Version | Change log |
Google Chrome 138.0.7204.1 Jul 30, 2025 |
This update includes 1 security fix: High CVE-2025-6554: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2025-06-25. This issue was mitigated on 2025-06-26 by a configuration change pushed out to Stable channel across all platforms. Other fixes: [Desktop M138 minibrach] Revert "Reland "FSA: Only normalize the hardcoded rules once during initialization"" [M138_50] Revert "[MediaRecorder] Support seeking for WebM when timeslice is unset" |
Google Chrome 138.0.7204.5 Jun 25, 2025 |
This update includes 11 security fixes: Medium CVE-2025-6555: Use after free in Animation. Low CVE-2025-6556: Insufficient policy enforcement in Loader. Low CVE-2025-6557: Insufficient data validation in DevTools. Other fixes: [M138] Revert "[PEPC] Remove the display enforcement [M138] [iOS]Close the bookmark folder view if an ancestor is deleted [M138] Disable DumpWithoutCrashing( in ProfileManager::RemoveKeepAlive( [M138][NtpCustomization] Fix crash BottomSheetListItemView.setSubtitle(. [M138] Cherry pick xcode handling logic for MacVM [M138] [iOS]Avoid double tap in the infobar banner [M138][Parity] Hide G icon if DSE is Yandex on NTP. [M138] [iOS] Fix crash due to null active web state in SideSwipeMediator. [M138] [rust png] Track `already_started_frame_` in `SkiaImageDecoderBase`. |
Google Chrome 138.0.7204.3 Jun 18, 2025 |
This update includes 3 security fixes: High CVE-2025-6191: Integer overflow in V8 High CVE-2025-6192: Use after free in Profiler. Other fixes: [M137] [discard] Extend fatal NOTREACHED to M142 [m137] preload-topchrome: preload only for regular profiles [M137][TabGroupSave] Call OnTabGroupWillBeRemoved observer call [M137] Properly set 'removed' property in extension cookie change events [ssm] Fix race condition |
Google Chrome 137.0.7151.1 Jun 18, 2025 |
This update includes 3 security fixes: High CVE-2025-6191: Integer overflow in V8 High CVE-2025-6192: Use after free in Profiler. Other fixes: [M137] [discard] Extend fatal NOTREACHED to M142 [m137] preload-topchrome: preload only for regular profiles [M137][TabGroupSave] Call OnTabGroupWillBeRemoved observer call [M137] Properly set 'removed' property in extension cookie change events [ssm] Fix race condition |
Google Chrome 137.0.7151.1 Jun 12, 2025 |
This update includes 2 security fixes: High CVE-2025-5958: Use after free in Media. High CVE-2025-5959: Type Confusion in V8. Other fixes: [M137] Add LoadingFromCommandLine histogram [M137] Disable re-encrypt of data in App-Bound encryption [M137] Revert "Schedule a browser exit when a SC_CLOSE is received from Windows TaskManager" [M137] Switch off GTS toolbar UI update for XR devices Fix exiting from fullscreen mode when going to PIP Disabling DisplayEdgeToEdgeFullscreen flag [M137] IDB: fix race condition when instantiating singleton factory [Gardener] Disable flaky test ruby-text-combine-upright-002a.html Reland "[gardener] Mark flaky WebAppBrowserTest.WithoutMinimalUiButtons* on Mac" m137: android-a11y: handle another java cache invalidation Guard call for ultimate originating element of ::scroll-button [M137] [fetch-keepalive] Add missing Android nav-fetch UKM logging. [M137] Prerender: Fix CHECK failure when prerender navigation fails m137: android-a11y: more robust caching m137: android-a11y: invalidate cached node on children changed [137][lensoverlay] Add DISABLE_CFI_DLSYM to IsPageContextEligible. [M137] Revert "Reland "Adds support for event-driven loopback clients on Windows"" [Merge to M137] [GTK] Fix keyboard input with Fcitx5+GTK3+X11 [M137] Fix UAFs in TailoredSecurityConsentedModalAndroid [M137] Disable DelayStopForMediaElementSourceNode feature. [M137][iOS][LU] Fix entry point mapping to invocation source [M137 Merge][Extensions] Update SW renderer state on render process exit [M137 Merge][Extensions] Simplify RendererState to kNotActive / kActive. [M137] Revert changes to Extension::GetResourceURL() VT: Ensure to update container styles before resolving ready. [M137] [omnibox] Trigger different surveys for different arms for On-focus ZPS [M137] Fix crash in CheckUpdaterHealthTask::CheckAndRecordUpdaterHealth m137: Make ash_pixeltests run on GCE bots with external IPs Prevent users from signing in with their |
Google Chrome 137.0.7151.6 Jun 5, 2025 |
Security Fixes: High CVE-2025-5419: Out of bounds read and write in V8. Medium CVE-2025-5068: Use after free in Blink. [M137] [ios] Do not ClearLastInteractedForm() on frames without drivers Updating XTBs based on .GRDs from branch 7151 [Merge back M137]demo_mode: Fallback to MGS if policy not connected [M137] Split error codes logged from different stages m137: infra: Enable builder-> gardening-rotation mapping txt files on branches [M137] CacheStorage: Fix metircs typo [M137] LanguageDetector: Report correct results with empty string [M137] LanguageDetector: Fix crash when unknown is greater than 0.01 [M137] [memory-infra] Don't report pages bitmap when not required [M137] Enforce SharedWorker::Terminate() procedure order [M137][Tab Group Sync] Preserve unknown fields for account data datatype [M137][Shared Tab Groups] Add version field to the account data specifics [M137] [memory-infra] Don't report PSS or mapping count for footprint requests [M137][PA/shim] Fix shim test failure on mac component build [searchprefetch] change CHECK(search_terms) back to if condition b Rebaseline and reenable tests after devtools change |
