac and Windows which will roll out over the coming days/weeks.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 1 security fix. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[N/A][339266700] High CVE-2024-4671: Use after free in Visuals. Reported by Anonymous on 2024-05-07$$$$$$$$$Google is aware that an exploit for CVE-2024-4671 exists in the wild.
Google Chrome x64 Version 124.0.6367.156
Stable Channel Update for Desktop$$$Tuesday; May 7; 2024$$$The Stable channel has been updated to 124.0.6367.155/.156 for Mac and Windows and 124.0.6367.155 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 124.0.6367.155 for Mac and Windows which will roll out over the coming days/weeks.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[TBD][337766133] High CVE-2024-4558: Use after free in ANGLE. Reported by gelatin dessert on 2024-04-29$$$$$$[TBD][331369797] High CVE-2024-4559: Heap buffer overflow in WebAudio. Reported by Cassidy Kim(@cassidy6564) on 2024-03-26$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 124.0.6367.119
Stable Channel Update for Desktop$$$Tuesday; April 30; 2024$$$The Stable channel has been updated to 124.0.6367.118/.119 for Windows; Mac and 124.0.6367.118 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 124.0.6367.118 for Mac and Windows which will roll out over the coming days/weeks.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$3000][335003891] High CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy) on 2024-04-16$$$$$$[TBD][333508731] High CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$Daniel Yip$$$Google Chrome
Google Chrome x64 Version 124.0.6367.79
Stable Channel Update for Desktop$$$Wednesday; April 24; 2024$$$The Stable channel has been updated to 124.0.6367.78/.79 for Windows and Mac and 124.0.6367.78 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 124.0.6367.78/.79 for Windows and Mac which will roll out over the coming days/weeks.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$16000][332546345] Critical CVE-2024-4058: Type Confusion in ANGLE. Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure on 2024-04-02$$$$$$[TBD][333182464] High CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik on 2024-04-08$$$$$$[TBD][333420620] High CVE-2024-4060: Use after free in Dawn. Reported by wgslfuzz on 2024-04-09$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[336329431] Various fixes from internal audits; fuzzing and other initiatives$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.
Google Chrome x64 Version 124.0.6367.61
Stable Channel Update for Desktop$$$Tuesday; April 16; 2024$$$The Stable channel has been updated to 124.0.6367.60/.61 for Windows and Mac and 124.0.6367.60 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 124.0.6367.60/.61 for Windows and Mac which will roll out over the coming days/weeks.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 22 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$20000][331358160] High CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27$$$$$$[$10000][331383939] High CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab on 2024-03-27$$$$$$[$3000][326607008] High CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang on 2024-02-24$$$$$$[$7000][41491379] Medium CVE-2024-3837: Use after free in QUIC. Reported by {rotiple; dch3ck} of CW Research Inc. on 2024-01-15$$$$$$[$5000][328278717] Medium CVE-2024-3838: Inappropriate implementation in Autofill. Reported by Ardyan Vicky Ramadhan on 2024-03-06$$$$$$[$5000][41491859] Medium CVE-2024-3839: Out of bounds read in Fonts. Reported by Ronald Crane (Zippenhop LLC) on 2024-01-16$$$$$$[$3000][41493458] Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation. Reported by Ahmed ElMasry on 2024-01-22$$$$$$[$1000][330376742] Medium CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg on 2024-03-19$$$$$$[$TBD][41486690] Medium CVE-2024-3843: Insufficient data validation in Downloads. Reported by Azur on 2023-12-24$$$$$$[$5000][40058873] Low CVE-2024-3844: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2022-02-23$$$$$$[$3000][323583084] Low CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig on 2024-02-03$$$$$$[$2000][40064754] Low CVE-2024-3846: Inappropriate implementation in Prompts. Reported by Ahmed ElMasry on 2023-05-23$$$$$$[$1000][328690293] Low CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported by Yan Zhu on 2024-03-08$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[334957582] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 123.0.6312.123
Stable Channel Update for Desktop$$$Wednesday; April 10; 2024$$$The Stable channel has been updated to 123.0.6312.122/.123 for Windows 123.0.6312.122/.123/.124 for Mac and 123.0.6312.122 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log $$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$21000][331237485] High CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy on 2024-03-26$$$[$10000][328859176] High CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure on 2024-03-09$$$[$10000][331123811] High CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz on 2024-03-25$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Google Chrome x64 Version 123.0.6312.86
