Google Chrome 94.0.4606.54 軟體資訊交流 Mac

winXmac軟體社群 Mac 瀏覽器 Google 免費軟體 Rate 80

Google Chrome for Mac,軟體教學,軟體下載,軟體社群,Windows軟體,Mac軟體

Google Chrome 94.0.4606.54 Mac


Google Chrome for Mac 是一個瀏覽器,結合了最先進的技術最小的設計,使網絡更快,更安全,更容易。一切都使用一個框 - 輸入地址欄,並獲得搜索和網頁的建議。您的熱門網站的縮略圖,讓您立即以任何新標籤閃電般的速度訪問您最喜愛的網頁。桌面快捷方式允許您直接從桌面啟動您最喜愛的 Web 應用程序。 Google 的 Chrome for Mac 是跨平台瀏覽網頁的流行和可靠選擇!立即下載,安裝或更新 Google Chrome for Mac!

為什麼使用 Google Chrome for Mac?

立即搜索
搜索和導航從同一個框。從您鍵入時顯示的結果和建議中進行選擇,包括您最近的搜索和訪問過的網站,以便您快速找到所需內容.

Type less
您是否厭倦用相同的信息一次又一次地填寫 Web 表單?自動填充功能讓您只需點擊一下即可完成表格。它也適用於各種設備 - 所以你可以跳過所有的小屏幕輸入。

拿起您離開的位置
Chrome for Mac 將您打開的標籤頁,書籤和最近的搜索從您的計算機傳送到您的手機或平板電腦,反之亦然。這樣,你的所有設備上都有你的網頁。只需登錄您的其他設備即可開始同步.

體驗更智能的 web
當您使用 Chrome 瀏覽器進行瀏覽時,可以充分利用 Google 的優勢。 Chrome 和 Google 攜手合作,為您帶來更多相關的 Google 產品相關建議和功能,包括 Google 語音搜索和 Google 即時。

使 Chrome 瀏覽器成為您的朋友
瀏覽 Chrome 主題,應用和擴展程序的方式。通過書籤和開始頁面直接訪問您喜歡的網頁目的地。設置完 Chrome 後,您的自定義設置將會在所有設備上保持同步.

還提供:下載 Google Chrome for Windows

檔案版本 Google Chrome 94.0.4606.54
檔案名稱 googlechrome.dmg
檔案大小
系統 Mac OS X 10.9 or later
軟體類型 免費軟體
作者 Google
更新日期 http://www.google.com/chrome
軟體類型 2021-09-22
更新日誌

What's new in this version:

Google Chrome 94.0.4606.54
Security Fixes:
- High CVE-2021-37956: Use after free in Offline use
- High CVE-2021-37957 : Use after free in WebGPU
- High CVE-2021-37958 : Inappropriate implementation in Navigation
- High CVE-2021-37959 : Use after free in Task Manager
- High CVE-2021-37960 : Inappropriate implementation in Blink graphics
- Medium CVE-2021-37961 : Use after free in Tab Strip
- Medium CVE-2021-37962 : Use after free in Performance Manager
- Medium CVE-2021-37963 : Side-channel information leakage in DevTools
- Medium CVE-2021-37964 : Inappropriate implementation in ChromeOS Networking
- Medium CVE-2021-37965 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37966 : Inappropriate implementation in Compositing
- Medium CVE-2021-37967 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37968 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37969 : Inappropriate implementation in Google Updater
- Medium CVE-2021-37970 : Use after free in File System API
- Low CVE-2021-37971 : Incorrect security UI in Web Browser UI
- Low CVE-2021-37972 : Out of bounds read in libjpeg-turbo

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 93.0.4577.82
- Sync: Reset unreasonably-short polling intervals
- M93: [IndexedDB] Don't ReportBadMessage for Commit calls
- M93: [IndexedDB] Add browser-side checks for committing transactions. [ChromeCart] Add rate control for cart content extraction
- Updating XTBs based on .GRDs from branch 4577
- [BackgroundFetch] Pass a copy of the job ID string to cancel event
- Roll ChromeOS Bigcore AFDO profile from 93-4577.69-1630924723-benchmark-93.0.4577.77-r1 to 93-4577.69-1630924723-benchmark-93.0.4577.80-r1
- Merge "FIELDSET: Fix a crash on dynamic changes of pseudo elements" to M93 branch
- Incrementing VERSION to 93.0.4577.80
- M93: Enable RDB experiment for 5% of all CI and try builds
- Merge 4577: Apply list item quirks only when the nested list is block-level
- [layout] Remove limit from LayoutInline::SplitInlines
- Skip WebGL conformance/programs/program-test.html on all platforms
- Rename ci/mac{,11}-arm64-rel-tests try/mac{,11}-arm64-rel
- Check if profile manager initialized when checking profile
- [ContentIndex] Add Origin checks to mojo methods
- [Merge to M93][bfcache] Remove DumpWithoutCrashing for race conditions
- [Merge to M93] Ignore OnCreateChildFrame when we're missing RVH for proxy creation
- [Merge to M93] Stop crashing when OldPageInfo is sent to non-main frames
- [CCT] Fix white background issue for the rounded corner
- Updating XTBs based on .GRDs from branch 4577
- Incrementing VERSION to 93.0.4577.79
- [M93 Merge] Fix window focus bug on Windows due to a Linux fix
- Remove invalid Terminal app registration pref
- [GMNext] Add android:popupMenuStyle attr for translate infobar
- Disable overscroll when prefers-reduced-motion is set
- [M93 Cherry-Pick] Reland "[Paint Preview] Fix bitmap locking"
- Fix crash trying to observe gesture event when animations disabled
- [M93 merge] compositor: fix bug in sending damage regions
- Tweak android overscroll stretch parameters
- Updating XTBs based on .GRDs from branch 4577 by Ben Mason
- ReadingList Sync: Fix ping-pong-prone logic
- Fix a crash in SavedPasswordsPresenter
- Ensure ShowBubble is a no-op if already showing
- [M93 Merge][tab strip] Move WebContentsDelegate logic to the TabStripPageHandler by tom
- Updating XTBs based on .GRDs from branch 4577
- Ios: Speculative fix for viewWillTransitionToSize crash
- Roll src/third_party/libavif/src/ f8b782aad..efed11856 (16 commits)
- Content-visibility: Force range base/extent when computing visual selection
- [M93] X11: fix tab drag
- M93: [X11] Coalesce mouse motion events when dragging
- Invalidate for changed PaintedOutputInvisible when a PaintLayer is removed
- [segmentation_platform] Fixed segment selector |is_ready|
- [RBD] Avoid appending multiple utm_source tags
- [Start] Add two new variations.
- Updating XTBs based on .GRDs from branch 4577
- [M93 merge] webui: make WebUIAllowlist and WebUIAllowlistProvider thread-safe
- [Messages] Update popup block primary action button text
- [M93] Remove the glob for generated/luci-milo*.cfg
- [M93] Generate the LUCI services configs into a luci subdirectory
- [Fuchsia][M93 merge] Fix FuchsiaAudioRenderer to handle PCM streams correctly
- [M93] Reject AudioData invalid indexes
- [M93] [WebCodecs] Implement support for converting AudioData to float32
- Provide reason for BottomSheetObserver.onSheetStateChanged


