Google Chrome 64.0.3282.140 軟體資訊交流 Mac

What's new in this version:

Google Chrome 64.0.3282.140
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 64.0.3282.119
Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 63.0.3239.132
Fixed issues:
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- DCHECK fail related to canvas, select and ARIA row
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview"
- Disable "Convert Enter-in-omnibox to a reload" for webview
- Fix third party cookies not being sent in WebView iframes

Google Chrome 63.0.3239.108
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 63.0.3239.84
Security Fixes:
- Critical CVE-2017-15407: Out of bounds write in QUIC
- High CVE-2017-15408: Heap buffer overflow in PDFium
- High CVE-2017-15409: Out of bounds write in Skia
- High CVE-2017-15410: Use after free in PDFium
- High CVE-2017-15411: Use after free in PDFium
- High CVE-2017-15412: Use after free in libXML
- High CVE-2017-15413: Type confusion in WebAssembly
- Medium CVE-2017-15415: Pointer information disclosure in IPC call
- Medium CVE-2017-15416: Out of bounds read in Blink
- Medium CVE-2017-15417: Cross origin information disclosure in Skia
- Medium CVE-2017-15418: Use of uninitialized value in Skia
- Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink
- Medium CVE-2017-15420: URL spoofing in Omnibox
- Medium CVE-2017-15422: Integer overflow in ICU
- Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL
- Low CVE-2017-15424: URL Spoof in Omnibox
- Low CVE-2017-15425: URL Spoof in Omnibox
- Low CVE-2017-15426: URL Spoof in Omnibox
- Low CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 62.0.3202.94
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot

Google Chrome 62.0.3202.89
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8

Google Chrome 62.0.3202.75
Security fix:
- High CVE-2017-15396: Stack overflow in V8

Google Chrome 62.0.3202.62
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by [email protected] on 2017-08-28
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 61.0.3163.100
Security fixes:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 61.0.3163.91
- Change log not available for this version

Google Chrome 61.0.3163.79
Security Fixes:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 60.0.3112.113
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines.
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102

Google Chrome 60.0.3112.101
- Change log not available for this version

Google Chrome 60.0.3112.90
- Change log not available for this version

Google Chrome 60.0.3112.78
Security Fixes:
- High CVE-2017-5091: Use after free in IndexedDB
- High CVE-2017-5092: Use after free in PPAPI
- High CVE-2017-5093: UI spoofing in Blink
- High CVE-2017-5094: Type confusion in extensions
- High CVE-2017-5095: Out-of-bounds write in PDFium
- High CVE-2017-5096: User information leak via Android intents
- High CVE-2017-5097: Out-of-bounds read in Skia
- High CVE-2017-5098: Use after free in V8
- High CVE-2017-5099: Out-of-bounds write in PPAPI
- Medium CVE-2017-5100: Use after free in Chrome Apps
- Medium CVE-2017-5101: URL spoofing in OmniBox
- Medium CVE-2017-5102: Uninitialized use in Skia
- Medium CVE-2017-5103: Uninitialized use in Skia
- Medium CVE-2017-5104: UI spoofing in browser
- Medium CVE-2017-7000: Pointer disclosure in SQLite
- Low CVE-2017-5105: URL spoofing in OmniBox
- Medium CVE-2017-5106: URL spoofing in OmniBox
- Low CVE-2017-5107: User information leak via SVG
- Low CVE-2017-5108: Type confusion in PDFium
- Low CVE-2017-5109: UI spoofing in browser
- Low CVE-2017-5110: UI spoofing in payments dialog
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 59.0.3071.115
- Change log not available for this version

Google Chrome 59.0.3071.109
- Change log not available for this version

Google Chrome 59.0.3071.104
Security fixes:
- [725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22
- [729991] High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on 2017-06-06
- [714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski on 2017-04-21.
- [732498] Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 59.0.3071.86
Security Fixes:
- [722756] High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- [715582] High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
- [709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- [716474] High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- [700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- [678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- [722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- [719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- [716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- [711020] Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- [713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- [708819] Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- [672008] Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- [721579] Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- [714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15
- [729639] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 58.0.3029.110
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.

Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba

Google Chrome 58.0.3029.96
- Race condition in WebRTC

Google Chrome 58.0.3029.81
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 57.0.2987.133
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8

Google Chrome 57.0.2987.110
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57] Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null

Google Chrome 57.0.2987.98
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 56.0.2924.87
- Change log not available for this version

Google Chrome 56.0.2924.76
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative

Google Chrome 55.0.2883.95
- Change log not available for this version

Google Chrome 55.0.2883.87
- Change log not available for this version

Google Chrome 55.0.2883.75
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.99
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.87
- Change log not available for this version

Google Chrome 54.0.2840.71
- Change log not available for this version

Google Chrome 54.0.2840.59
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.143
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.116
- Change log not available for this version

Google Chrome 53.0.2785.113
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.101
- Change log not available for this version

Google Chrome 53.0.2785.89
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.116
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.82
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP

Google Chrome 51.0.2704.106
- Change log not available for this version

Google Chrome 51.0.2704.103
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).

Google Chrome 51.0.2704.84
- Change log not available for this version

Google Chrome 51.0.2704.79
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.

Google Chrome 51.0.2704.63
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.102
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.

Google Chrome 50.0.2661.94
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.87
- Change log not available for this version

Google Chrome 50.0.2661.86
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."

Google Chrome 50.0.2661.75
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 49.0.2623.112
- Change log not available for this version.

Google Chrome 49.0.2623.110
- Security fixes

Google Chrome 49.0.2623.108
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).

Google Chrome 49.0.2623.87
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.

Google Chrome 49.0.2623.75
- Same-origin bypass in Blink. Credit to Mariusz Mlynski.
- Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
- Bad cast in Extensions. Credit to anonymous.
- Use-after-free in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Rob Wu.
- SRI Validation Bypass. Credit to [email protected]
- Out-of-bounds access in libpng. Credit to joerg.bornemann.
- Information Leak in Skia. Credit to Keve Nagy.
- WebAPI Bypass. Credit to Rob Wu.
- Use-after-free in WebRTC. Credit to Khalil Zhani.
- Origin confusion in Extensions UI. Credit to Luan Herrera.
- Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26).

Google Chrome 48.0.2564.116
- Same-origin bypass in Blink and Sandbox escape in Chrome

Google Chrome 48.0.2564.109
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 48.0.2564.103
- Change log not available for this version.

Google Chrome 48.0.2564.97
- This release contains an update to Adobe Flash Player 20.0.0.286.

Google Chrome 48.0.2564.82
- Bad cast in V8. Credit to cloudfuzzer.
- Use-after-free in PDFium. Credit to anonymous.
- Information leak in Blink. Credit to Christoph Diehl.
- Origin confusion in Omnibox. Credit to Ron Masas.
- URL Spoofing. Credit to Luan Herrera.
- History sniffing with HSTS and CSP. Credit to jenuis.
- Weak random number generator in Blink. Credit to Aaron Toponce.
- Out-of-bounds read in PDFium. Credit to Keve Nagy.
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17).

Google Chrome 47.0.2526.111
- This release contains an update to Adobe Flash Player 20.0.0.267

Google Chrome 47.0.2526.106
- Two security fixes from internal audits and fuzzing

Google Chrome 47.0.2526.80
- Change log not available for this version.

Google Chrome 47.0.2526.73
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)

Google Chrome 46.0.2490.86
- Information leak in PDF viewer.

Google Chrome 46.0.2490.80
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).

Google Chrome 46.0.2490.71
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).

Google Chrome 45.0.2454.101
- Cross-origin bypass in DOM.
- Cross-origin bypass in V8.

Google Chrome 45.0.2454.99
- This release contains a critical update to Adobe Flash Player (19.0.0.185).

Google Chrome 45.0.2454.93
- Change log not available for this version.

Google Chrome 45.0.2454.85
- Cross-origin bypass in DOM.
- Cross-origin bypass in ServiceWorker.
- Cross-origin bypass in DOM.
- Use-after-free in Skia.
- Use-after-free in Printing.
- Character spoofing in omnibox.
- Permission scoping error in WebRequest.
- URL validation error in extensions.
- Use-after-free in Blink.
- Information leak in Blink.

Google Chrome 44.0.2403.157
- Change log not available for this version.

Google Chrome 44.0.2403.155
- Change log not available for this version.

Google Chrome 44.0.2403.130
- Change log not available for this version.

Google Chrome 44.0.2403.125
- Change log not available for this version.

Google Chrome 44.0.2403.107
- Change log not available for this version.

Google Chrome 41.0.2272.118
- Change log not available for this version.

Google Chrome 44.0.2403.89
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance

Google Chrome 43.0.2357.134
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue.