Stable Channel Update for Desktop$$$Tuesday; March 26; 2024$$$The Stable channel has been updated to 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 7 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$10000][327807820] Critical CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564) on 2024-03-03$$$[TBD][328958020] High CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz on 2024-03-11$$$[N/A][330575496] High CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab; via Pwn2Own 2024 on 2024-03-21$$$[N/A][330588502] High CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul; via Pwn2Own 2024 on 2024-03-21$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[331221727] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 123.0.6312.59
Stable Channel Update for Desktop$$$Tuesday; March 19; 2024$$$The Chrome team is delighted to announce the promotion of Chrome 123 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 123.0.6312.58 (Linux) 123.0.6312.58/.59( Windows; Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 123.$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 12 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[TBD][327740539] High CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-03-01$$$$$$[$10000][40945098] Medium CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564) on 2023-11-22$$$$$$[$4000][41493290] Medium CVE-2024-2627: Use after free in Canvas. Reported by Anonymous on 2024-01-21$$$$$$[$3000][41487774] Medium CVE-2024-2628: Inappropriate implementation in Downloads. Reported by Ath3r1s on 2024-01-03$$$$$$[$2000][41487721] Medium CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea) on 2024-01-02$$$$$$[$1000][41481877] Medium CVE-2024-2630: Inappropriate implementation in iOS. Reported by James Lee (@Windowsrcer) on 2023-12-07$$$$$$[$2000][41495878] Low CVE-2024-2631: Inappropriate implementation in iOS. Reported by Ramit Gangwar on 2024-01-29$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[330304003] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 122.0.6261.112
Stable Channel Update for Desktop$$$Tuesday; March 5; 2024$$$ The Stable channel has been updated to 122.0.6261.111/.112 for Windows and Mac and 122.0.6261.111 to Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 122.0.6261.112 for Windows and Mac which will roll out over the coming days/weeks.$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$12000][325893559] High CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9 on 2024-02-19$$$$$$[$7000][325866363] High CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-19$$$$$$[$6000][325936438] High CVE-2024-2176: Use after free in FedCM. Reported by Anonymous on 2024-02-20
Google Chrome x64 Version 122.0.6261.95
Stable Channel Update for Desktop$$$Tuesday; February 27; 2024$$$The Stable channel has been updated to 122.0.6261.94 for Mac;Linux and 122.0.6261.94/.95 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 122.0.6261.94 for Mac and 122.0.6261.95 for Windows which will roll out over the coming days/weeks.$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$7000][324596281] High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11$$$$$$[$7000][323694592] High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2024-02-05$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[326980493] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$
Google Chrome x64 Version 122.0.6261.70
Stable Channel Update for Desktop$$$Thursday; February 22; 2024$$$The Stable channel has been updated to 122.0.6261.69 for Mac;Linux and 122.0.6261.69/.70 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 122.0.6261.69 for Mac and 122.0.6261.70 for Windows which will roll out over the coming days/weeks.
Google Chrome x64 Version 122.0.6261.58
Stable Channel Update for Desktop$$$Tuesday; February 20; 2024$$$The Chrome team is delighted to announce the promotion of Chrome 122 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 122.0.6261.57 (Linux and Mac); 122.0.6261.57/.58( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 122.$$$The Extended Stable channel has been updated to 122.0.6261.57 for Windows and 122.0.6261.57 for Mac; which will roll out over the coming days/weeks.$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 12 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$7000][41495060] High CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous on 2024-01-26$$$$$$[$5000][41481374] High CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564) on 2023-12-06$$$$$$[$8000][41487933] Medium CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen on 2024-01-03$$$$$$[$3000][41485789] Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien) on 2023-12-19$$$$$$[$2000][41490491] Medium CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI on 2024-01-11$$$$$$[$1000][40095183] Medium CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg on 2019-05-27$$$$$$[$1000][41486208] Medium CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartlomiej Wacko on 2023-12-21$$$$$$[$1000][40944847] Low CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani on 2023-11-21$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[326063910] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$
Google Chrome x64 Version 121.0.6167.185
Stable Channel Update for Desktop$$$Tuesday; February 13; 2024$$$The Stable channel has been updated to 121.0.6167.184 for Mac and Linux and 121.0.6167.184/185 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 1 security fix. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$We would like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[325069765] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.