Google Chrome 93.0.4577.63
Security Fixes:
- High CVE-2021-30606: Use after free in Blink.
- High CVE-2021-30607: Use after free in Permissions.
- High CVE-2021-30608: Use after free in Web Share.
- High CVE-2021-30609: Use after free in Sign-In.
- N/A1200440 High CVE-2021-30610: Use after free in Extensions API.
- Medium CVE-2021-30611: Use after free in WebRTC.
- Medium CVE-2021-30612: Use after free in WebRTC.
- Medium CVE-2021-30613: Use after free in Base internals.
- Medium CVE-2021-30614: Heap buffer overflow in TabStrip.
- Medium CVE-2021-30615: Cross-origin data leak in Navigation.
- Medium CVE-2021-30616: Use after free in Media.
- Medium CVE-2021-30617: Policy bypass in Blink.
- Medium CVE-2021-30618: Inappropriate implementation in DevTools.
- Medium CVE-2021-30619: UI Spoofing in Autofill.
- NA1063518 Medium CVE-2021-30620: Insufficient policy enforcement in Blink.
- NA1204722 Medium CVE-2021-30621: UI Spoofing in Autofill.
- NA1224419 Medium CVE-2021-30622: Use after free in WebApp Installs.
- Low CVE-2021-30623: Use after free in Bookmarks.
- TBD1230513 Low CVE-2021-30624: Use after free in Autofill.

Various fixes from internal audits, fuzzing and other initiatives:
- [Win] Notify TextInputClient about input type change during Omnibox init
- MediaStreamVideoTrack::GetCaptureHandle: Check WeakPtr before dereferencing
- Migrate PermissionChip to OnWidgetDestroying
- Merge 93: Null check to fix crash in PlatformGetParent
- Updating XTBs based on .GRDs from branch 4577
- [M93] Stop exporting test results to `luci-resultdb.chromium.*`
- Updating XTBs based on .GRDs from branch 4577
- [Merge to M93] bento_bar: Consolidate window state with the bento bar
- [Merge M93] Fix parameter validation for chrome.tcpServer.getInfo()
- [M93] Cleanup branched builders on chromium.fyi console.
- Fix eventsource/format-utf-8.htm wpt
- [Fuchsia][M93 merge] Fix --shared-array-buffer-allowed-origins for worklets
- [CSN] Tweak element paddings
- [CSN] Do not trigger on tablets
- Revert "Stop setting kStabilityExitedCleanly to true in InitializeMetricsState."
- Updating XTBs based on .GRDs from branch 4577
- Updating XTBs based on .GRDs from branch 4577
- Fix X-Geo header not sent despite user explicitly allowing geolocation
- [Merge to M93] bento_bar: Ensure the bento bar is only created in ACTIVE user session
- [Merge 93] Invalidate frame_view in ChromeNativeAppWindowViewsAuraAsh::SetFullscreen
- [Sheriff] Disable CrComponentsMostVisitedTest.Modification on Linux Tests dbg
- [Android] Record metric only when data is wiped on child account sign-in
- [Merge M93] Do not process non-dictionary configurations
- Do not paint fragmented foreign layers
- Fix heap-use-after-free by passing route_id by copy
- Disable printing tests that require the Windows print spooler service.
- Prevent OOB on dragging tab group
- [Offline Measurements] Handled cases with multiple HttpURLConnections
- [PriceTracking] Fix the price drop IPH focus issue
- Don't retain BrowserContext on stopping audio debug recordings
- [Start] Move UndoGroupSnackbarController to TabbedRootUICoordinator.
- [M93 Stylize] Round down the pixel size for template and padding
- Fix Android Fullscreen Rotation with SurfaceSyncThrottle
- Set app menu background color to match items.
- [Traffic Annotation] Roll traffic_annotation_auditor
- [M93] Use ash feature flag for fetching account capabilities for CrOS
- Merge "FIELDSET: Don't reattach on descendant reattach" to M93 branch


Google Chrome 92.0.4515.159
Security Fixes:
- High CVE-2021-30598: Type Confusion in V8.
- High CVE-2021-30599: Type Confusion in V8.
- High CVE-2021-30600: Use after free in Printing.
- High CVE-2021-30601: Use after free in Extensions API.
- High CVE-2021-30602: Use after free in WebRTC.
- High CVE-2021-30603: Race in WebAudio.
- High CVE-2021-30604: Use after free in ANGLE.

Various fixes from internal audits, fuzzing and other initiatives:
- Revert "Forbid script execution for entire lifecycle update"
- Disable kDesktopCaptureMacV2
- Updating XTBs based on .GRDs from branch 4515
- [Merge 92] Protect candidate better from garbage collection during negotiation.
- [segmentation_platform] Add V2 to the feature name
- Move to Python 3 in chrome/installer/mac/BUILD.gn
- [M92][Credentialless] Fix flakes about iframeTest.js
- [M-92] Check if kArcIsManaged is set before triggering transition
- [RBD] Fetch discount immediately after loading carts
- Re-configure "enable_launch_polish" and "enable_launch_bug_fix"
- Fix error running Mac signing under py3.
- M92: Do more class validity checks in PrintViewManagerBase.
- Disable different origin subframe JS dialog suppression
- M92: NativeIO: Fix potential NativeIOHost lifetime issue.
- Merchant: Don't erase ProfileProtoDB in memory.
- [M92] CP icu fix for nb/no res
- Add UMA for metrics related to the DSE autogrant being disabled.
- Fixed bug where Resetting DSE permissions didn't account for kRevertDSEAutomaticPermissions
- [segmentation_platform] Set and validate feature name hash
- Defer looking up the WebContents for the directory confirmation dialog.
- Disable flaky SubresourceRedirectLoginRobotsBrowserTest tests
- Fix bug where the UI still showed "allowed for your default search engine"
- [M92] Fixed a NPE in DownloadController.requestFileAccessPermissionHelper
- Add a feature that allows control over DSE permission logic
- cros: Disable flaky test RestoreBrowserWindowsToDesks
- Fix a flaky test of MediaHistoryForPrerenderBrowserTest
- [segmentation_platform] Add internal metrics.
- [segmentation_platform] Fixed SignalKey collision
- [segmentation_platform] Update signal collection on model updates
- [Android][Sheriff] Disable Flaky LocationBarTest
- Register SyntheticTrialsActiveGroupIdProvider in WebLayer
- [Fuchsia][M92 merge] Signal last release fences in ~OutputPresenterFuchsia
- Protect HRTF database loader thread from access by different threads
- [M92] Set sheriff rotations as a property on builders
- Address NPE in TabGroupUtils
- [M92] Modify branches.value to support values varied per branch selector
- Sheriff: Disable a flaky test
- [Autofill Assistant] Fixed unit test for starter.
- [Sheriff] Disable flaky test CheckHostPointToScreenInMouseWarpRegion
- 4515: Replace the rdb 'enable' field in testing specs with a better name
- Reapply flaky test expectation for animate-fling-to-snap-points-1.html
- 4515: Update the "py" wheel to a version that is compatible with pytest-6.2.2
- [Merge to 4515] Lacros: fine grained control for google rollout.
- [Sheriff] Disable flaky tast test launcher.SearchBuiltInApps
- [M92] Export chromium test results to chrome-luci-data.chromium.*_test_results