Google Chrome 43.0.2357.132
- Fix use of ShellDispatch.NameSpace.
- Pin shortcuts via shell verbs rather than ShellExecuteEx.
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names.
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup.
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks.
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported.

Google Chrome 43.0.2357.130
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards

Google Chrome 43.0.2357.124
- Updated Adobe Flash Player to 18.0.0.160

Google Chrome 43.0.2357.81
- Fixed an issue where sometimes a blank page would print.

Google Chrome 43.0.2357.65
- Sandbox escape in Chrome.
- Cross-origin bypass in DOM.
- Cross-origin bypass in Editing.
- Use-after-free in WebAudio.
- Use-after-free in SVG.
- Use-after-free in Speech.
- Container-overflow in SVG.
- Negative-size parameter in Libvpx.
- Uninitialized value in PDFium.
- Use-after-free in WebRTC.
- URL bar spoofing.
- Uninitialized value in Blink.
- Insecure download of spellcheck dictionary.
- Cross-site scripting in bookmarks.
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch

Google Chrome 42.0.2311.152
- A new version of Adobe Flash (17.0.0.188).

Google Chrome 42.0.2311.135
- Use-after-free in DOM.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 42.0.2311.90
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance

Google Chrome 41.0.2272.118
- Change log not available for this version.

Google Chrome 41.0.2272.101
- Change log not available for this version.

Google Chrome 41.0.2272.89
- Change log not available for this version.

Google Chrome 41.0.2272.76
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes

Google Chrome 40.0.2214.115
- Revert from M40 branch 2214: "Get high resolution frame timebase and interval on compatible systems"
- Disable the inconsistent group policy check in the installer.
- Cryptohome: Notify about error in async calls if cryptohome is not ready yet.
- Remove "ui-sans" from the ChromeOS system UI default font list.
- Correctly track texture cleared state for sharing
- gpu: Allow virtual context for in-process gpu thread

Google Chrome 40.0.2214.111
- Use-after-free in DOM.
- Cross-origin-bypass in V8 bindings.
- Privilege escalation using service workers.

Google Chrome 40.0.2214.94
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals.

Google Chrome 40.0.2214.91
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message

Google Chrome 39.0.2171.99
- This release contains an update for Adobe Flash as well as a number of other fixes.

Google Chrome 39.0.2171.95
- Change log not available for this version.

Google Chrome 39.0.2171.71
- Contains an update for Adobe Flash
- A number of other fixes

Google Chrome 39.0.2171.65
- 64-bit support for Mac (now requires a 64-bit processor)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance

Google Chrome 38.0.2125.122
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.111
- Change log not available for this version.

Google Chrome 38.0.2125.104
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.101
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
- Out-of-bounds read in PDFium.
- Use-after-free in Events.
- Use-after-free in Rendering.
- Use-after-free in DOM.
- Type confusion in Session Management.
- Use-after-free in Web Workers.
- Information Leak in V8.
- Permissions bypass in Windows Sandbox.
- Information Leak in XSS Auditor.
- Out-of-bounds read in PDFium.
- Release Assert in V8 bindings.

Google Chrome 37.0.2062.124
- RSA signature malleability in NSS

Google Chrome 37.0.2062.122
- Compatibility with OS X 10.9.5 for new installations

Google Chrome 37.0.2062.120
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering. Credit to miaubiz.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 37.0.2062.102
- Change log not available for this version.

Google Chrome 37.0.2062.94
- A combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- Use-after-free in SVG
- Use-after-free in DOM
- Extension permission dialog spoofing
- Use-after-free in bindings
- Issue related to extension debugging
- Uninitialized memory read in WebGL
- Uninitialized memory read in Web Audio

Google Chrome 36.0.1985.143
- Use-after-free in web sockets.
- Information disclosure in SPDY.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 36.0.1985.125
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance
- Includes 26 security fixes
- Same-Origin-Policy bypass in SVG

Google Chrome 35.0.1916.153
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media

Google Chrome 35.0.1916.114
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes

Google Chrome 34.0.1847.137
- Use-after-free in WebSockets.
- Integer overflow in DOM ranges.
- Use-after-free in editing.

Google Chrome 34.0.1847.131
- This release fixes a number of crashes and other bugs.
- Contains a Flash Player update, to version 13.0.0.214

Google Chrome 34.0.1847.131
- Bug and crash fixes.
- Flash Player update, to version 13.0.0.206.