Google Chrome x64 Version 121.0.6167.161
Stable Channel Update for Desktop$$$Tuesday; February 6; 2024$$$The Stable channel has been updated to 121.0.6167.160 for Mac and Linux and 121.0.6167.160/161 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$Security Fixes and Rewards$$$$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed$$$This update includes 3 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$5000][41494539] High CVE-2024-1284: Use after free in Mojo. Reported by Anonymous on 2024-01-25$$$[$TBD][41494860] High CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074) on 2024-01-25$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[324073667] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 121.0.6167.140
Stable Channel Update for Desktop$$$Tuesday; January 30; 2024$$$The Stable channel has been updated to 121.0.6167.139 for Mac and Linux and 121.0.6167.139/140 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$5000][1511567] High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14$$$[$3000][1514777] High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-12-29$$$[N/A][1511085] High CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center on 2023-12-13$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[1523290] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 121.0.6167.86
Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 17 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$11000][1505080] High CVE-2024-0807: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25$$$$$$[$9000][1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19$$$$$$[$6000][1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24$$$$$$[$2000][1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim on 2023-10-26$$$$$$[$1000][1463935] Medium CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea) on 2023-07-11$$$$$$[$1000][1477151] Medium CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01 on 2023-08-30$$$$$$[$1000][1505176] Medium CVE-2024-0806: Use after free in Passwords. Reported by 18?????? on 2023-11-25$$$$$$[TBD][1514925] Medium CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip on 2024-01-01$$$$$$[TBD][1515137] Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2024-01-03$$$$$$[N/A][1494490] Low CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero on 2023-10-21$$$$$$[TBD][1497985] Low CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-10-31
Google Chrome x64 Version 120.0.6099.225
Stable Channel Update for Desktop$$$Tuesday; January 16; 2024$$$The Stable channel has been updated to 120.0.6099.234 for Mac and 120.0.6099.224 for Linux and 120.0.6099.224/225 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$The Extended Stable channel has been updated to 120.0.6099.234 for Mac and 120.0.6099.225 for Windows which will roll out over the coming days/weeks.$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$16000][1515930] High CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure on 2024-01-06$$$[$1000][1507412] High CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2023-12-03$$$[$TBD][1517354] High CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous on 2024-01-11$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$Google is aware of reports that an exploit for CVE-2024-0519 exists in the wild.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[1518006] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 120.0.6099.200
Stable Channel Update for Desktop$$$Wednesday; January 3; 2024$$$The Stable channel has been updated to 120.0.6099.199 for Mac;Linux and 120.0.6099.199/200 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.$$$$$$The Extended Stable channel has been updated to 120.0.6099.199 for Mac and 120.0.6099.200 for Windows which will roll out over the coming days/weeks.$$$$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 6 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$15000][1501798] High CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure on 2023-11-13$$$[$15000][1505009] High CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure on 2023-11-24$$$[$10000][1505086] High CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25$$$[$TBD][1506923] High CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous on 2023-12-01$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[1515353] Various fixes from internal audits; fuzzing and other initiatives$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$Srinivas Sista$$$$$$Google Chrome
Google Chrome x64 Version 120.0.6099.130
Stable Channel Update for Desktop$$$Wednesday; December 20; 2023$$$The Stable channel has been updated to 120.0.6099.129 for Mac;Linux and 120.0.6099.129/130 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the nulllog.$$$The Extended Stable channel has been updated to 120.0.6099.129 for Mac and 120.0.6099.130 for Windows which will roll out over the coming days/weeks.$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 1 security fix. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$NA][1513170] High CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Googles Threat Analysis Group on 2023-12-19$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$Google is aware that an exploit for CVE-2023-7024 exists in the wild.$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$
Google Chrome x64 Version 120.0.6099.110
Stable Channel Update for Desktop$$$Tuesday; December 12; 2023$$$ The Stable channel has been updated to 120.0.6099.109 for Mac;Linux and 120.0.6099.109/110 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. $$$$$$The Extended Stable channel has been updated to 120.0.6099.109 for Mac and 120.0.6099.110 for Windows which will roll out over the coming days/weeks.$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 9 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$16000][1501326] High CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qianxin Group on 2023-11-10$$$$$$[$7000][1502102] High CVE-2023-6703: Use after free in Blink. Reported by Cassidy Kim(@cassidy6564) on 2023-11-14$$$$$$[$7000][1504792] High CVE-2023-6704: Use after free in libavif. Reported by Fudan University on 2023-11-23$$$$$$[$7000][1505708] High CVE-2023-6705: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-11-28$$$$$$[$6000][1500921] High CVE-2023-6706: Use after free in FedCM. Reported by anonymous on 2023-11-09$$$$$$[$7000][1504036] Medium CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel on 2023-11-21$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1510677] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.
Google Chrome x64 Version 120.0.6099.71
Stable Channel Update for Desktop$$$Wednesday; December 6; 2023$$$The Stable channel has been updated to 120.0.6099.71 for Mac;Linux and Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. $$$$$$The Extended Stable channel has been updated to 120.0.6099.71 for Windows and Mac; which will roll out over the coming days/weeks.