Google Chrome 92.0.4515.131
Security Fixes:
- High CVE-2021-30590: Heap buffer overflow in Bookmarks
- High CVE-2021-30591: Use after free in File System API
- High CVE-2021-30592: Out of bounds write in Tab Groups
- High CVE-2021-30593: Out of bounds read in Tab Strip
- N/A1218468 High CVE-2021-30594: Use after free in Page Info UI
- Medium CVE-2021-30596: Incorrect security UI in Navigation
- TBD1232617 Medium CVE-2021-30597: Use after free in Browser UI
- Various fixes from internal audits, fuzzing and other initiatives
- dpwas: Don't show WebAppFrameToolbarView in fullscreen on win10
- [M92] Fix potential UAF in holding space item views
- [RBD] Add UTM tag
- [Merge 92] Revert "[SH] Allow highlighting text fragments on history navigations"
- [segmentation_platform] Hide voice button setting when useless (Merge CL)
- Fix null pointer dereference
- Updating XTBs based on .GRDs from branch 4515
- arc: Fix intent helper metrics use-after-free
- M92: Add 'UnlimitedSize' to extensions.mojom.LocalFrameHost.Request()
- Handle an empty tabstrip in TabStrip::GetDropBounds
- Fix case where an extension could open a pinned grouped tab
- M92: Revert "Allow multiple relayout passes when scrollbars change."
- [sheriff] Mark RTCPeerConnection-reload-sctptransport.html as flaky
- Updating XTBs based on .GRDs from branch 4515
- [PA] Make GetUsableSize() handle nullptr gracefully
- Fix backspace event triggered twice problem
- M92: [printing] Ensure that the quit closures for Mojo are called
- [Merge-M92] Fix JS dialog navigation deferral race
- PreviewTab: Disable Web Share feature and fix the crash
- Add support for DXGI typeless format for SharedImageBackingFactoryD3D
- Forbid script execution for entire lifecycle update
- [Merge 92] [omnibox] Fix Android about:blank security regression
- M92: Sheriff: disable OutOfProcessPPAPITest.Printing on Win7
- Increase robustness of the move assignment operator for ACMatch
- M92: Disable PrintingContextTests that are failing on Win7 bots
- [Fuchsia][M92 Merge] Improve underflow handling in FuchsiaAudioOutputDevice
- [Autofill Assistant] Retain all script parameters
- [Autofill Assistant] Fix potential crashes in trigger scripts
- Update OWNERS for translation artifacts
- [M92 merge] Lift WebMediaPlayer limits much higher
- Manually post task to bind FileUtilitiesHost
- Merge 4515: Fix nested inline box fragmentation
- [Merge to M92]cr-buildbucket.cfg: export gpu test results to chrome-luci-data
- Fix RecentlyUsedFoldersComboModel heap overflows
- [segmentation_platform] Fix various issues for executing models
- [segmentation_platform] Consistent minimum screen width logic
- [segmentation_platform] Add tracing for processor intensive tasks
- [segmentation_platform] Added core metrics
- [Merge to M92]bento_bar: Adding pref kUserHasUsedDesksRecently
- testing: increase shard for blink_web_tests on 'Mac10.15 Tests (dbg)'
- [PageInfo] PageInfo UI handles WebContents being destroyed


Google Chrome 92.0.4515.107
Security Fixes:
- High CVE-2021-30566: Stack buffer overflow in Printing
- High CVE-2021-30567: Use after free in DevTools
- High CVE-2021-30568: Heap buffer overflow in WebGL
- High CVE-2021-30569: Use after free in sqlite
- High CVE-2021-30571: Insufficient policy enforcement in DevTools
- High CVE-2021-30572: Use after free in Autofill
- High CVE-2021-30573: Use after free in GPU
- High CVE-2021-30574: Use after free in protocol handling
- Medium CVE-2021-30575: Out of bounds read in Autofill
- Medium CVE-2021-30576: Use after free in DevTools
- Medium CVE-2021-30577: Insufficient policy enforcement in Installer
- Medium CVE-2021-30578: Uninitialized Use in Media
- Medium CVE-2021-30579: Use after free in UI framework
- Medium CVE-2021-30580: Insufficient policy enforcement in Android intents
- Medium CVE-2021-30581: Use after free in DevTools
- Medium CVE-2021-30582: Inappropriate implementation in Animation
- Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows
- Medium CVE-2021-30584: Incorrect security UI in Downloads
- Medium CVE-2021-30585: Use after free in sensor handling
- Medium CVE-2021-30586: Use after free in dialog box handling on Windows
- Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows
- Low CVE-2021-30588: Type Confusion in V8
- Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1231294] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 91.0.4472.164
Security Fixes:
- Out of bounds write in ANGLE
- Use after free in V8
- [$N/A][1219209] High CVE-2021-30560: Use after free in Blink XSLT
- Type Confusion in V8
- Use after free in WebSerial
- Type Confusion in V8
- Heap buffer overflow in WebXR

Various fixes from internal audits, fuzzing and other initiatives:
- [M91] [Sheriff] Disable flaky mac test
- 4472: infra: Allow CI & try builds to create RDB invocations in their realms
- Revert "Change low stylus battery notification message"
- ChromeAppSorting should ignore bookmark app extensions which obsolete
- ExtensionSyncService::ApplySyncData should not set ChromeAppSorting ordinals for bookmark apps
- Fix use-after-free with XSLT strip-space
- serial: Fix parent class tracing for SerialPort
- Revert "[fuchsia] Use Ubuntu 16.04 or 20.4 for Fuchsia arm64 tests."
- Change low stylus battery notification message
- Fix Samsung Odyssey Input Profile Mismatch
- [fuchsia] Use Ubuntu 16.04 or 20.4 for Fuchsia arm64 tests
- [M91] Migrate all builds to bbagent
- Add luci and test configurations for Win10 20h2 tester and trybot
- Add the ability to not generate location tag metadata at runhooks-time
- [M91][Extensions][Tabs] Allow tabs.query and tabs.get while drag in progress


Google Chrome 91.0.4472.114
- Ensure that XRLayer includes base EventTarget in Trace
- [M91] Disable QRGeneratorUtilTest.GenerateQRCode_ValidData
- Reland "Regenerate group IDs when restoring closed window"
- [ChromeCart] Fix AddToCart false positives for some sites
- Initialize FFT HashMap with all possible keys
- [M91] Reland: PaymentInstrumentIconFetcher avoids using released WebContents
- M91: Update all iOS CI & try builders to accept only Mac 11
- [91] chromeos: Unset BOTO_CONFIG env var when flashing public images

Security Fixes:
- High CVE-2021-30554: Use after free in WebGL
- High CVE-2021-30555: Use after free in Sharing
- High CVE-2021-30556: Use after free in WebAudio
- High CVE-2021-30557: Use after free in TabGroups


