| Version | Change log |
| Google Chrome 137.0.7151.5 May 28, 2025 |
This update includes 11 security fixes: High CVE-2025-5063: Use after free in Compositing. High CVE-2025-5280: Out of bounds write in V8. Medium CVE-2025-5064: Inappropriate implementation in Background Fetch API. Medium CVE-2025-5065: Inappropriate implementation in FileSystemAccess API. Medium CVE-2025-5066: Inappropriate implementation in Messages. Medium CVE-2025-5281: Inappropriate implementation in BFCache. Medium CVE-2025-5283: Use after free in libvpx. Low CVE-2025-5067: Inappropriate implementation in Tab Strip. Other fixes: [M137] [omnibox] Show default search engine icon in omnibox [137] Disable kGlicWarming and kGlicFreWarming Updating XTBs based on .GRDs from branch 7151 Disable tests temporarily for a devtools change [M137] [STG] Fix latency metric name Updating XTBs based on .GRDs from branch 7151 |
| Google Chrome 136.0.7103.1 May 16, 2025 |
This update includes 4 security fixes: High CVE-2025-4664: Insufficient policy enforcement in Loader. High CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo. Other fixes: [M136 Minibranch] Set `referrerpolicy: "no-referrer"` in link loads from subresources [M136] Reset the provisioning state when loading existing identities [M136] Set more appropriate flex behavior keys in PartialTranslateBubbleView. Updating XTBs based on .GRDs from branch 7103 [M136] [text-decorations] Add the last resort step Updating XTBs based on .GRDs from branch 7103 Updating XTBs based on .GRDs from branch 7103 [M136] Fix undefined shift UBSAN warnings in libxslt/xsltutils.c [M136] Add ability to store (28 bit) value in xmlDoc and xmlAttr. [M136] Use `extra` member in libxml structs for xslt flags. [M136] Revert "Remove TabObserver in TabStateBrowserControlsVisibilityDelegate." Automated Commit: LKGM 16238.44.0 for chromeos. [M136] Disable SelectColorsRemoveImportant [M136] Expand libxml structs to better integrate with libxslt. [M136] Initialize input router for opened window only once Drop transitive trust from transports [M136] linker_driver: fix lto cache temporary directory. [M136] Set RenderSurfaceFor2DScaleTransform back to experimental. [m136] Reset the receiver when OTR profile is destroyed [M136] Revert normalization of Android intent schemes Updating XTBs based on .GRDs from branch 7103 [M136] [iOS][DefaultBrowser] Disable sharing DB status with 1p Revert "Remove theme tracking from BubbleDialogDelegate" Updating XTBs based on .GRDs from branch 7103 Request the client_channel oauth scope for DriveFS Updating XTBs based on .GRDs from branch 7103 Change the assertion of background color opaqueness in BubbleFrameView to DCHECK |
| Google Chrome 136.0.7103.9 May 6, 2025 |
Security fixes: Medium CVE-2025-4372: Use after free in WebAudio. Other fixes: emporarily remove crashpad_tests from ios_common_tests Revert "[Mac Text Subs] Ignore out-of-order text substitutions" [M136] [M136] webauthn: fix a crash during passkey upgrade requests Updating XTBs based on .GRDs from branch 7103 Updating XTBs based on .GRDs from branch 7103 Updating XTBs based on .GRDs from branch 7103 M136] Fix a crash that happens when the user removes an enabled flag [M136] allow glic client to navigate [Merge-M136]Disable FullscreenSigninPromoManagerMigration feature by default [M136] [Benefits][Clank] Fix for Bottom sheet extra space [ios] Fix Push Notification Pref Registration [Merge-M136][iOS][SigninPromo] Add feature flag to signin fullscreen promo display [136][Toolbar] Update offsets when position changes if visibly forced [M136][invalidation] Remove state check in CloudPolicyInvalidator [M136] sqlite: Upgrade to 3.49.1 [M136][shopcard] hide see more button. Updating XTBs based on .GRDs from branch 7103 [CVV] Fix the local card save mechanism to check for user pref [M136] [omnibox] Don't show HaTS if omnibox is focused. [M136] [lensoverlay] Wait for all upload chunk responses before sending gen204. [M136] [lensoverlay] Fix contextual query not waiting for page content [M136] [Omnibox] Add channel to PSD for On-Focus HATS [M136] Update window geometry on tiling state change [M136] Fix clipped visual rect with large scroll offsets Fix invoking ScreenAsh::GetDisplayNearestWindow on window being destroyed [M136][media] Handle no-op case in AAC bitstream converter [M136] ozone/wayland: Fix bookmark dropdown right click context menu [M136] Move non-Windows GPU optional builders to builderless pool [M136] Truncate each passage before returning from DocumentChunker [M136] [Extensions] Fix corruption of extension for file range request [M136] [lensoverlay] Fix ghost loader flickering [M136] Fix botched refactoring in LegacyRenderWidgetHostHWND::OnMouseLeav |
| Google Chrome 136.0.7103.4 May 2, 2025 |