Google Chrome x64 Version 119.0.6045.200
Stable Channel Update for Desktop$$$Tuesday; November 28; 2023$$$The Stable channel has been updated to 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. $$$$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 7 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[N/A][1491459] High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10$$$[$31000][1494461] High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2023-10-21$$$[$10000][1500856] High CVE-2023-6346: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-09$$$[$7000][1501766] High CVE-2023-6350: Out of bounds memory access in libavif. Reported by Fudan University on 2023-11-13$$$[$7000][1501770] High CVE-2023-6351: Use after free in libavif. Reported by Fudan University on 2023-11-13$$$[N/A][1505053] High CVE-2023-6345: Integer overflow in Skia. Reported by Benoît Sevens and Clément Lecigne of Googles Threat Analysis Group on 2023-11-24$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1505618] Various fixes from internal audits; fuzzing and other initiatives$$$$$$$$$Google is aware that an exploit for CVE-2023-6345 exists in the wild.$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$
Google Chrome x64 Version 119.0.6045.160
Stable Channel Update for Desktop$$$Tuesday; November 14; 2023$$$The Stable channel has been updated to 119.0.6045.159 for Mac and Linux and 119.0.6045.159/.160 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$10000][1497997] High CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous on 2023-10-31$$$$$$[N/A][1499298] High CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero on 2023-11-04$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1501958] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$
Google Chrome x64 Version 119.0.6045.124
he Stable channel has been updated to 119.0.6045.123 for Mac and Linux and 119.0.6045.123/.124 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 1 security fix. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[N/A][1497859] High CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023 on 2023-10-30
Google Chrome x64 Version 119.0.6045.106
Chrome 119.0.6045.105 (Linux and Mac); 119.0.6045.105/.106( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 119.$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 15 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$16000][1492698] High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14$$$$$$[$11000][1492381] High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13$$$$$$[$TBD][1492384] High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13$$$$$$[$3000][1281972] Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22$$$$$$[$3000][1473957] Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18$$$$$$[$2000][1480852] Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10$$$$$$[$1000][1456876] Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22$$$$$$[$1000][1488267] Medium CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab; Korea Univ on 2023-10-01$$$$$$[$TBD][1492396] Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13$$$$$$[$TBD][1493380] Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17$$$$$$[N/A][1493435] Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18$$$$$$[$3000][1457704] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24$$$$$$[$500][1482045] Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1497743] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.
Google Chrome x64 Version 118.0.5993.118
changes logs can be found here-$$$https://chromereleases.googleblog.com/search/label/Desktop%20Update+Stable%20updates
Google Chrome x64 Version 118.0.5993.89
changes logs can be found here-$$$https://chromium.googlesource.com/chromium/src/+log/110.0.5481.100..110.0.5481.104?pretty=fuller&n=10000
Google Chrome x64 Version 118.0.5993.71
Stable Channel Update for Desktop$$$Tuesday; October 10; 2023$$$The Stable channel has been updated to 118.0.5993.70 for Mac and Linux and 118.0.5993.70/.71 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$The Extended Stable channel has been updated to 118.0.5993.71 for Windows and 118.0.5993.70 for Mac; which will roll out over the coming days/weeks. $$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 20 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[TBD][1487110] Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18?????? on 2023-09-27$$$$$$[$5000][1062251] Medium CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous on 2020-03-17$$$$$$[$5000][1414936] Medium CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita on 2023-02-11$$$$$$[$2000][1476952] Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30$$$$$$[$1000][1425355] Medium CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong on 2023-03-17$$$$$$[$1000][1458934] Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28$$$$$$[$1000][1474253] Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20$$$$$$[$1000][1483194] Medium CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car] on 2023-09-15$$$$$$[$500][1471253] Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09$$$$$$[$6000][1395164] Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02$$$$$$[$3000][1472404] Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-08-12$$$$$$[$3000][1472558] Low CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs on 2023-08-13$$$$$$[$1000][1357442] Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29$$$$$$[$1000][1484000] Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1491268] Various fixes from internal audits; fuzzing and other initiatives$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$
Google Chrome x64 Version 117.0.5938.150
Stable Channel Update for Desktop$$$Tuesday; October 3; 2023$$$ The Stable channel has been updated to 117.0.5938.149 for Mac and Linux and 117.0.5938.149/.150 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 1 security fix. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$8000][1485829] High CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar on 2023-09-22$$$$$$$$$
Google Chrome x64 Version 117.0.5938.132
Stable Channel Update for Desktop$$$Thursday; September 27; 2023$$$The Stable channel has been updated to 117.0.5938.132 for Windows; Mac and Linux; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$
Google Chrome x64 Version 117.0.5938.92
Stable Channel Update for Desktop$$$Thursday; September 21; 2023$$$The Stable channel has been updated to 117.0.5938.92 for Windows; Mac and Linux; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$
Google Chrome x64 Version 117.0.5938.89
Stable Channel Update for Desktop$$$Friday; September 15; 2023$$$The Stable channel has been updated to 117.0.5938.88 for Mac and Linux and 117.0.5938.88/.89 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.