Google Chrome 91.0.4472.106
- Change log not available for this version


Google Chrome 91.0.4472.77
- High CVE-2021-30521: Heap buffer overflow in Autofill
- High CVE-2021-30522: Use after free in WebAudio
- High CVE-2021-30523: Use after free in WebRTC
- High CVE-2021-30524: Use after free in TabStrip
- High CVE-2021-30525: Use after free in TabGroups
- High CVE-2021-30526: Out of bounds write in TabStrip
- High CVE-2021-30527: Use after free in WebUI
- NA1206329 High CVE-2021-30528: Use after free in WebAuthentication
- Medium CVE-2021-30529: Use after free in Bookmarks
- Medium CVE-2021-30530: Out of bounds memory access in WebAudio
- Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy
- Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy
- Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
- Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
- Medium CVE-2021-30535: Double free in ICU
- Medium CVE-2021-21212: Insufficient data validation in networking
- Low CVE-2021-30536: Out of bounds read in V8
- Low CVE-2021-30537: Insufficient policy enforcement in cookies
- Low CVE-2021-30538: Insufficient policy enforcement in content security policy
- Low CVE-2021-30539: Insufficient policy enforcement in content security policy
- Low CVE-2021-30540: Incorrect security UI in payments

Various fixes from internal audits, fuzzing and other initiatives:
- Prevent crashes from large origin trial config
- Present FRE on the view controller of the current interface that is active
- [M91] Fix Lacros intermitent build failure
- WebSQL: Re-enable ALTER TABLE ADD COLUMN
- WebLayer: Disable 2 tests for Android 10 x86 skew tests
- Migrate tsan builders to bionic by Stephen Martinis
- Allow for empty full name and icon URL
- [M-91] OOBE: Use wildcard label for authorization key when adding PIN
- [Merge to M-91] capture_mode: Fix being able to capture a window with protected content by Ahmed Fakhry ·
- Updating XTBs based on .GRDs from branch 4472
- [fuchsia] Fix an incorrect use of StringPiece
- [91] Migrate internal linux & CrOS builders' tests to bionic
- Revert "Do not ignore null navigation context on iOS 13"
- Updating XTBs based on .GRDs from branch 4472
- M91: WebUI: Fix dangling observers in two webui handlers. by Matt Falkenhagen
- b5e5 Reland "Fix target=_blank crash for existing-client-navigate link captures" by Alan Cutter
- a4b341cb7 Bumping up the quickoffice chrome flag's expiry version. This gives buffer to investigate how to get rid of this flag, or to present the case to make this flag "never expire". by Harmandeep Singh
- Leave LiveCaption disabled by default on Chrome OS
- Revert "Roll ChromeOS Atom AFDO profile from 91-4472.33-1620643607-benchmark-91.0.4472.63-r1 to 91-4472.60-1621245530-benchmark-91.0.4472.65-r1"
- [M91][Extensions][Tabs] Ensure tab strip is editable before editing
- Revert "Roll ChromeOS Atom AFDO profile from 91-4472.60-1621245530-benchmark-91.0.4472.65-r1 to 91-4472.60-1621245530-benchmark-91.0.4472.66-r1"
- [91] Migrate all tests on the ASan CQ bot to bionic
- [TablesNG] Fix size of table-cell child with overflow and percent height
- Download: Use tab's OTRProfileID when opening download home
- Privacy Sandbox Android: updated the default URL
- Remove tabs and line breaks from the middle of app names when parsing
- Cloud print: Don't double search for empty account [M91]
- [M91] chromium.fyi builders to bionic
- Cloud Print: Give up on loading cloud printers for FAILED event [M91]
- Disable DesktopCaptureMacV2
- [media-router] Remove CancelableTaskTracker from DialServiceImpl
- Updating XTBs based on .GRDs from branch 4472
- Fix use-after-free allocating bt allocating memory for strings
- Make previous fix for Mac z-fighting more specific to avoid Win7 issue


Google Chrome 90.0.4430.212
- Change log not available for this version


Google Chrome 90.0.4430.93
- Disable mac IsUVPAA startup metric
- Merge to 90: Presentational objects should not create a paragraph boundary
- Roll ChromeOS Orderfiles from 90-4430.36-1617012563-benchmark-90.0.4430.53-r1 to 90-4430.73-1618827280-benchmark-90.0.4430.89-r1
- [ChromeCart] Improve cart content extraction
- [ChromeCart] Fix AddToCart detection for some sites
- [MIX-DL] Fix blob: URL handling and clarify console messages
- Remove CHECK on BigBuffer shm failure
- [Merge M90][Extensions] Policy blocked hosts supersede `debugger`
- [printing] Quit the runloop on Mojo disconnectio
- Read later: Add new Finch param and new flag for follow up experiment
- Fix issue on
- [flex] Don't stretch orthog. flex-items in column flexboxes.
- Set OAC correctly when committing a data URL with a base URL.
- Fix CanAccessWindow bindings CHECK failing.
- [M90] Need to populate OriginAccessList for split-mode extensions.
- Trigger full invalidation when frame becomes unthrottled
- Roll ChromeOS Orderfiles from 90-4430.36-1617012563-benchmark-
- [PAS] Escape URL when passed as a QueryParam
- [Merge M90] Unexpire a few histograms to explore page load performanc
- [Merge M90] Add histograms for subresource load timings during navigation
- [M90 merge] weblayer: don't crash if onNativeLoaded called multiple times
- Download: Show a proper URL in download home UI.
- [M90][mac][infra] Remove Mac10.13 Tests (dbg)

Security fixes:
- Insufficient data validation in V8
- Use after free in Dev Tools
- Heap buffer overflow in ANGLE
- Insufficient policy enforcement in extensions
- Incorrect security UI in downloads
- Type Confusion in V8
- Insufficient data validation in V8


Google Chrome 90.0.4430.85
- Reland "Fix the wrong direction with disabling CSSPseudoDir flag"
- [Message] Update scope change on #navigationEntryCommitted
- [DevTools] Use OriginalProfile for DevTools window if possible
- Revert "Resolve Service Worker redirects based on the response"
- [merge][90][GeneratedCodeCache] Copy large data before hashing and writing
- [PriceTracking] Set visibility of menu dialog item before it shows
- [PriceTracking] Add PriceDropNotification feature parameter
- Don't report PaymentRequest CSP errors
- [M90] OOBE - Prevent Renderer Crashes
- Ensure that BrowserContext is not used after it has been freed
- Add null pointer check in RenderWidgetHostInputEventRouter
- vaapi: Fix infinite loop in encrypted sample parsing
- Add weak pointer to RWHIER::FrameSinkIdOwnerMap and RWHIER::TargetMap
- Add crashkeys to identify where |target| is assigned to a stale value
- [views] Handle window deletion during HandleDisplayChange
- Mojo: Properly validate broadcast events
- Fix order of matrix multiplication in playback params
- [M90] OOBE - Improve Renderer Stability
- Disable the default web apps migration on Chrome OS
- [CrOS] Disable touchscreen logging
- Cherry pick: [trigger_script] Include resultdb invocation in tasks
- [Start] Add early return for testShow_SingleAsHomepage_BackButtonOnHomepageWithGroupTabsDialog__Instant_Return
- [M90][Sheriff] Disable flaky test BitmapGeneratorTest#testCapturedNewOne
- [M90][Sheriff] Disable various flaky blink tests
- [4430] Remove nacl_loader_unittests from "Mac11 Tests" builder