Google Chrome 34.0.1847.116
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance

Google Chrome 33.0.1750.152
- Code execution outside sandbox. Credit to VUPEN.
- Use-after-free in Blink bindings
- Windows clipboard vulnerability
- Code execution outside sandbox. Credit to Anonymous.
- Memory corruption in V8
- Directory traversal issue

Google Chrome 33.0.1750.149
- Use-after-free in speech.
- UXSS in events.
- Use-after-free in web database.
- Potential sandbox escape due to a use-after-free in web sockets.
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18.

Google Chrome 33.0.1750.146
- Use-after-free in svg images.
- Use-after-free in speech recognition. .
- Heap buffer overflow in software rendering.
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10.

Google Chrome 33.0.1750.117
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
- Use-after-free related to web contents. Credit to Khalil Zhani.
- Bad cast in SVG. Credit to TheShow3511.
- Use-after-free in layout. Credit to cloudfuzzer.
- Information leak in XSS auditor. Credit to NeexEmil.
- Information leak in XSS auditor. Credit to NeexEmil.
- Use-after-free in layout. Credit to cloudfuzzer.
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.
- Information leak in drag and drop. Credit to bishopjeffreys.
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.

Google Chrome 32.0.1700.107
- Change log not available for this version

Google Chrome 32.0.1700.102
- Mouse Pointer disappears after exiting full-screen mode.
- Drag and drop files into Chrome may not work properly.
- Quicktime Plugin crashes in Chrome.
- Chrome becomes unresponsive.
- Trackpad users may not be able to scroll horizontally.
- Scrolling does not work in combo box.
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword.
- 14 security fixes.

Google Chrome 32.0.1700.76
- Tab indicators for sound, webcam and casting
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
- Flash Player has been updated to 12.0.0.41, which is included w/ this release
- Eleven security fixes

Google Chrome 31.0.1650.63
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8
- Out of bounds write in v8
- Out of bounds read in v8

Google Chrome 31.0.1650.57
- Multiple memory corruption issues


Google Chrome 30.0.1599.69
- Tabs freeze up fix
- Lag in some games/GPU issues with certain monitors fix

Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Races in Web Audio
- Out of bounds read in Window.prototype object
- Address bar spoofing related to the "204 No Content" status code
- Use after free in inline-block rendering
- Use-after-free in Web Audio
- Use-after-free in XSLT
- Use-after-free in PPAPI
- Use-after-free in XML document parsing
- Use after free in the Windows color chooser dialog
- Address bar spoofing via a malformed scheme
- Address bar spoofing related to the "204 No Content" status code
- Out of bounds read in Web Audio
- Use-after-free in DOM
- Memory corruption in V8
- Out of bounds read in URL parsing
- Use-after-free in resource loader
- Use-after-free in template element
- Various fixes from internal audits, fuzzing and other initiatives (Chrome 30)
- Use-after-free in ICU

Google Chrome 29.0.1547.76
- Flash Player does not work in Metro mode fix
- Unable to submit client certificates over TLS 1.2 from Windows
- Canvas loses ability to render, is blank even if page reloaded
- Other stability improvements

Google Chrome 29.0.1547.65
- This version contains a Flash update, as well as fixes an issue with Sync

Google Chrome 29.0.1547.62
- Fixed an issue with printing from Google Docs applications

Google Chrome 29.0.1547.57
- Improved Omnibox suggestions based on the recency sites you have visited
- Ability to reset your profile back to its original state
- Many new apps and extensions APIs
- Lots of stability and performance improvements
- Incomplete path sanitization in file handling
- Information leak via overly broad permissions on shared memory files
- Integer overflow in ANGLE
- Use after free in XSLT
- Use after free in media element
- Use after free in document parsing
- Various fixes from internal audits, fuzzing and other initiatives (Chrome 29)

Google Chrome 28.0.1500.95
- Origin bypass in frame handling
- Type confusion in V8
- Use-after-free in MutationObserver
- Use-after-free in DOM
- Use-after-free in input handling
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 28.0.1500.71
- Includes a fix to an issue that was blocking Chrome from loading content

Google Chrome 27.0.1453.116
- Clickjacking in the Flash plug-in
- Multiple flash movies on one page not playing fix
- Arc rendering bug in canvas fix
- Select box with Multiple option fires Onchange event on scroll fix

