Google Chrome 88.0.4324.146 軟體資訊交流 Mac

What's new in this version:

Google Chrome 88.0.4324.146
This update includes 6 security fixes. Below, we highlight fixes that were contributed by external researchers:
- Critical CVE-2021-21142: Use after free in Payments
- High CVE-2021-21143: Heap buffer overflow in Extensions
- High CVE-2021-21144: Heap buffer overflow in Tab Groups
- High CVE-2021-21145: Use after free in Fonts
- High CVE-2021-21146: Use after free in Navigation
- Medium CVE-2021-21147: Inappropriate implementation in Skia

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1154775] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 88.0.4324.96
Security Fixes:
- This update includes 36 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
- Critical CVE-2021-21117: Insufficient policy enforcement in Cryptohome
- High CVE-2021-21118: Insufficient data validation in V8
- High CVE-2021-21119: Use after free in Media. Reported by Anonymous on 2020-12-20
- High CVE-2021-21120: Use after free in WebSQL
- High CVE-2021-21121: Use after free in Omnibox
- High CVE-2021-21122: Use after free in Blink
- High CVE-2021-21123: Insufficient data validation in File System API
- High CVE-2021-21124: Potential user after free in Speech Recognizer
- High CVE-2021-21125: Insufficient policy enforcement in File System API
- High CVE-2020-16044: Use after free in WebRTC
- Medium CVE-2021-21126: Insufficient policy enforcement in extensions
- Medium CVE-2021-21127: Insufficient policy enforcement in extensions
- Medium CVE-2021-21128: Heap buffer overflow in Blink
- Medium CVE-2021-21129: Insufficient policy enforcement in File System API
- Medium CVE-2021-21130: Insufficient policy enforcement in File System API
- Medium CVE-2021-21131: Insufficient policy enforcement in File System API
- Medium CVE-2021-21132: Inappropriate implementation in DevTools
- Medium CVE-2021-21133: Insufficient policy enforcement in Downloads
- Medium CVE-2021-21134: Incorrect security UI in Page Info
- Medium CVE-2021-21135: Inappropriate implementation in Performance API
- Low CVE-2021-21136: Insufficient policy enforcement in WebView
- Low CVE-2021-21137: Inappropriate implementation in DevTools
- Low CVE-2021-21138: Use after free in DevTools
- Low CVE-2021-21139: Inappropriate implementation in iframe sandbox
- Low CVE-2021-21140: Uninitialized Use in USB
- Low CVE-2021-21141: Insufficient policy enforcement in File System API
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1168217] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 87.0.4280.141
Security Fixes:
- High CVE-2021-21106: Use after free in autofill
- High CVE-2021-21107: Use after free in drag and drop
- High CVE-2021-21108: Use after free in media
- High CVE-2021-21109: Use after free in payments
- High CVE-2021-21110: Use after free in safe browsing
- High CVE-2021-21111: Insufficient policy enforcement in WebUI
- High CVE-2021-21112: Use after free in Blink
- High CVE-2021-21113: Heap buffer overflow in Skia
- High CVE-2020-16043: Insufficient data validation in networking
- High CVE-2021-21114: Use after free in audio
- High CVE-2020-15995: Out of bounds write in V8
- High CVE-2021-21115: Use after free in safe browsing
- Medium CVE-2021-21116: Heap buffer overflow in audio

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1163626] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 87.0.4280.88
- Change log not available for this version


Google Chrome 87.0.4280.67
- This release contains native support for Apple M1 devices and a number of fixes and improvements


Google Chrome 87.0.4280.66
Security Fixes:
- High: Use after free in payments
- High: Inappropriate implementation in filesystem
- High: Inappropriate implementation in cryptohome
- High: Race in ImageBurner
- High: Insufficient policy enforcement in networking
- High: Insufficient data validation in WASM
- High: Use after free in PPAPI
- High: Use after free in WebCodecs
- High: Heap buffer overflow in UI
- High: Heap buffer overflow in clipboard
- Medium: Use after free in WebRTC
- Medium: Insufficient policy enforcement in developer tools
- Medium: Heap buffer overflow in WebRTC
- Medium: Inappropriate implementation in PDFium
- Medium: Insufficient data validation in Blink
- Medium: Insufficient data validation in Flash
- Medium: Incorrect security UI in tab preview
- Medium: Incorrect security UI in sharing
- Medium: Incorrect security UI in WebUSB
- Medium: Inappropriate implementation in WebRTC
- Medium: Insufficient data validation in cros-disks
- Low: Side-channel information leakage in graphics
- Low: Inappropriate implementation in cookies