Security fixes:
- High CVE-2021-21222: Heap buffer overflow in V8
- High CVE-2021-21223: Integer overflow in Mojo
- High CVE-2021-21224: Type Confusion in V8
- High CVE-2021-21225: Out of bounds memory access in V8
- High CVE-2021-21226: Use after free in navigation
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 90.0.4430.72
Security fixes:
- High: CVE-2021-21201: Use after free in permissions
- High: CVE-2021-21202: Use after free in extensions
- High: CVE-2021-21203: Use after free in Blink
- High: CVE-2021-21204: Use after free in Blink
- High: CVE-2021-21205: Insufficient policy enforcement in navigation
- High: CVE-2021-21221: Insufficient validation of untrusted input in Mojo
- Medium: CVE-2021-21207: Use after free in IndexedDB
- Medium: CVE-2021-21208: Insufficient data validation in QR scanner
- Medium: CVE-2021-21209: Inappropriate implementation in storage
- Medium: CVE-2021-21210: Inappropriate implementation in Network
- Medium: CVE-2021-21211: Inappropriate implementation in Navigation
- Medium: CVE-2021-21212: Incorrect security UI in Network Config UI
- Medium: CVE-2021-21213: Use after free in WebMIDI
- Medium: CVE-2021-21214: Use after free in Network API
- Medium: CVE-2021-21215: Inappropriate implementation in Autofill
- Medium: CVE-2021-21216: Inappropriate implementation in Autofill
- Low: CVE-2021-21217: Uninitialized Use in PDFium
- Low: CVE-2021-21218: Uninitialized Use in PDFium
- Low: CVE-2021-21219: Uninitialized Use in PDFium


Google Chrome 89.0.4389.128
- Forbid script execution while updating the paint lifecycle
- [WPT] Mark permissions policy timing test slow on debug
- [GCPW] Fallback to registry when permitted domains cloud policy is empty
- Pin win10_chromium_x64_rel_ng and win7-rel to 16 cores
- Created a duplicate 'Mac11 Tests' from 'Mac11.0 Tests'
- Launching app inventory, upload device details and fetch experiments
- [Fuchsia] Add Fuchsia official builders to mb_config
- [Fuchsia] Remove unnecessary package vars from yaml files
- Only show krane's custom Demo Mode attract loop on krane devices
- [4389][mac][infra] Add Mac10.15 Tests (dbg)

Security fixes:
- High CVE-2021-21206: Use after free in Blink
- High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64


Google Chrome 89.0.4389.114
Security Fixes:
- High CVE-2021-21194: Use after free in screen capture.
- High CVE-2021-21195: Use after free in V8.
- High CVE-2021-21196: Heap buffer overflow in TabStrip.
- TBD1173903 High CVE-2021-21197: Heap buffer overflow in TabStrip.
- TBD1184399 High CVE-2021-21198: Out of bounds read in IPC.
- High CVE-2021-21199: Use Use after free in Aura.

Various fixes from internal audits, fuzzing and other initiatives:
- Merge 4389: Make ComputeNGCaretPosition() to handle upstream position after soft line wrap
- Enable cloud policies by default
- Read Os version from registries.
- [ChromeCart] Fix URL matching for cart and checkout
- [ChromeCart] Extract product images in absolute URL
- [ChromeCart] Improve cart visit detection heuristics
- Disable flaky CommerceHintCacaoTest.Rejected test.
- [ChromeCart] Exclude products in "saved for later" section
- [ChromeCart] Fix false positives of add-to-cart detection
- Reland "Reland "[ChromeCart] Improve checkout detection heuristics""
- Setting AppType for Win32 apps.
- [privacy_budget] Remove unnecessary kCanvasReadback metrics.
- Upload app data only when device is enrolled.
- Don't use BigBuffer for IPC::Message transport
- Fix container overflow in add to existing window and group tab context menu commands.
- Merge 89: Handle DOM-created tables with atypical structure
- [fuchsia] Recreate web.Context if persisted cache is erased.
- [floats] Fix overlap tests in NGExclusionSpace.
- Avoid starting invalidations multiple times.
- Changes to fetch win32 apps installed on the managed windows device and upload them.
- [Fuchsia] Fix FuchsiaAudioRenderer to call Stop() only after Start()
- Allow logged-in sites to be mentioned via optimization guide
- WebContents bug fix: Device capture only if web contents is valid
- Unlock win7-rel to run on machines with any core count.
- Disable variations layers when low entropy provider is null
- [M89 merge] x11/ozone: fix two edge cases
- Fix PageInfo for https image compression
- [M89][CrOS] Align password to start of password row when no icon is shown
- Allow first K images to load faster
- Add scheme check to crashing login detection code
- [Messages] Control autodismiss duration from Finch experiment
- Record image compression ukm metrics
- [Start] Make tab switcher page scroll to the last selected card.
- Download: Support legacy SD card download path content URI on R.
- [Start] Fix java.lang.NullPointerException at FeedStream.getView(FeedStream.java)
- [fuchsia] Ensure thread safety for ScenicOverlayView
- [fuchsia] Disable memory mitigations for visible LayerTreeHostImpls.
- Sheriff: Disable LoadTimingBrowserTest on the M89 branch.
- Sheriff: Disable broken StartSurface test on M89.
- Pull muted tab audio on a RT thread in the audio process.
- [fuchsia] Add vmodule flag support from config-data for WebEngine
- Allow ServiceWorkerResourceReader::ReadData() to return empty handle
- [fuchsia] Change minimum log level when verbose logging is on
- [fuchsia] Enable the media log as VLOGs on Fuchsia
- [fuchsia] Disable memory-pressure handling in Renderers by default
- Use a longer timeout for android-marshamllow-arm64-rel on branches.
- [CCA] Remove metadata observer when closing streams
- Add auto rollers as OWNERS of the files they touch
- [Fuchsia] Fix crash in VideoCaptureDeviceFactoryFuchsia
- Rename is_master to is_main.
- Get CameraAppDeviceImpl upon using in CrOS VCD
- VCD: Refactor CameraAppDeviceBridgeImpl and CameraAppDeviceImpl
- [ChromeCart] Allow skipping products
- [ChromeCart] Only handle http(s) schemes
- OOBE OfflineLogin: Correct login call to use internal authorization
- [CrOS] Show placeholder text on login/lock screen even with empty pwd
- Fix crash when restoring selection after a drag during which a dragged tab was closed.
- [Merge M89] Multi-User WM: Fix disappearing windows during profile switching.
- [M89][Lacros] Disable multiple Chrome OS sign-in when Lacros is enabled
- m89: Mitigate performance issues in Google tts
- [M89] Adds lacros_version_metadata