Google Chrome 27.0.1453.110
- Memory corruption in dev tools API
- Use-after-free in input handling
- Use-after-free in image handling
- Use-after-free in HTML5 Audio
- Cross-origin namespace pollution
- Use-after-free with workers accessing database APIs
- Use-after-free with SVG
- Memory corruption in Skia GPU handling
- Memory corruption in SSL socket handling
- Bad free in PDF viewer
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 27.0.1453.93
- Web pages load 5% faster on average
- chrome.syncFileSystem API
- Improved ranking of predictions, improved spell correction, and numerous fundamental improvements for Omnibox predictions
- Use-after-free in SVG
- Out-of-bounds read in v8
- Bad cast in clipboard handling
- Use-after-free in media loader
- Use-after-free in Pepper resource handling
- Use-after-free in widget handling
- Use-after-free in speech handling
- Use-after-free in style resolution
- Memory safety issues in Web Audio
- Use-after-free in media loader
- Use-after-free race condition with workers
- Possible data extraction with XSS Auditor
- Possible XSS with drag+drop or copy+paste
- Various fixes from internal audits, fuzzing and other initiatives
- This build also contains a new Adobe Flash

Google Chrome 26.0.1410.65
- WebGL bug fix

Google Chrome 26.0.1410.43
- "Ask Google for suggestions" spell checking feature improvements (e.g. grammar and homonym checking)
- Desktop shortcuts for multiple users (profiles) on Windows
- Asynchronous DNS resolver on Mac and Linux

Google Chrome 25.0.1364.172
- This release contains stability improvements, and a new version of Adobe Flash

Google Chrome 25.0.1364.160
- Type confusion in WebKit

Google Chrome 25.0.1364.155
- This release fixes a crash when typing in the Omnibox

Google Chrome 25.0.1364.152
- Change log not available for this version

Google Chrome 25.0.1364.99
- Improvements in managing and securing your extensions
- Better support for HTML5 time/date inputs
- Javascript speech API support
- Better WebGL error handling
- And lots of other features for developers

Google Chrome 24.0.1312.68
- This build contains the fix for Pepper Flash

Google Chrome 24.0.1312.57
- Fix renderer crashes when using certain IMEs
- Fix microphone input dropout with Pepper Flash
- Fix renderer exiting in certain cases when opening a new Window from Chrome Frame

Google Chrome 24.0.1312.56
- Fixed performance of mouse wheel scrolling
- Fixed visited links regression

Google Chrome 24.0.1312.52
- Use-after-free in SVG layout
- Same origin policy bypass with malformed URL
- Use-after-free in DOM handling
- Missing filename sanitization in hyphenation support
- Integer overflow in audio IPC handling
- Use-after-free when seeking video
- Integer overflow in PDF JavaScript
- Out-of-bounds read when seeking video
- Out-of-bounds stack access in v8
- Integer overflow in shared memory allocation
- Missing Mac sandbox for worker processes
- Use-after-free in PDF fields
- Out-of-bounds reads in PDF image handling
- Bad cast in PDF root handling
- Corruption of database metadata leading to incorrect file access
- Missing NUL termination in IPC
- Possible path traversal from extension process
- Use-after-free with printing
- Out-of-bounds read with printing
- Out-of-bounds read with glyph handling
- Browser crash with geolocation
- Crash in v8 garbage collection
- Crash in extension tab handling
- Tighten permissions on shared memory segments

Google Chrome 23.0.1271.101
- This build contains the fix to a bug with sound distortion with microphone input

Google Chrome 23.0.1271.97
- Some texts in a Website Settings popup are trimmed
- Some plugins stopped working
- Fixed a known crash

Google Chrome 23.0.1271.95
- Incorrect file path handling
- Use-after-free in media source handling

Google Chrome 23.0.1271.91
- No audio from Flash content when speaker configuration is set to Quadraphonic
- Snap renderer crash on Windows Server 2003

Google Chrome 23.0.1271.64
- Defend against wild writes in buggy graphics drivers

Google Chrome 22.0.1229.94
- SVG use-after-free and IPC arbitrary file write

Google Chrome 22.0.1229.92
- Contains a number of stability fixes, including an issue with multiple profiles on Mac OS X 10.8.2
- Crash in Skia text rendering
- Race condition in audio device handling
- OOB read in ICU regex
- Out-of-bounds read in compositor
- Plug-in crash monitoring was missing for Pepper plug-ins

Google Chrome 22.0.1229.79
- Mouse Lock API availability for Javascript
- Additional Windows 8 enhancements
- Continue