Google Chrome x64 Version 117.0.5938.63
Chrome 117.0.5938.62 (Linux and Mac); 117.0.5938.62/.63( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 117.$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 16 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontos Munk School on 2023-09-06$$$$$$[$3000][1430867] Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06$$$$$$[$3000][1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29$$$$$$[$2000][1454515] Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14$$$$$$[$1000][1446709] Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18$$$$$$[$1000][1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09$$$$$$[$500][1441228] Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29$$$$$$[$6000][1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30$$$$$$[$2000][1462104] Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) on 2023-07-04$$$$$$[$TBD][1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06$$$$$$[$TBD][1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09
Google Chrome x64 Version 116.0.5845.180
Stable Channel Update for Desktop$$$Tuesday; September 5; 2023$$$The Stable and Extended stable channels has been updated to 116.0.5845.179 for Mac and Linux and 116.0.5845.179/.180 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$The Extended Stable channel has been updated to 116.0.5845.180 for Windows and 116.0.5845.179 for Mac; which will roll out over the coming days/weeks. $$$$$$Security Fixes and Rewards$$$$$$$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$$$$[$TBD][1476403] High CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy on 2023-08-28$$$$$$[$TBD][1473247] High CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI on 2023-08-16$$$$$$[$TBD][1469928] High CVE-2023-4763: Use after free in Networks. Reported by anonymous on 2023-08-03$$$$$$[$TBD][1447237] High CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7) on 2023-05-20$$$$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Google Chrome x64 Version 116.0.5845.111
Chrome Desktop Stable Update$$$Tuesday; August 22; 2023$$$The Stable and Extended stable channels has been updated to 116.0.5845.110 for Mac and Linux and 116.0.5845.110/.111 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 5 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$10000][1469542] High CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564) on 2023-08-02$$$$$$[$3000][1469754] High CVE-2023-4429: Use after free in Loader. Reported by Anonymous on 2023-08-03$$$$$$[$2000][1470477] High CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills) on 2023-08-06$$$$$$[$NA][1470668] High CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-08-07$$$$$$[$NA][1469348] Medium CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher on 2023-08-01$$$$$$
Google Chrome x64 Version 116.0.5845.97
Stable Channel Update for Desktop$$$Tuesday; August 15; 2023$$$The Stable and Extended stable channels has been updated to 116.0.5845.96 for Mac and Linux and 116.0.5845.96/.97 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 26 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$30000][1448548] High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24$$$$$$[$5000][1458303] High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27$$$$$$[$3000][1454817] High CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14$$$$$$[$2000][1465833] High CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI on 2023-07-18$$$$$$[$NA][1452076] High CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-06-07$$$$$$[$NA][1458046] High CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research on 2023-06-27$$$$$$[$NA][1464215] High CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero on 2023-07-12$$$$$$[$NA][1468943] High CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-07-31$$$$$$[$5000][1449929] Medium CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-05-30$$$$$$[$3000][1458911] Medium CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28$$$$$$[$3000][1466415] Medium CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI on 2023-07-20$$$$$$[$2000][1443722] Medium CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01 on 2023-05-09$$$$$$[$2000][1462723] Medium CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong on 2023-07-07$$$$$$[$2000][1465230] Medium CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17$$$$$$[$1000][1316379] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14$$$$$$[$1000][1367085] Medium CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2022-09-23$$$$$$[$1000][1406922] Medium CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane on 2023-01-13$$$$$$[$1000][1431043] Medium CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh on 2023-04-06$$$$$$[$1000][1450784] Medium CVE-2023-4366: Use after free in Extensions. Reported by asnine on 2023-06-02$$$$$$[$500][1467743] Medium CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26$$$$$$[$500][1467751] Medium CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26
Google Chrome x64 Version 115.0.5790.171
Stable Channel Update for Desktop$$$Wednesday; August 2; 2023$$$The Stable channel has been updated to 115.0.5790.170 for Mac and Linux and 115.0.5790.170/.171 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 17 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$23000][1466183] High CVE-2023-4068: Type Confusion in V8. Reported by Jerry on 2023-07-20$$$$$$[$21000][1465326] High CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-07-17$$$$$$[$20000][1462951] High CVE-2023-4070: Type Confusion in V8. Reported by Jerry on 2023-07-07$$$$$$[$17000][1458819] High CVE-2023-4071: Heap buffer overflow in Visuals. Reported by Guang and Weipeng Jiang of VRI on 2023-06-28$$$$$$[$15000][1464038] High CVE-2023-4072: Out of bounds read and write in WebGL. Reported by Apple Security Engineering and Architecture (SEAR) on 2023-07-12$$$$$$[$10000][1456243] High CVE-2023-4073: Out of bounds memory access in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori on 2023-06-20$$$$$$[$8000][1464113] High CVE-2023-4074: Use after free in Blink Task Scheduling. Reported by Anonymous on 2023-07-12$$$$$$[$5000][1457757] High CVE-2023-4075: Use after free in Cast. Reported by Cassidy Kim(@cassidy6564) on 2023-06-25$$$$$$[$NA][1459124] High CVE-2023-4076: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2023-06-29$$$$$$[$3000][1451146] Medium CVE-2023-4077: Insufficient data validation in Extensions. Reported by Anonymous on 2023-06-04$$$$$$[$1000][1461895] Medium CVE-2023-4078: Inappropriate implementation in Extensions. Reported by Anonymous on 2023-07-04$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1469476] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$$$$$$$$$$Prudhvikumar Bommana$$$Google Chrome