Security Fixes: High CVE-2025-4096: Heap buffer overflow in HTML. Medium CVE-2025-4050: Out of bounds memory access in DevTools. Medium CVE-2025-4051: Insufficient data validation in DevTools. Low CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10 Various fixes from internal audits, fuzzing and other initiatives: Updating XTBs based on .GRDs from branch 7103 |
| Google Chrome 135.0.7049.8 Apr 10, 2025 |
This update includes 2 security fixes: High CVE-2025-3066: Use after free in Site Isolation. Other fixes: [iOS] IPH Gesture Recognition Improvements [M135] Reland "build: pass CrOS' compiler_rt instead of Chrome's" Exclude interactivity from all shorthand [Blink] Fix reset of CanvasResourceHost::context_lost() [m135] Don't reorder the contents separator if pixel canvas is enabled. [Merge to M135] [GTK] Divide text size by font scale on GTK4 [Merge to M135] [GTK] Fix scale factor doubling on GTK4+Wayland WebUI: Remove unnecessary "not ios" assertion in focus_without_ink.ts. [Merge to M135] Fix crash when ConnectorsServiceFactory is created on shutdown. Updating XTBs based on .GRDs from branch 7049 Disable UseFreedesktopSecretKeyProvider [GTK] Fix selected text colors on some GTK4 themes [M135] fido: work around macOS framework bug with providerName in 13.* Settings: Attempt to fix runtime error thrown from within cr-dialog. [GTK] Add missing DISABLE_CFI_DLSYM on Gtk4FileChooserGetFiles Don't use GTK IME if WaylandTextInputV3 feature is enabled [M135][Telemetry] Update Lenovo extension ID Updating XTBs based on .GRDs from branch 7049 Updating XTBs based on .GRDs from branch 7049 b [M-135] Introduce OnIdle state for ActiveSessionAuthControllerImpl [M135 Merge][freezing] Fix crash in DiscardFrozenPagesWithGrowingMemoryOnMemoryMeasurement. [M135 Merge][tab] Assert owning TabStripModel when checking TabModel::IsActivated() Fix unregistered prefs "signin.accounts_metadata_dict" Post "Show Searchify in progress" request instead of direct call. Ensure DrawScrollingContentsOp contribute to containing effect bounds [M135 cherry pick] Fix crash in MergeAXTreeUpdates. [M135][infra] Remove references to do-nothing configs. Updating XTBs based on .GRDs from branch 7049 [M135] Revert "KeyPermissions: Improve the migration code" [M135 cherry pick] Update version and hash for TTS engine v1.5. [M135] Roll src/third_party/wasm_tts_engin |
| Google Chrome 135.0.7049.4 Apr 3, 2025 |
This update includes 14 security fixes. Below, we highlight fixes that were contributed by external researchers: High CVE-2025-3066: Use after free in Navigations. Reported by Sven Dysthe (@svn-dys) on 2025-03-21 Medium CVE-2025-3067: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien) on 2024-10-31 Medium CVE-2025-3068: Inappropriate implementation in Intents. Reported by Simon Rawet on 2025-03-09 Medium CVE-2025-3069: Inappropriate implementation in Extensions. Reported by NDevTK on 2022-06-26 Medium CVE-2025-3070: Insufficient validation of untrusted input in Extensions. Reported by Anonymous on 2017-01-01 Low CVE-2025-3071: Inappropriate implementation in Navigations. Reported by David Erceg on 2020-02-23 Low CVE-2025-3072: Inappropriate implementation in Custom Tabs. Reported by Om Apip on 2024-08-27 Low CVE-2025-3073: Inappropriate implementation in Autofill. Reported by Hafiizh on 2025-01-09 Low CVE-2025-3074: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-01-28 Other fixes: [GTK] Include scale factor in cursor theme size on GTK4 [XR] Separate JXR session is maintained for each Chrome instance. CARendererLayerTree::SolidColorContents: Correctly compute pixel values [M135 Merge][discard] Ensure FrameTree::Discard clears service workers [XR][Clean up] Remove Tab Drag and Drop as window feature flag. [XR] Prevents the app from switching to spatialized mode when the last tab is moved to another Chrome instance. Expand ignore filter for external intent handling [iOS] Replace Cancel button with back button in Autofill Profile Edit Settings [M135] Fix crash when multiple start time updates occur for a navigation. [M135][DNS] Add kAlreadyFalsePositive revocation result Updating XTBs based on .GRDs from branch 7049 Mark shouldInterceptRequest as possibly blocking Avoid re-entering lock in FontLoader::makeTypeface [PDF Ink Signatures] Use cr-radio-group for the ink brush selector [M135] [graphite] Handle non-con |
| Google Chrome 134.0.6998.1 Mar 26, 2025 |
1 security fix: Incorrect handle provided in unspecified circumstances in Mojo on Windows. Reported by Boris Larin (@oct0xor) and Igor Kuznetsov (@2igosha) of Kaspersky on 2025-03-20 Other fixes: M134 Fix crash in BubbleDialogDelegate with null client view Avoid receiving or sending sentinel handle values Updating XTBs based on .GRDs from branch 6998 Fix GAIA page native navigation for enrollment Updating XTBs based on .GRDs from branch 6998 |