Google Chrome 137.0.7151.5 May 28, 2025 |
This update includes 11 security fixes: High CVE-2025-5063: Use after free in Compositing. High CVE-2025-5280: Out of bounds write in V8. Medium CVE-2025-5064: Inappropriate implementation in Background Fetch API. Medium CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. Medium CVE-2025-5066: Inappropriate implementation in Messages. Medium CVE-2025-5281: Inappropriate implementation in BFCache. Medium CVE-2025-5283: Use after free in libvpx. Low CVE-2025-5067: Inappropriate implementation in Tab Strip. Other fixes: [M137] [omnibox] Show default search engine icon in omnibox [137] Disable kGlicWarming and kGlicFreWarming Updating XTBs based on .GRDs from branch 7151 Disable tests temporarily for a devtools change [M137] [STG] Fix latency metric name Updating XTBs based on .GRDs from branch 7151 |
Google Chrome 136.0.7103.1 May 16, 2025 |
This update includes 4 security fixes: High CVE-2025-4664: Insufficient policy enforcement in Loader. High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Other fixes: [M136 Minibranch] Set `referrerpolicy: "no-referrer"` in link loads from subresources [M136] Reset the provisioning state when loading existing identities [M136] Set more appropriate flex behavior keys in PartialTranslateBubbleView. Updating XTBs based on .GRDs from branch 7103 [M136] [text-decorations] Add the last resort step Updating XTBs based on .GRDs from branch 7103 Updating XTBs based on .GRDs from branch 7103 [M136] Fix undefined shift UBSAN warnings in libxslt/xsltutils.c [M136] Add ability to store (28 bit) value in xmlDoc and xmlAttr. [M136] Use `extra` member in libxml structs for xslt flags. [M136] Revert "Remove TabObserver in TabStateBrowserControlsVisibilityDelegate." Automated Commit: LKGM 16238.44.0 for chromeos. [M136] Disable SelectColorsRemoveImportant [M136] Expand libxml structs to better integrate with libxslt. [M136] Initialize input router for opened window only once Drop transitive trust from transports [M136] linker_driver: fix lto cache temporary directory. [M136] Set RenderSurfaceFor2DScaleTransform back to experimental. [m136] Reset the receiver when OTR profile is destroyed [M136] Revert normalization of Android intent schemes Updating XTBs based on .GRDs from branch 7103 [M136] [iOS][DefaultBrowser] Disable sharing DB status with 1p Revert "Remove theme tracking from BubbleDialogDelegate" Updating XTBs based on .GRDs from branch 7103 Request the client_channel oauth scope for DriveFS Updating XTBs based on .GRDs from branch 7103 Change the assertion of background color opaqueness in BubbleFrameView to DCHECK |
Google Chrome 136.0.7103.9 May 6, 2025 |
Security fixes: Medium CVE-2025-4372: Use after free in WebAudio. Other fixes: emporarily remove crashpad_tests from ios_common_tests Revert "[Mac Text Subs] Ignore out-of-order text substitutions" [M136] [M136] webauthn: fix a crash during passkey upgrade requests Updating XTBs based on .GRDs from branch 7103 Updating XTBs based on .GRDs from branch 7103 Updating XTBs based on .GRDs from branch 7103 M136] Fix a crash that happens when the user removes an enabled flag [M136] allow glic client to navigate [Merge-M136]Disable FullscreenSigninPromoManagerMigration feature by default [M136] [Benefits][Clank] Fix for Bottom sheet extra space [ios] Fix Push Notification Pref Registration [Merge-M136][iOS][SigninPromo] Add feature flag to signin fullscreen promo display [136][Toolbar] Update offsets when position changes if visibly forced [M136][invalidation] Remove state check in CloudPolicyInvalidator [M136] sqlite: Upgrade to 3.49.1 [M136][shopcard] hide see more button. Updating XTBs based on .GRDs from branch 7103 [CVV] Fix the local card save mechanism to check for user pref [M136] [omnibox] Don't show HaTS if omnibox is focused. [M136] [lensoverlay] Wait for all upload chunk responses before sending gen204. [M136] [lensoverlay] Fix contextual query not waiting for page content [M136] [Omnibox] Add channel to PSD for On-Focus HATS [M136] Update window geometry on tiling state change [M136] Fix clipped visual rect with large scroll offsets Fix invoking ScreenAsh::GetDisplayNearestWindow on window being destroyed [M136][media] Handle no-op case in AAC bitstream converter [M136] ozone/wayland: Fix bookmark dropdown right click context menu [M136] Move non-Windows GPU optional builders to builderless pool [M136] Truncate each passage before returning from DocumentChunker [M136] [Extensions] Fix corruption of extension for file range request [M136] [lensoverlay] Fix ghost loader flickering [M136] Fix botched refactoring in LegacyRenderWidgetHostHWND::OnMouseLeav |
Google Chrome 136.0.7103.4 May 2, 2025 |
Security Fixes: High CVE-2025-4096: Heap buffer overflow in HTML. Medium CVE-2025-4050: Out of bounds memory access in DevTools. Medium CVE-2025-4051: Insufficient data validation in DevTools. Low CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10 Various fixes from internal audits, fuzzing and other initiatives: Updating XTBs based on .GRDs from branch 7103 |