Google Chrome x64 Version 115.0.5790.110
Stable Channel Update for Desktop$$$ The Stable channel has been updated to 115.0.5790.110 for Windows and Linux and 115.0.5790.114 for Mac; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$Prudhvikumar Bommana$$$Google Chrome
Google Chrome x64 Version 115.0.5790.102
Stable Channel Update for Desktop$$$Thursday; July 20; 2023$$$The Stable channel has been updated to 115.0.5790.102 for Windows; Mac and Linux; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log (https://chromium.googlesource.com/chromium/src/+log/115.0.5790.98..115.0.5790.102?pretty=fuller&n=10000).$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$Prudhvikumar Bommana$$$Google Chrome
Google Chrome x64 Version 115.0.5790.99
$$$Stable Channel Update for Desktop$$$Tuesday; July 18; 2023$$$$$$The Chrome team is delighted to announce the promotion of Chrome 115 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$Chrome 115.0.5790.98 (Linux and Mac); 115.0.5790.98/99( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 115.$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 20 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$7000][1454086] High CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2023-06-12$$$$$$[$7000][1457421] High CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-06-23$$$$$$[$2000][1453465] High CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel on 2023-06-09$$$$$$[$NA][1450899] High CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero on 2023-06-02$$$$$$[$5000][1450203] Medium CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-31$$$$$$[$5000][1450376] Medium CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita on 2023-06-01$$$$$$[$2000][1394410] Medium CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry on 2022-11-29$$$$$$[$2000][1434438] Medium CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2023-04-19$$$$$$[$2000][1446754] Medium CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2023-05-19$$$$$$[$1000][1434330] Medium CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh on 2023-04-18$$$$$$[$1000][1405223] Low CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui on 2023-01-06
Google Chrome x64 Version 114.0.5735.199
Stable Channel Update for Desktop$$$Monday; June 26; 2023$$$ The Stable and extended stable channels has been updated to 114.0.5735.198 for Mac and Linux and 114.0.5735.198/199 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 4 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$20000][1452137] High CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2023-06-07$$$$$$[$10000][1447568] High CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos on 2023-05-22$$$$$$[$5000][1450397] High CVE-2023-3422: Use after free in Guest View. Reported by asnine on 2023-06-01$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1458017] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL$$$$$$
Google Chrome x64 Version 114.0.5735.134
Stable Channel Update for Desktop$$$Tuesday; June 13; 2023$$$The Stable and extended stable channels has been updated to 114.0.5735.133 for Mac and Linux and 114.0.5735.133/134 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 5 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$TBD][1450568] Critical CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI on 2023-06-01$$$$$$[$3000][1446274] High CVE-2023-3215: Use after free in WebRTC. Reported by asnine on 2023-05-17$$$$$$[$TBD][1450114] High CVE-2023-3216: Type Confusion in V8. Reported by 5n1p3r0010 on 2023-05-31$$$$$$[$NA][1450601] High CVE-2023-3217: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero on 2023-06-01$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1454307] Various fixes from internal audits; fuzzing and other initiatives$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$
Google Chrome x64 Version 114.0.5735.110
Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$NA][1450481] High CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Googles Threat Analysis Group on 2023-06-01$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$Google is aware that an exploit for CVE-2023-3079 exists in the wild.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[1451018] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 113.0.5672.127
The Stable channel has been updated to 113.0.5672.126 for Mac and Linux and 113.0.5672.126/.127 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 12 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$TBD][1444360] Critical CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab; Qihoo 360 on 2023-05-10$$$$$$[$7000][1400905] High CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI on 2022-12-14$$$$$$[$3000][1435166] High CVE-2023-2723: Use after free in DevTools. Reported by asnine on 2023-04-21$$$$$$[$NA][1433211] High CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-04-14$$$$$$[$TBD][1442516] High CVE-2023-2725: Use after free in Guest View. Reported by asnine on 2023-05-04$$$$$$[$1500][1442018] Medium CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry on 2023-05-03$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1445755] Various fixes from internal audits; fuzzing and other initiatives
Google Chrome x64 Version 113.0.5672.93
The Stable and extended stable channel has been updated to 113.0.5672.92/.93 Windows and 113.0.5672.92 for Mac and Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.
