| Version | Change log |
| Google Chrome Portable 129.0.6668.5 Sep 18, 2024 |
This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2024-8636: Heap buffer overflow in Skia. High CVE-2024-8637: Use after free in Media Router. High CVE-2024-8638: Type Confusion in V8. High CVE-2024-8639: Use after free in Autofill. As usual, our ongoing internal security work was responsible for a wide range of fixes |
| Google Chrome Portable 128.0.6613.1 Sep 11, 2024 |
This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2024-8636: Heap buffer overflow in Skia. High CVE-2024-8637: Use after free in Media Router. High CVE-2024-8638: Type Confusion in V8. High CVE-2024-8639: Use after free in Autofill. As usual, our ongoing internal security work was responsible for a wide range of fixes |
| Google Chrome Portable 128.0.6613.1 Sep 7, 2024 |
This update includes 24 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2024-6988: Use after free in Downloads. High CVE-2024-6989: Use after free in Loader. High CVE-2024-6991: Use after free in Dawn. High CVE-2024-6992: Out of bounds memory access in ANGLE. High CVE-2024-6993: Inappropriate implementation in Canvas. Medium CVE-2024-6994: Heap buffer overflow in Layout. Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Medium CVE-2024-6996: Race in Frames. Medium CVE-2024-6997: Use after free in Tabs. Medium CVE-2024-6998: Use after free in User Education. Medium CVE-2024-6999: Inappropriate implementation in FedCM. Medium CVE-2024-7000: Use after free in CSS. Medium CVE-2024-7001: Inappropriate implementation in HTML. Low CVE-2024-7003: Inappropriate implementation in FedCM. Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Various fixes from internal audits, fuzzing and other initiatives: [Merge-127] Enable GenGpuDiskCacheKeyPrefixInGpuService be default [M127][views-ax] Migrating Role in ui/Views to new system [M127][views-ax] Fix cached role/name/description out of sync in the cache (//chrome/views) [M127][views-ax] Fix cached role/name/description out of sync in the cache (//ash) [M127] [Compose] Announce the popup politely Use path2d cache flag for clip [M127 Merge][lens] Update the lens entrypoint synchronously with pref changes [M127 Merge][lens] Order the persistent entrypoint beside the bookmarks star [lens] Always suppress the label for the persistent entrypoint [CP M127][lensoverlay] Make sure overlay is closed after reload Updating XTBs based on .GRDs from branch 6533 [M127]Update dev mode off-store extension histograms [CP M127][lensoverlay] Fix tooltip showing on more info menu [CP M127][lensoverlay] Fix segmentation mask flicker [CP M127][lensoverlay] Keep overlay open if URL |
| Google Chrome Portable 128.0.6613.8 Aug 22, 2024 |
This update includes 24 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2024-6988: Use after free in Downloads. High CVE-2024-6989: Use after free in Loader. High CVE-2024-6991: Use after free in Dawn. High CVE-2024-6992: Out of bounds memory access in ANGLE. High CVE-2024-6993: Inappropriate implementation in Canvas. Medium CVE-2024-6994: Heap buffer overflow in Layout. Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Medium CVE-2024-6996: Race in Frames. Medium CVE-2024-6997: Use after free in Tabs. Medium CVE-2024-6998: Use after free in User Education. Medium CVE-2024-6999: Inappropriate implementation in FedCM. Medium CVE-2024-7000: Use after free in CSS. Medium CVE-2024-7001: Inappropriate implementation in HTML. Low CVE-2024-7003: Inappropriate implementation in FedCM. Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Various fixes from internal audits, fuzzing and other initiatives: [Merge-127] Enable GenGpuDiskCacheKeyPrefixInGpuService be default [M127][views-ax] Migrating Role in ui/Views to new system [M127][views-ax] Fix cached role/name/description out of sync in the cache (//chrome/views) [M127][views-ax] Fix cached role/name/description out of sync in the cache (//ash) [M127] [Compose] Announce the popup politely Use path2d cache flag for clip [M127 Merge][lens] Update the lens entrypoint synchronously with pref changes [M127 Merge][lens] Order the persistent entrypoint beside the bookmarks star [lens] Always suppress the label for the persistent entrypoint [CP M127][lensoverlay] Make sure overlay is closed after reload Updating XTBs based on .GRDs from branch 6533 [M127]Update dev mode off-store extension histograms [CP M127][lensoverlay] Fix tooltip showing on more info menu [CP M127][lensoverlay] Fix segmentation mask flicker [CP M127][lensoverlay] Keep overlay open if URL |