Google Chrome 89.0.4389.90
- High CVE-2021-21191: Use after free in WebRTC. Reported
- High CVE-2021-21192: Heap buffer overflow in tab groups. Reported
- High CVE-2021-21193: Use after free in Blink. Reported
- Various fixes from internal audits, fuzzing and other initiatives
- [Merge to M89] Expose langid events from SODA to Chrome and switch to protos
- Disable SVG composited animation if effective zoom is not 1
- Remove pre-target event handler before main widget close
- Fix remaining instances of RevertDragAt losing track of tabs.
- [ChromeCart] Extract products in shopping cart (2/2)
- [headless] Don't CHECK() crash on OSCrypt initialization failure.
- [headless] Move PrefService to HeadlessBrowserMainParts
- [WebLayer] Fix crash in GPU process when using GMS APIs
- [Grid] Auto-scroll to selected tab after tab model switching
- Revert "[headless] Configure renderer preferences from system settings"
- [headless] Configure renderer preferences from system settings
- [Merge to M89] Iterate more carefully over DTLS transports at close
- [ChromeCart] Restore module visibility when cart-action happens
- [ChromeCart] Extract products in shopping cart (1/2)
- Mark additional RootInlineBox dirty when culled inline box is removed
- [ChromeCart] Deflake CommerceHintAgentTest.CartPriority
- [Sheriff] Disable CommerceHintAgentTest.CartPriority on Linux
- Copy CSSM_TP_APPLE_EVIDENCE_INFO immediately after SecTrustGetResult
- Fix null domWindow crash in VisualViewport events
- [ChromeCart] Try to obtain cart URL when add-to-cart is detected
- [ChromeCart] Use optimization guide to filter out non-shopping sites
- M89: Increase BrowsingInstance cleanup delay.
- [ChromeCart] Pick the best source of cart URL
- [ChromeCart] Hide a unused function on CrOS
- [ChromeCart] Disable cart for non-SignIn single-profile users
- [ChromeCart] De-flake CommerceHintAgentTest tests
- [ChromeCart] Look up cart URL and merchant name when adding cart
- [ChromeCart] Add OWNERS file for chrome/renderer/cart
- [ChromeCart] Disable flaky CommerceHintAgentTest tests
- [Sheriff] Disable benchmark under Msan.
- [ChromeCart] Detect more shopping actions
- [ChromeCart] Implement add-to-cart detection
- [fuchsia] Add logging to diagnose a crash in the request rewrite throttles
- Handle resize bitmap operation failing.
- Revert changes to PPD file parsing
- [fuchsia] Suppress |is_main_document_loaded| if navigations are pending.
- Updating XTBs based on .GRDs from branch 4389
- [floc] change the API return type to Promise
- SiteForCookies now computes value for frame tree
- [base/allocator] Intercept (v)asprintf() in the shims on Android.
- [a11y] Accessibility bridge rejects actions on invalidtrees.
- [M89] [sheriff] Disable ExtensionInstallDialogViewInteractiveBrowserTest.InvokeUi_ManyPermissions on Windows for real


Google Chrome 89.0.4389.82
- GMC: Enable Global Media Controls for ChromeOS
- [sheriff] Disable flaky CartHandlerTest.TestEnableFakeData
- [Sheriff] Disable flaky test on TSAN
- Call SetNeedsAssignmentRecalc in HTMLSlotElement::ChildrenChanged
- Stop preloading vr module to avoid racey crash
- Don't crash on reentrant RunMoveLoop call
- Fix download resumption in reduced mode
- Add WebLayer getters for referrer and form submission
- Enable chromium M89 CQ to trigger chrome M90 builders
- [Merge to M89][Multipaste] Restrict the size of the web contents from the copied HTML
- cros: Make AcceleratorHistory higher priority
- Wi-Fi Sync: Default autoconnect to enabled when unspecified
- Active user takes ownership of networks on password updates
- Prevent showing notification when Wi-Fi Sync is not visible in settings
- [M89]Use the chrome.exe path instead of the directory
- [Fuchsia] Fix OutputPresenterFuchsia to send non-decreasing timestamps
- Condition Price Tracking on MBB Consent
- [fuchsia] Add multiple component support for audio/video capturers
- [iOS] Guard against grid view item array overrun
- [iOS][MF] Validate web state
- [iOS][Settings] Fixes clear browsing data link
- [Merge M89] Bento: Save desk names and workspaces after desk reordering
- [M89] ash: Handle nullptr window in WebAuthn request registrar
- [Merge to M-89][Multipaste] Destruct the multipaste menu views asynchronously
- Revert "Use stereo audio processing in stereo calls"
- m89: Makes all accessibility * enable prefs non-synchable


Google Chrome 89.0.4389.72
Fixed:
- Heap buffer overflow in TabStrip
- Heap buffer overflow in WebAudio
- Heap buffer overflow in TabStrip
- Use after free in WebRTC
- Insufficient data validation in Reader Mode
- Insufficient data validation in Chrome for iOS
- Object lifecycle issue in audio
- Object lifecycle issue in audio
- Use after free in bookmarks
- Insufficient policy enforcement in appcache
- Out of bounds memory access in V8
- Incorrect security UI in Loader
- Incorrect security UI in TabStrip and Navigation
- Insufficient policy enforcement in File System API
- Side-channel information leakage in Network Internals
- Inappropriate implementation in Referrer
- Inappropriate implementation in Site isolation
- Inappropriate implementation in full screen mode
- Insufficient policy enforcement in Autofill
- Inappropriate implementation in Compositing
- Use after free in Network Internals
- Use after free in tab search
- Heap buffer overflow in OpenJPEG
- Side-channel information leakage in autofill
- Insufficient policy enforcement in navigations
- Inappropriate implementation in performance APIs
- Inappropriate implementation in performance APIs
- Insufficient policy enforcement in extensions
- Insufficient policy enforcement in QR scanning
- Insufficient data validation in URL formatting
- Use after free in Blink
- Insufficient policy enforcement in payments
- Uninitialized Use in PDFium

Various fixes from internal audits, fuzzing and other initiatives:
- webview: clear the network callback in AwPacProcessor
- Better adhere to the Get rule with SecTrustGetCertificateAtIndex
- Clear the add to submenu before add new items
- Do not register NetworkCallback for AwPacProcessor if network is not specified
- Do not reset shortcuts if no valid Chrome installations were found
- Introduce AudioBuffers for user access in ScriptProcessorNode
- [Merge to M89] Prevent re-dropping when the desk is snapping back
- Merge 89: "Disable AV1 hardware decode w/ D3D11VideoDecoder for Intel GPUs."
- ios: Check for nullptr cert
- [Merge to M89] [X11] Fix incorrect bitmap row-bytes calculation
- [M89] Fix marking device-wide keys as corporate if no Profile was given
- Remove usage of WKUserContentController mock
- [Merge to M-89] Capture Mode: use Env event handler
- Merge 89: Fix null check and reduce DumpWithoutCrashing
- Reland "Prevent calling setSelection with negative values"
- [fuchsia] Enable Partial Site Isolation
- CrOS system tray: check for Media Router after primary profile init
- [fuchsia] Reduce likelihood of integration tests timeout-flaking
- Disable flaky tests
- remoting: Introduce native systemd unit for CRD
- ChromeOS: Disable touchpad finger swipe in the "Locked Mode"
- [Merge to M-89] Capture Mode: fix cursor scale for different displays
- [Blobs] Don't store BlobStorageLimits as a reference in transport strategy
- [Merge M89] Attempt to ensure ClassLoaders are consistent for splits
- [Merge to 89] MediaRecorder: tolerate non-GMB NV12 frames for H264
- Updating XTBs based on .GRDs from branch 4389
- Merge M89 ash: Fix mirror transform when displays have different aspect
- viz: Clip required overlays to display boundaries
- [M89][Signin][Android] Set up sign-in promo only with account list cache
- Move notify call earlier when download is canceled
- m89: Do not process hover events when not expected by ChromeVox
- [ChromeCart] Remove expired cart entries
- Use the correct layer bounds
- Fix dependency
- Add flag to disable AV1 Decoding on d3d11 video decoder
- [merge to 89] Reland "capture_mode: Keyboard navigation and chromevox implementation."
- Fix bug where search_box_view_base active/inactive colors were swapped


