| Version | Change log |
| Google Chrome 135.0.7049.4 Apr 3, 2025 |
This update includes 14 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2025-3066: Use after free in Navigations. Reported by Sven Dysthe (@svn-dys) on 2025-03-21 Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31 Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-09 Medium CVE-2025-3069: Inappropriate implementation in Extensions. Reported by NDevTK on 2022-06-26 Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions. Reported by Anonymous on 2017-01-01 Low CVE-2025-3071: Inappropriate implementation in Navigations. Reported by David Erceg on 2020-02-23 Low CVE-2025-3072: Inappropriate implementation in Custom Tabs. Reported by Om Apip on 2024-08-27 Low CVE-2025-3073: Inappropriate implementation in Autofill. Reported by Hafiizh on 2025-01-09 Low CVE-2025-3074: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-01-28 Other fixes: [GTK] Include scale factor in cursor theme size on GTK4 [XR] Separate JXR session is maintained for each Chrome instance. CARendererLayerTree::SolidColorContents: Correctly compute pixel values [M135 Merge][discard] Ensure FrameTree::Discard clears service workers [XR][Clean up] Remove Tab Drag and Drop as window feature flag. [XR] Prevents the app from switching to spatialized mode when the last tab is moved to another Chrome instance. Expand ignore filter for external intent handling [iOS] Replace Cancel button with back button in Autofill Profile Edit Settings [M135] Fix crash when multiple start time updates occur for a navigation. [M135][DNS] Add kAlreadyFalsePositive revocation result Updating XTBs based on .GRDs from branch 7049 Mark shouldInterceptRequest as possibly blocking Avoid re-entering lock in FontLoader::makeTypeface [PDF Ink Signatures] Use cr-radio-group for the ink brush selector [M135] [graphite] Handle non-con |
| Google Chrome 134.0.6998.1 Mar 26, 2025 |
1 security fix: Incorrect handle provided in unspecified circumstances in Mojo on Windows. Reported by Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) of Kaspersky on 2025-03-20 Other fixes: M134 Fix crash in BubbleDialogDelegate with null client view Avoid receiving or sending sentinel handle values Updating XTBs based on .GRDs from branch 6998 Fix GAIA page native navigation for enrollment Updating XTBs based on .GRDs from branch 6998 |
| Google Chrome 134.0.6998.1 Mar 19, 2025 |
Security Fixes: Use after free in Lens. Various fixes from internal audits, fuzzing and other initiatives: [M134-112][ProfilePicker] Remove an assert for no profiles when list is loaded Set RFH token in clipboard only after writing other data M134: [UIA] Fix Narrator's navigation by heading Updating XTBs based on .GRDs from branch 6998 Roll libxslt from ae147fefb to c8b1ea4b8 [M134][ANR] Don't start jobs for PDF downloads [M134] SubframeHistoryNavigationThrottle: track the DEFER state [M134][LensOverlay] Check if controller exists in OnPermissionDialogAccept [FPF] Immediately re-request Activation after a failed load [M134 merge] Show reauth signin page before GLIC FRE when cookie sync fails Add a feature parameter to fork the prefetch process from the renderer [M134] WebView Prerender: Fix activation mismatch due to additional headers [M134] Check RFH's `policy_container_host` before its `active_sandboxing_flags` [PWA] Activate browser window for PWAs that open in browser tabs [M134] Disable FledgeBiddingAndAuctionNonceSupport feature by default. [m134] Fix opening all bookmarks by click on a bookmark submenu [M134][lensoverlay] Add shadow to preselection bubble on Windows [Merge-M134][iOS][DefaultBrowser] Fix check crash on null browser [M134] [ios] Abort in showStartSurfaceIfNecessary if UI is not ready [Mall] Improve Mall shelf pinning behavior for existing CrOS users [M134] Allow data scheme for pdf pages [M134]Fix crash in webui handler for extended updates eligibility check |
| Google Chrome 134.0.6998.8 Mar 11, 2025 |