Google Chrome x64 Version 113.0.5672.64
Stable Channel Update for Desktop$$$Tuesday; May 2; 2023$$$The Chrome team is delighted to announce the promotion of Chrome 113 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 113.0.5672.63 (Linux and Mac); 113.0.5672.63/.64( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 113.$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 15 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$7500][1423304] Medium CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI on 2023-03-10$$$$$$[$5000][1419732] Medium CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik; Fingerprint[.]com on 2023-02-27$$$$$$[$4000][1350561] Medium CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel on 2022-08-06$$$$$$[$3000][1375133] Medium CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz on 2022-10-17$$$$$$[$2000][1406120] Medium CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on 2023-01-10$$$$$$[$2000][1418549] Medium CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita on 2023-02-23$$$$$$[$1000][1399862] Medium CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf on 2022-12-10$$$$$$[$3000][1385714] Low CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia) on 2022-11-17$$$$$$[$2000][1413586] Low CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita on 2023-02-07$$$$$$[$1000][1416380] Low CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz on 2023-02-15$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1441714] Various fixes from internal audits; fuzzing and other initiatives$$$$$$
Google Chrome x64 Version 112.0.5615.138
Stable Channel Update for Desktop$$$Tuesday; April 18; 2023$$$The Stable and extended stable channel has been updated to 112.0.5615.137/138 for Windows and 112.0.5615.137 for Mac and 112.0.5615.165 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the log$$$$$$Stable Channel Update for Desktop - 112.0.5615.137$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 8 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$8000][1429197] High CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30$$$[$8000][1429201] High CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI on 2023-03-30$$$[$3000][1424337] High CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564) on 2023-03-14$$$[$NA][1432603] High CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Googles Threat Analysis Group on 2023-04-12$$$[$1000][1430644] Medium CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2023-04-05$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$Google is aware that an exploit for CVE-2023-2136 exists in the wild.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$[1434139] Various fixes from internal audits; fuzzing and other initiatives$$$
Google Chrome x64 Version 112.0.5615.121
M112 Stable Update for Desktop - v112.0.5615.121$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$This update includes 2 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$[$NA][1432210] High CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Googles Threat Analysis Group on 2023-04-11
Google Chrome x64 Version 112.0.5615.87
Release notes are not available. Please refer below.$$$$$$Stable Channel Update for Desktop$$$Wednesday; April 12; 2023$$$The Stable and extended stable channel has been updated to 112.0.5615.86/87 Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$nterested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$$$$$$$Srinivas Sista$$$Google Chrome
Google Chrome x64 Version 112.0.5615.50
Stable Channel Update for Desktop$$$Tuesday; April 4; 2023$$$The Chrome team is delighted to announce the promotion of Chrome 112 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$Chrome 112.0.5615.49 (Linux and Mac); 112.0.5615.49/50( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 112.$$$Security Fixes and Rewards$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.
Google Chrome x64 Version 111.0.5563.147
The Stable channel has been updated to 111.0.5563.147 for Mac and Linux and 111.0.5563.146/.147 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Google Chrome x64 Version 111.0.5563.111
The Stable channel has been updated to 111.0.5563.110 for Mac and Linux and 111.0.5563.110/.111 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 8 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
Google Chrome x64 Version 111.0.5563.65
changes logs can be found here-$$$https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
Google Chrome x64 Version 110.0.5481.178
changes logs can be found here-$$$https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html
Google Chrome x64 Version 110.0.5481.104
changes logs can be found here-$$$https://chromium.googlesource.com/chromium/src/+log/110.0.5481.100..110.0.5481.104?pretty=fuller&n=10000
Google Chrome x64 Version 110.0.5481.100
changes logs can be found here-$$$https://chromium.googlesource.com/chromium/src/+log/110.0.5481.96..110.0.5481.100?pretty=fuller&n=10000
Google Chrome x64 Version 110.0.5481.97
Not yet updated by Vendor$$$$$$Stable Channel Desktop Update$$$Monday; February 13; 2023$$$The Stable channel has been updated to 110.0.5481.96 for Mac and Linux and 110.0.5481.96/.97 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$$$$The Extended Stable channel has been updated to 110.0.5481.96 for Windows and Mac which will roll out over the coming days/weeks. $$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$Daniel Yip$$$$$$Google Chrome
Google Chrome x64 Version 110.0.5481.78