| Google Chrome 134.0.6998.1 Mar 19, 2025 |
Security Fixes: Use after free in Lens. Various fixes from internal audits, fuzzing and other initiatives: [M134-112][ProfilePicker] Remove an assert for no profiles when list is loaded Set RFH token in clipboard only after writing other data M134: [UIA] Fix Narrator's navigation by heading Updating XTBs based on .GRDs from branch 6998 Roll libxslt from ae147fefb to c8b1ea4b8 [M134][ANR] Don't start jobs for PDF downloads [M134] SubframeHistoryNavigationThrottle: track the DEFER state [M134][LensOverlay] Check if controller exists in OnPermissionDialogAccept [FPF] Immediately re-request Activation after a failed load [M134 merge] Show reauth signin page before GLIC FRE when cookie sync fails Add a feature parameter to fork the prefetch process from the renderer [M134] WebView Prerender: Fix activation mismatch due to additional headers [M134] Check RFH's `policy_container_host` before its `active_sandboxing_flags` [PWA] Activate browser window for PWAs that open in browser tabs [M134] Disable FledgeBiddingAndAuctionNonceSupport feature by default. [m134] Fix opening all bookmarks by click on a bookmark submenu [M134][lensoverlay] Add shadow to preselection bubble on Windows [Merge-M134][iOS][DefaultBrowser] Fix check crash on null browser [M134] [ios] Abort in showStartSurfaceIfNecessary if UI is not ready [Mall] Improve Mall shelf pinning behavior for existing CrOS users [M134] Allow data scheme for pdf pages [M134]Fix crash in webui handler for extended updates eligibility check |
| Google Chrome 134.0.6998.8 Mar 11, 2025 |
Security fixes: Type Confusion in V8 Out of bounds write in GPU. Use after free in Inspector. Other fixes: Cherry-pick: [NTP][Enterprise] Add histogram to record when an auth attempt is made Disable setting primitive restart for WebGL in the cmd decoder. Move WebGL primitive restart state setting to the GPU process. Allow blob scheme for PDF pages Revert "When stopping or disabling a remote audio track, do not disable clones." [Sync ESB] Replace an icon with the grey info icon Fixes setStatusBarColor call in onPreCreate [A11y] Consistent tree after aria-owns changes Add exceptions for comma / hyphen splicing. ash: Fix button row overflow in Camera control UI [ios] When stateless, use KA params for manual fills [iOS] Add arms to IPH ablation experiment [A11y] Do not recompute cached attributes of descendants while creating ancestor Remove unnecessary layer in BookmarkBarView [login] Remove dump without crash [settings] Fix hide-banner in sync-account-controls [Merge 134] Splice on punctuation on desktop to reduce sentence delays. [iOS] Set up IPH ablation experiment Updating XTBs based on .GRDs from branch 6998 [File Download Access Prevention] Expose EnterpriseFileObfuscation feature flag on chrome://flags Don't show full name suggestions when focusing alt-name field Cherry-pick/roll Skrifa to 0.26.6 fixing Nastaliq freeze Fix a JS error in accessing an empty array in Tab Search demo_mode: Fix the crash caused by nullptr Invalidation tracing: Null-check invalidation sets that might be missing Merged: Revert "Reland "Reland "Ship Explicit Resource Management""" Add a feature to limit the number of selectableBASRI k-anon fetches. Fix file icons for Microsoft cards Roll installer/mac/internal [Bookmarks] Fix crash on null input [Clear-Site-Data] Switch parsing issues from kError to kWarning {PICK M134} Updating XTBs based on .GRDs from branch 6998 coral: crash on getting group by ID Extend check in stopQuickDeleteForAnimation to |
| Google Chrome 134.0.6998.3 Mar 5, 2025 |
This update includes 14 security fixes. Below, we highlight fixes that were contributed by external researchers: [$7000][397731718] High CVE-2025-1914: Out of bounds read in V8. Reported by Zhenghang Xiao (@Kipreyyy) and Nan Wang (@eternalsakura13) on 2025-02-20[$4000][391114799] Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools. Reported by Topi Lassila on 2025-01-20[$3000][376493203] Medium CVE-2025-1916: Use after free in Profiles. Reported by parkminchan, SSD Labs Korea on 2024-10-31[$2000][329476341] Medium CVE-2025-1917: Inappropriate Implementation in Browser UI. Reported by Khalil Zhani on 2024-03-14[$2000][388557904] Medium CVE-2025-1918: Out of bounds read in PDFium. Reported by asnine on 2025-01-09[$2000][392375312] Medium CVE-2025-1919: Out of bounds read in Media. Reported by @Bl1nnnk and @Pisanbao on 2025-01-26[$1000][387583503] Medium CVE-2025-1921: Inappropriate Implementation in Media Stream. Reported by Kaiido on 2025-01-04[$5000][384033062] Low CVE-2025-1922: Inappropriate Implementation in Selection. Reported by Alesandro Ortiz on 2024-12-14[$1000][382540635] Low CVE-2025-1923: Inappropriate Implementation in Permission Prompts. Reported by Khalil Zhani on 2024-12-06 |