Security fixes: Type Confusion in V8 Out of bounds write in GPU. Use after free in Inspector. Other fixes: Cherry-pick: [NTP][Enterprise] Add histogram to record when an auth attempt is made Disable setting primitive restart for WebGL in the cmd decoder. Move WebGL primitive restart state setting to the GPU process. Allow blob scheme for PDF pages Revert "When stopping or disabling a remote audio track, do not disable clones." [Sync ESB] Replace an icon with the grey info icon Fixes setStatusBarColor call in onPreCreate [A11y] Consistent tree after aria-owns changes Add exceptions for comma / hyphen splicing. ash: Fix button row overflow in Camera control UI [ios] When stateless, use KA params for manual fills [iOS] Add arms to IPH ablation experiment [A11y] Do not recompute cached attributes of descendants while creating ancestor Remove unnecessary layer in BookmarkBarView [login] Remove dump without crash [settings] Fix hide-banner in sync-account-controls [Merge 134] Splice on punctuation on desktop to reduce sentence delays. [iOS] Set up IPH ablation experiment Updating XTBs based on .GRDs from branch 6998 [File Download Access Prevention] Expose EnterpriseFileObfuscation feature flag on chrome://flags Don't show full name suggestions when focusing alt-name field Cherry-pick/roll Skrifa to 0.26.6 fixing Nastaliq freeze Fix a JS error in accessing an empty array in Tab Search demo_mode: Fix the crash caused by nullptr Invalidation tracing: Null-check invalidation sets that might be missing Merged: Revert "Reland "Reland "Ship Explicit Resource Management""" Add a feature to limit the number of selectableBASRI k-anon fetches. Fix file icons for Microsoft cards Roll installer/mac/internal [Bookmarks] Fix crash on null input [Clear-Site-Data] Switch parsing issues from kError to kWarning {PICK M134} Updating XTBs based on .GRDs from branch 6998 coral: crash on getting group by ID Extend check in stopQuickDeleteForAnimation to |
| Google Chrome 134.0.6998.3 Mar 5, 2025 |
This update includes 14 security fixes. Below, we highlight fixes that were contributed by external researchers: [$7000][397731718] High CVE-2025-1914: Out of bounds read in V8. Reported by Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13) on 2025-02-20[$4000][391114799] Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Reported by Topi Lassila on 2025-01-20[$3000][376493203] Medium CVE-2025-1916: Use after free in Profiles. Reported by parkminchan, SSD Labs Korea on 2024-10-31[$2000][329476341] Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Reported by Khalil Zhani on 2024-03-14[$2000][388557904] Medium CVE-2025-1918: Out of bounds read in PDFium. Reported by asnine on 2025-01-09[$2000][392375312] Medium CVE-2025-1919: Out of bounds read in Media. Reported by @Bl1nnnk and @Pisanbao on 2025-01-26[$1000][387583503] Medium CVE-2025-1921: Inappropriate Implementation in Media Stream. Reported by Kaiido on 2025-01-04[$5000][384033062] Low CVE-2025-1922: Inappropriate Implementation in Selection. Reported by Alesandro Ortiz on 2024-12-14[$1000][382540635] Low CVE-2025-1923: Inappropriate Implementation in Permission Prompts. Reported by Khalil Zhani on 2024-12-06 |
| Google Chrome 133.0.6943.1 Mar 4, 2025 |
Various fixes from internal audits, fuzzing and other initiatives: Remove TcpSocketIoCompletionPortWin from testing config [M133] Manual cherry-pick of two androidx.pdf commits Updating XTBs based on .GRDs from branch 6943 |
| Google Chrome 133.0.6943.1 Feb 25, 2025 | Various fixes from internal audits, fuzzing and other initiatives |
| Google Chrome 133.0.6943.1 Feb 19, 2025 |
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers: [$11000][394350433] High CVE-2025-0999: Heap buffer overflow in V8. Reported by Seunghyun Lee (@0x10n) on 2025-02-04 [TBD][383465163] High CVE-2025-1426: Heap buffer overflow in GPU. Reported by un3xploitable && GF on 2024-12-11 [$4000][390590778] Medium CVE-2025-1006: Use after free in Network. Reported by Tal Keren, Sam Agranat, Eran Rom, Edouard Bochin, Adam Hatsir of Palo Alto Networks on 2025-01-18 |
| Google Chrome 133.0.6943.9 Feb 13, 2025 |
Security Fixes: Use after free in Skia. Use after free in V8. Inappropriate implementation in Extensions API. |
| Google Chrome 133.0.6943.6 Feb 7, 2025 |
Security Fixes: Use after free in Skia. Use after free in V8. Inappropriate implementation in Extensions API. |