Google Chrome 88.0.4324.192
- Change log not available for this version


Google Chrome 88.0.4324.182
- Stop using raw WebContents ptr in DragDownloadFile
- [Messages] Address a CHECK in MessageWrapper on activity destruction
- Make IncognitoCustomTabIntentDataProvider#isIncognito as single
- Use a copy for transferring non detachable buffers
- Add symupload dependency to chrome_cleanup_tool binaries
- M88 Merge: Disable SurfaceControl on capri devices
- WebSocket: Don't clear event queue on destruction
- Make ShapeResult::ComputeGlyphPositions() to calculate safe to break before offset correctly
- [fuchsia] Send a null client certificate
- Video Tutorials : Support videos not available in all languages
- Fix crash in FilePathWatcherKQueue.
- Add metrics for Web Platform notifications.
- [fuchsia] Add feature flag for disabling renderer memory pressure handling.
- Video Tutorials : UI fixes on IPH sequencing and language picker
- Disable GPU acceleration on all Mesa software rasterizers
- Video Tutorials : Added missing metrics for IPH cards
- [Fuchsia] Fix FuchsiaAudioRenderer::GetWallClockTimes()
- [fuchsia] Add memory pressure monitoring support to Renderers.
- [M88] [sheriff] Disable NestedIframeTransformedIntoViewViewportIntersection
- [M88] Disable flaky tests PrerenderBrowserTest.LinkRelPrerender*
- Video tutorials : Fixed toolbar shadow for video list
- [M88] Add strip_binary and strip_binary_chrome target
- [Merge to M88] Avoid spinning a nested message loop for X11 clipboard
- Fix RevertDragAt losing track of tabs in some cases.
- c Fix crash when reverting a drag if the source tabstrip changed during the drag.
- [Merge to M88] [XProto] Switch event queue from a std::list to a base::circular_deque
- [Merge to M88][Web Payment]PR_sheet_controller should not update views during PR abort
- Video Tutorials : Fixed summary card not getting shown
- [fuchsia] Fix AutoPlayTest.*UserActivatedViaSimulatedInteraction
- Change doubletap backwards test to happen on a paused video
- Merge: Update hover button state before calling press callback
- [M88] Skip fast/workers/worker-shared-asm-buffer to unblock V8 roll
- Block HW video decode on AMD driver 8.17.10.1433
- [M88] Disable BackForwardCacheBrowserTestWithFileSystemAPISupported.CacheWithFileSystemAPI due to flakes.
- [M88] Add TRACE_EVENT for RequestTermination and Stop
- Merge M88: "Don't use effective frame count to expire frames."
- Merge M88: "Prevent Windows IMFTransform hangs
- [Merge to M88] Enable ShortcutsMenu during Shortcut creation.
- Reland "Updating XTBs based on .GRDs from branch 4324"
- [M88] ServiceWorker: Fix the lifetime of OnFetchEventFinished()
- [Fuchsia] Send output frames to ImagePipe as soon as possible
- Revert "Updating XTBs based on .GRDs from branch 4324"
- Updating XTBs based on .GRDs from branch 4324
- webauthn: Remove PaaSK USB accessory filter
- [fuchsia] Never use official Google API keys on Fuchsia.
- [Autofill Assistant] Fast path++ CL for M-88 refresh#2
- [Fuchsia] Use embedder origin to determine permissions for iframes
- [fuchsia] Prevent Media Inspector memory leak on Fuchsia in M88
- [fuchsia] Allow official keys to remain unset in Fuchsia builds.
- [fuchsia] Fix a bug in NormalizeConsoleLogMessage
- [fuchsia] Wait for ContextProvider instances to start.
- Read later: Delete reading list in search state should not crash.
- content: adds check for null stop_callback_ in MediaStreamUIProxy
- [fuchsia] Fix NetworkChangeNotifierFuchsia construction race.
- Updating XTBs based on .GRDs from branch 4324
- Fix heap overflow in VideoFrameYUVConverter
- Revert "Roll AFDO from 88.0.4324.144_rc-r1-merged to 88.0.4324.147_rc-r1-merged"
- [M88 merge] weblayer: register android-app scheme
- [m88] Roll ICU to fix Android extra dat file issue

Security Fixes and Rewards:
- High CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki on 2020-10-14
- High CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2021-01-29
- High CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani on 2021-01-12
- High CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous on 2021-01-14
- High CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge of ERNW GmbH on 2020-12-06
- High CVE-2021-21154: Heap buffer overflow in Tab Strip . Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-02-01
- High CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil Zhani on 2021-02-07
- High CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov of Google Project Zero on 2021-02-11
- Medium CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous on 2021-01-26
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1178973] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 88.0.4324.150
- [infra] Change 'Mac10.13 Tests' tester os dimension to Mac 10.13 or 10.15
- mac: enable input sources before selecting them in ScopedKeyboardLayout
- Remove no_gpu mixin for tasks on Mac 10.13 machines

Security fixes:
- High CVE-2021-21148: Heap buffer overflow in V8


Google Chrome 88.0.4324.146
This update includes 6 security fixes. Below, we highlight fixes that were contributed by external researchers:
- Critical CVE-2021-21142: Use after free in Payments
- High CVE-2021-21143: Heap buffer overflow in Extensions
- High CVE-2021-21144: Heap buffer overflow in Tab Groups
- High CVE-2021-21145: Use after free in Fonts
- High CVE-2021-21146: Use after free in Navigation
- Medium CVE-2021-21147: Inappropriate implementation in Skia