Not yet updated by Vendor$$$$$$Stable Channel Update for Desktop$$$Tuesday; February 7; 2023$$$The Chrome team is delighted to announce the promotion of Chrome 110 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 110.0.5481.77/.78 for Windows; 110.0.5481.77 for Mac and Linux contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 110.$$$$$$The Extended Stable channel has been updated to 110.0.5481.78 for Windows and 110.0.5481.77 for Mac which will roll out over the coming days/weeks. $$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$This update includes 15 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$[$7000][1402270] High CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab on 2022-12-18$$$$$$[$4000][1341541] High CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry on 2022-07-03$$$$$$[$2000][1403573] High CVE-2023-0698: Out of bounds read in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2022-12-25$$$$$$[$3000][1371859] Medium CVE-2023-0699: Use after free in GPU. Reported by 7o8v and Cassidy Kim(@cassidy6564) on 2022-10-06$$$$$$[$3000][1393732] Medium CVE-2023-0700: Inappropriate implementation in Download. Reported by Axel Chong on 2022-11-26$$$$$$[$2000][1405123] Medium CVE-2023-0701: Heap buffer overflow in WebUI. Reported by Sumin Hwang of SSD Labs on 2023-01-05$$$$$$[$1500][1316301] Medium CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri on 2022-04-14$$$$$$[$1000][1405574] Medium CVE-2023-0703: Type Confusion in DevTools. Reported by raven at KunLun lab on 2023-01-07$$$$$$[$2000][1385982] Low CVE-2023-0704: Insufficient policy enforcement in DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva security team on 2022-11-18$$$$$$[$1000][1238642] Low CVE-2023-0705: Integer overflow in Core. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab on 2021-08-11$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Google Chrome x64 Version 109.0.5414.120
Not yet updated by Vendor$$$https://chromereleases.googleblog.com/2023/01/
Google Chrome x64 Version 109.0.5414.75
Stable Channel Update for Desktop$$$Tuesday; January 10; 2023$$$The Chrome team is delighted to announce the promotion of Chrome 109 to the stable channel for Windows; Mac and Linux. This will roll out over the coming days/weeks.$$$$$$Chrome 109.0.5414.74 (linux);109.0.5414.74/.75( Windows) and 109.0.5414.87(Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 109.
Google Chrome x64 Version 108.0.5359.125
Stable Channel Update for Desktop$$$Tuesday; December 13; 2022$$$The Stable channel has been updated to 108.0.5359.124 for Mac and Linux and 108.0.5359.124/.125 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$$$$The Extended Stable channel has been updated to 108.0.5359.124 for Mac and 108.0.5359.125 for Windows which will roll out over the coming days/weeks. $$$$$$Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 8 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$7000][1383991] High CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15$$$$$$[$6000][1394692] High CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30$$$$$$[$1500][1381871] High CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07$$$$$$[$TBD][1392661] High CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22$$$$$$[$3000][1382761] Medium CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1400487] Various fixes from internal audits; fuzzing and other initiatives$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$$$$$$$Interested in switching release channels? Find out how here. If you find a new issue; please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.$$$$$$$$$$$$$$$$$$$$$$$$$$$Srinivas Sista$$$Google Chrome$$$Share on Twitter Share on Facebook$$$
Google Chrome x64 Version 108.0.5359.99
Not provided yet by vendor
Google Chrome x64 Version 108.0.5359.95
The Stable channel has been updated to 108.0.5359.94 for Mac and Linux and 108.0.5359.94/.95 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.$$$$$$$$$$$$The Extended Stable channel has been updated to 108.0.5359.94 for Windows and Mac which will roll out over the coming days/weeks. $$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 1 security fix. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$NA][1394403] High CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Googles Threat Analysis Group on 2022-11-29$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$Google is aware that an exploit for CVE-2022-4262 exists in the wild. $$$$$$$$$Many of our security bugs are detected using AddressSanitizer; MemorySanitizer; UndefinedBehaviorSanitizer; Control Flow Integrity; libFuzzer; or AFL.$$$
Google Chrome x64 Version 107.0.5304.107
The Stable channel has been updated to 107.0.5304.110 for Mac and Linux and 107.0.5304.106/.107 for Windows; which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. $$$$$$$$$ Security Fixes and Rewards$$$$$$Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on; but haven’t yet fixed.$$$$$$$$$This update includes 10 security fixes. Below; we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.$$$$$$$$$[$21000][1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24$$$$$$[$10000][1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10$$$$$$[$7000][1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08$$$$$$[$7000][1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16$$$$$$[$TBD][1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01$$$$$$[$TBD][1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01$$$$$$$$$We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.$$$As usual; our ongoing internal security work was responsible for a wide range of fixes:$$$$$$[1382280] Various fixes from internal audits; fuzzing and other initiatives$$$$$$