| Google Chrome Portable 127.0.6533.1 Aug 16, 2024 |
This update includes 24 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2024-6988: Use after free in Downloads. High CVE-2024-6989: Use after free in Loader. High CVE-2024-6991: Use after free in Dawn. High CVE-2024-6992: Out of bounds memory access in ANGLE. High CVE-2024-6993: Inappropriate implementation in Canvas. Medium CVE-2024-6994: Heap buffer overflow in Layout. Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Medium CVE-2024-6996: Race in Frames. Medium CVE-2024-6997: Use after free in Tabs. Medium CVE-2024-6998: Use after free in User Education. Medium CVE-2024-6999: Inappropriate implementation in FedCM. Medium CVE-2024-7000: Use after free in CSS. Medium CVE-2024-7001: Inappropriate implementation in HTML. Low CVE-2024-7003: Inappropriate implementation in FedCM. Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Various fixes from internal audits, fuzzing and other initiatives: [Merge-127] Enable GenGpuDiskCacheKeyPrefixInGpuService be default [M127][views-ax] Migrating Role in ui/Views to new system [M127][views-ax] Fix cached role/name/description out of sync in the cache (//chrome/views) [M127][views-ax] Fix cached role/name/description out of sync in the cache (//ash) [M127] [Compose] Announce the popup politely Use path2d cache flag for clip [M127 Merge][lens] Update the lens entrypoint synchronously with pref changes [M127 Merge][lens] Order the persistent entrypoint beside the bookmarks star [lens] Always suppress the label for the persistent entrypoint [CP M127][lensoverlay] Make sure overlay is closed after reload Updating XTBs based on .GRDs from branch 6533 [M127]Update dev mode off-store extension histograms [CP M127][lensoverlay] Fix tooltip showing on more info menu [CP M127][lensoverlay] Fix segmentation mask flicker [CP M127][lensoverlay] Keep overlay open if URL |
| Google Chrome Portable 127.0.6533.1 Aug 9, 2024 |
This update includes 24 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2024-6988: Use after free in Downloads. High CVE-2024-6989: Use after free in Loader. High CVE-2024-6991: Use after free in Dawn. High CVE-2024-6992: Out of bounds memory access in ANGLE. High CVE-2024-6993: Inappropriate implementation in Canvas. Medium CVE-2024-6994: Heap buffer overflow in Layout. Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Medium CVE-2024-6996: Race in Frames. Medium CVE-2024-6997: Use after free in Tabs. Medium CVE-2024-6998: Use after free in User Education. Medium CVE-2024-6999: Inappropriate implementation in FedCM. Medium CVE-2024-7000: Use after free in CSS. Medium CVE-2024-7001: Inappropriate implementation in HTML. Low CVE-2024-7003: Inappropriate implementation in FedCM. Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Various fixes from internal audits, fuzzing and other initiatives: [Merge-127] Enable GenGpuDiskCacheKeyPrefixInGpuService be default [M127][views-ax] Migrating Role in ui/Views to new system [M127][views-ax] Fix cached role/name/description out of sync in the cache (//chrome/views) [M127][views-ax] Fix cached role/name/description out of sync in the cache (//ash) [M127] [Compose] Announce the popup politely Use path2d cache flag for clip [M127 Merge][lens] Update the lens entrypoint synchronously with pref changes [M127 Merge][lens] Order the persistent entrypoint beside the bookmarks star [lens] Always suppress the label for the persistent entrypoint [CP M127][lensoverlay] Make sure overlay is closed after reload Updating XTBs based on .GRDs from branch 6533 [M127]Update dev mode off-store extension histograms [CP M127][lensoverlay] Fix tooltip showing on more info menu [CP M127][lensoverlay] Fix segmentation mask flicker [CP M127][lensoverlay] Keep overlay open if URL |
| Google Chrome Portable 127.0.6533.8 Aug 1, 2024 |
This update includes 24 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2024-6988: Use after free in Downloads. High CVE-2024-6989: Use after free in Loader. High CVE-2024-6991: Use after free in Dawn. High CVE-2024-6992: Out of bounds memory access in ANGLE. High CVE-2024-6993: Inappropriate implementation in Canvas. Medium CVE-2024-6994: Heap buffer overflow in Layout. Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Medium CVE-2024-6996: Race in Frames. Medium CVE-2024-6997: Use after free in Tabs. Medium CVE-2024-6998: Use after free in User Education. Medium CVE-2024-6999: Inappropriate implementation in FedCM. Medium CVE-2024-7000: Use after free in CSS. Medium CVE-2024-7001: Inappropriate implementation in HTML. Low CVE-2024-7003: Inappropriate implementation in FedCM. Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Various fixes from internal audits, fuzzing and other initiatives: [Merge-127] Enable GenGpuDiskCacheKeyPrefixInGpuService be default [M127][views-ax] Migrating Role in ui/Views to new system [M127][views-ax] Fix cached role/name/description out of sync in the cache (//chrome/views) [M127][views-ax] Fix cached role/name/description out of sync in the cache (//ash) [M127] [Compose] Announce the popup politely Use path2d cache flag for clip [M127 Merge][lens] Update the lens entrypoint synchronously with pref changes [M127 Merge][lens] Order the persistent entrypoint beside the bookmarks star [lens] Always suppress the label for the persistent entrypoint [CP M127][lensoverlay] Make sure overlay is closed after reload Updating XTBs based on .GRDs from branch 6533 [M127]Update dev mode off-store extension histograms [CP M127][lensoverlay] Fix tooltip showing on more info menu [CP M127][lensoverlay] Fix segmentation mask flicker [CP M127][lensoverlay] Keep overlay open if URL |
| Google Chrome Portable 127.0.6533.7 Jul 24, 2024 |
This update includes 24 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2024-6988: Use after free in Downloads. High CVE-2024-6989: Use after free in Loader. High CVE-2024-6991: Use after free in Dawn. High CVE-2024-6992: Out of bounds memory access in ANGLE. High CVE-2024-6993: Inappropriate implementation in Canvas. Medium CVE-2024-6994: Heap buffer overflow in Layout. Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Medium CVE-2024-6996: Race in Frames. Medium CVE-2024-6997: Use after free in Tabs. Medium CVE-2024-6998: Use after free in User Education. Medium CVE-2024-6999: Inappropriate implementation in FedCM. Medium CVE-2024-7000: Use after free in CSS. Medium CVE-2024-7001: Inappropriate implementation in HTML. Low CVE-2024-7003: Inappropriate implementation in FedCM. Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Various fixes from internal audits, fuzzing and other initiatives: [Merge-127] Enable GenGpuDiskCacheKeyPrefixInGpuService be default [M127][views-ax] Migrating Role in ui/Views to new system [M127][views-ax] Fix cached role/name/description out of sync in the cache (//chrome/views) [M127][views-ax] Fix cached role/name/description out of sync in the cache (//ash) [M127] [Compose] Announce the popup politely Use path2d cache flag for clip [M127 Merge][lens] Update the lens entrypoint synchronously with pref changes [M127 Merge][lens] Order the persistent entrypoint beside the bookmarks star [lens] Always suppress the label for the persistent entrypoint [CP M127][lensoverlay] Make sure overlay is closed after reload Updating XTBs based on .GRDs from branch 6533 [M127]Update dev mode off-store extension histograms [CP M127][lensoverlay] Fix tooltip showing on more info menu [CP M127][lensoverlay] Fix segmentation mask flicker [CP M127][lensoverlay] Keep overlay open if URL |
| Google Chrome Portable 126.0.6478.1 Jul 18, 2024 |
High CVE-2024-6772: Inappropriate implementation in V8. High CVE-2024-6773: Type Confusion in V8. High CVE-2024-6774: Use after free in Screen Capture. High CVE-2024-6775: Use after free in Media Stream. High CVE-2024-6776: Use after free in Audio. High CVE-2024-6777: Use after free in Navigation. High CVE-2024-6778: Race in DevTools. High CVE-2024-6779: Out of bounds memory access in V8. Various fixes from internal audits, fuzzing and other initiatives: Prevent script injection on reload when racing with a navigation Revert "Add flag to indicate if a board overlay include CBX functions" Updating XTBs based on .GRDs from branch 6478 Remove tests that check torproject URLs use key pinning [SCK] Retain refptr to shared helper to prevent UAF. Bandaid fix for crash in RecordDismissalType. Correct background image offset for paginated document canvas. [M-126] Revert "Move keyboard modifier event rewriter before peripheral customization" Merge "Revert "Enable features::kMacImeLiveConversionFix"" to M126 branch webview: disable Device Posture API due to leak. Revert "Bubble: remove all SizeToContents() in /chrome/browser/ash/input_method/ui" [M126] Reland "[WebRTC][Fuchsia] Ignore private (ULA) local addresses" [M126][media_preview] Fix pointer tear down order problem [6478] Increase mem_per_link_gb for Linux builders. [M126][WebRTC][Fuchsia] Ignore private (ULA) local addresses [M126][STGV2] Fix deletion from different window [M126] Destruct controller before referenced WebUI in CreateWebUIIfNeeded |
| Google Chrome Portable 126.0.6478.1 Jun 25, 2024 |