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1154775] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 88.0.4324.96
Security Fixes:
- This update includes 36 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
- Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome
- High CVE-2021-21118: Insufficient data validation in V8
- High CVE-2021-21119: Use after free in Media. Reported by Anonymous on 2020-12-20
- High CVE-2021-21120: Use after free in WebSQL
- High CVE-2021-21121: Use after free in Omnibox
- High CVE-2021-21122: Use after free in Blink
- High CVE-2021-21123: Insufficient data validation in File System API
- High CVE-2021-21124: Potential user after free in Speech Recognizer
- High CVE-2021-21125: Insufficient policy enforcement in File System API
- High CVE-2020-16044: Use after free in WebRTC
- Medium CVE-2021-21126: Insufficient policy enforcement in extensions
- Medium CVE-2021-21127: Insufficient policy enforcement in extensions
- Medium CVE-2021-21128: Heap buffer overflow in Blink
- Medium CVE-2021-21129: Insufficient policy enforcement in File System API
- Medium CVE-2021-21130: Insufficient policy enforcement in File System API
- Medium CVE-2021-21131: Insufficient policy enforcement in File System API
- Medium CVE-2021-21132: Inappropriate implementation in DevTools
- Medium CVE-2021-21133: Insufficient policy enforcement in Downloads
- Medium CVE-2021-21134: Incorrect security UI in Page Info
- Medium CVE-2021-21135: Inappropriate implementation in Performance API
- Low CVE-2021-21136: Insufficient policy enforcement in WebView
- Low CVE-2021-21137: Inappropriate implementation in DevTools
- Low CVE-2021-21138: Use after free in DevTools
- Low CVE-2021-21139: Inappropriate implementation in iframe sandbox
- Low CVE-2021-21140: Uninitialized Use in USB
- Low CVE-2021-21141: Insufficient policy enforcement in File System API
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1168217] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 87.0.4280.141
Security Fixes:
- High CVE-2021-21106: Use after free in autofill
- High CVE-2021-21107: Use after free in drag and drop
- High CVE-2021-21108: Use after free in media
- High CVE-2021-21109: Use after free in payments
- High CVE-2021-21110: Use after free in safe browsing
- High CVE-2021-21111: Insufficient policy enforcement in WebUI
- High CVE-2021-21112: Use after free in Blink
- High CVE-2021-21113: Heap buffer overflow in Skia
- High CVE-2020-16043: Insufficient data validation in networking
- High CVE-2021-21114: Use after free in audio
- High CVE-2020-15995: Out of bounds write in V8
- High CVE-2021-21115: Use after free in safe browsing
- Medium CVE-2021-21116: Heap buffer overflow in audio

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1163626] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 87.0.4280.88
- Change log not available for this version


Google Chrome 87.0.4280.67
- This release contains native support for Apple M1 devices and a number of fixes and improvements


Google Chrome 87.0.4280.66
Security Fixes:
- High: Use after free in payments
- High: Inappropriate implementation in filesystem
- High: Inappropriate implementation in cryptohome
- High: Race in ImageBurner
- High: Insufficient policy enforcement in networking
- High: Insufficient data validation in WASM
- High: Use after free in PPAPI
- High: Use after free in WebCodecs
- High: Heap buffer overflow in UI
- High: Heap buffer overflow in clipboard
- Medium: Use after free in WebRTC
- Medium: Insufficient policy enforcement in developer tools
- Medium: Heap buffer overflow in WebRTC
- Medium: Inappropriate implementation in PDFium
- Medium: Insufficient data validation in Blink
- Medium: Insufficient data validation in Flash
- Medium: Incorrect security UI in tab preview
- Medium: Incorrect security UI in sharing
- Medium: Incorrect security UI in WebUSB
- Medium: Inappropriate implementation in WebRTC
- Medium: Insufficient data validation in cros-disks
- Low: Side-channel information leakage in graphics
- Low: Inappropriate implementation in cookies


Google Chrome 86.0.4240.198
Security fixes:
- Inappropriate implementation in V8
- Use after free in site isolation


Google Chrome 86.0.4240.193
- Prevent UB if a WeakPtr to an already-destroyed object is dereferenced
- Update elapsed cc expiration date for test
- [Sheriff] Disable test on Linux, Debug or ASAN
- Reland "[M-86][VideoCapture] Handle GPU context lost for the zero-copy path"
- Revert "[M-86][VideoCapture] Handle GPU context lost for the zero-copy path"
- [M-86][VideoCapture] Handle GPU context lost for the zero-copy path
- Avoid bitmap overflow
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 86.0.4240.183
- Revert "WebUI Settings: Prevent site_data.js running multiple handler requests"
- Only refresh the printer list when we disconnect from a network
- Fix UAF in TabDragContext::ContinueDrag
- [merge 86] Fix shutdown hangs related to DB_Impl
- [M86 merge] weblayer: ensures TabImpl::OpenURLFromTab handles WebContents deletion
- LiteVideo: Fix throttling to stop permanently on rebuffer event
- 4240: Move every CrOS VM test into pool=chromium.tests
- Disable parent access code for online login in M86
- WebUI Settings: Prevent site_data.js running multiple handler requests
- Added the missing IPC trait macro (M86)
- [mini_installer] Remove code to delete files left behind by previous runs
- Fix the resolution issue with picture url. Fallback to default url
- GestureNav: Adjust edge width for triggering navigation
- [M86 merge] weblayer: ensure DisplayCutoutController is destroyed
- [M86] Fix memory leak in inspector

Security fixes:
- Use after free in user interface
- Insufficient policy enforcement in ANGLE
- Inappropriate implementation in V8
- Insufficient data validation in installer
- Stack buffer overflow in WebRTC
- Inappropriate implementation in V8
- Heap buffer overflow in UI on Windows


Google Chrome 86.0.4240.111
- Change log not available for this version


Google Chrome 86.0.4240.80
- Merge "Stop recreating keychain item for SC private API"
- [M86] OOBE: Make UserSessionManager more robust to shutdown during the login
- Get supported formats before sandboxing
- [ios] append disable_widevine_signing to official_goma_mac mb
- [ios] disable widevine for mac-chrome* trybots
- Clear fast_ink GpuMemoryBuffer
- [M86 merge] Unsubscribe from Drive invalidations when Drive shuts down
- Messages: Re-enable feature for users that hit crbug/1131140
- Messages: Wait for app registry to load before querying for PWA info
- Ash Notification: Add SetPaintToLayer to stacked notification bar
- [Merge-M86] Turn off Release notes suggestion chips
- Disable flaky external/wpt/webvtt/rendering/cues-with-video/processing-model/embedded_style_media_queries.html [M86]
- [CrOs] Update supported version for display password button feature
- [Merge] [Siri Shortcuts] Add checks for old shortcut actions
- Initialize WebStateListMetricsBrowser after SessionRestorationBrowser


Google Chrome 86.0.4240.75
Security Fixes:
- Critical CVE-2020-15967: Use after free in payments
- High CVE-2020-15968: Use after free in Blink
- High CVE-2020-15969: Use after free in WebRTC
- High CVE-2020-15970: Use after free in NFC
- High CVE-2020-15971: Use after free in printing
- High CVE-2020-15972: Use after free in audio
- High CVE-2020-15990: Use after free in autofill
- High CVE-2020-15991: Use after free in password manager
- Medium CVE-2020-15973: Insufficient policy enforcement in extensions
- Medium CVE-2020-15974: Integer overflow in Blink
- Medium CVE-2020-15975: Integer overflow in SwiftShader
- Medium CVE-2020-15976: Use after free in WebXR
- Medium CVE-2020-6557: Inappropriate implementation in networking
- Medium CVE-2020-15977: Insufficient data validation in dialogs
- Medium CVE-2020-15978: Insufficient data validation in navigation
- Medium CVE-2020-15979: Inappropriate implementation in V8
- Medium CVE-2020-15980: Insufficient policy enforcement in Intents
- Medium CVE-2020-15981: Out of

檔案下載 檔案下載
  • Google Chrome for Mac Screenshot 1Google Chrome for Mac Screenshot 2Google Chrome for Mac Screenshot 3Google Chrome for Mac Screenshot 4Google Chrome for Mac Screenshot 5