Google Chrome 86.0.4240.198
Security fixes:
- Inappropriate implementation in V8
- Use after free in site isolation


Google Chrome 86.0.4240.193
- Prevent UB if a WeakPtr to an already-destroyed object is dereferenced
- Update elapsed cc expiration date for test
- [Sheriff] Disable test on Linux, Debug or ASAN
- Reland "[M-86][VideoCapture] Handle GPU context lost for the zero-copy path"
- Revert "[M-86][VideoCapture] Handle GPU context lost for the zero-copy path"
- [M-86][VideoCapture] Handle GPU context lost for the zero-copy path
- Avoid bitmap overflow
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 86.0.4240.183
- Revert "WebUI Settings: Prevent site_data.js running multiple handler requests"
- Only refresh the printer list when we disconnect from a network
- Fix UAF in TabDragContext::ContinueDrag
- [merge 86] Fix shutdown hangs related to DB_Impl
- [M86 merge] weblayer: ensures TabImpl::OpenURLFromTab handles WebContents deletion
- LiteVideo: Fix throttling to stop permanently on rebuffer event
- 4240: Move every CrOS VM test into pool=chromium.tests
- Disable parent access code for online login in M86
- WebUI Settings: Prevent site_data.js running multiple handler requests
- Added the missing IPC trait macro (M86)
- [mini_installer] Remove code to delete files left behind by previous runs
- Fix the resolution issue with picture url. Fallback to default url
- GestureNav: Adjust edge width for triggering navigation
- [M86 merge] weblayer: ensure DisplayCutoutController is destroyed
- [M86] Fix memory leak in inspector

Security fixes:
- Use after free in user interface
- Insufficient policy enforcement in ANGLE
- Inappropriate implementation in V8
- Insufficient data validation in installer
- Stack buffer overflow in WebRTC
- Inappropriate implementation in V8
- Heap buffer overflow in UI on Windows


Google Chrome 86.0.4240.111
- Change log not available for this version


Google Chrome 86.0.4240.80
- Merge "Stop recreating keychain item for SC private API"
- [M86] OOBE: Make UserSessionManager more robust to shutdown during the login
- Get supported formats before sandboxing
- [ios] append disable_widevine_signing to official_goma_mac mb
- [ios] disable widevine for mac-chrome* trybots
- Clear fast_ink GpuMemoryBuffer
- [M86 merge] Unsubscribe from Drive invalidations when Drive shuts down
- Messages: Re-enable feature for users that hit crbug/1131140
- Messages: Wait for app registry to load before querying for PWA info
- Ash Notification: Add SetPaintToLayer to stacked notification bar
- [Merge-M86] Turn off Release notes suggestion chips
- Disable flaky external/wpt/webvtt/rendering/cues-with-video/processing-model/embedded_style_media_queries.html [M86]
- [CrOs] Update supported version for display password button feature
- [Merge] [Siri Shortcuts] Add checks for old shortcut actions
- Initialize WebStateListMetricsBrowser after SessionRestorationBrowser


Google Chrome 86.0.4240.75
Security Fixes:
- Critical CVE-2020-15967: Use after free in payments
- High CVE-2020-15968: Use after free in Blink
- High CVE-2020-15969: Use after free in WebRTC
- High CVE-2020-15970: Use after free in NFC
- High CVE-2020-15971: Use after free in printing
- High CVE-2020-15972: Use after free in audio
- High CVE-2020-15990: Use after free in autofill
- High CVE-2020-15991: Use after free in password manager
- Medium CVE-2020-15973: Insufficient policy enforcement in extensions
- Medium CVE-2020-15974: Integer overflow in Blink
- Medium CVE-2020-15975: Integer overflow in SwiftShader
- Medium CVE-2020-15976: Use after free in WebXR
- Medium CVE-2020-6557: Inappropriate implementation in networking
- Medium CVE-2020-15977: Insufficient data validation in dialogs
- Medium CVE-2020-15978: Insufficient data validation in navigation
- Medium CVE-2020-15979: Inappropriate implementation in V8
- Medium CVE-2020-15980: Insufficient policy enforcement in Intents
- Medium CVE-2020-15981: Out of bounds read in audio
- Medium CVE-2020-15982: Side-channel information leakage in cache
- Medium CVE-2020-15983: Insufficient data validation in webUI
- Medium CVE-2020-15984: Insufficient policy enforcement in Omnibox
- Medium CVE-2020-15985: Inappropriate implementation in Blink
- Medium CVE-2020-15986: Integer overflow in media
- Medium CVE-2020-15987: Use after free in WebRTC
- Medium CVE-2020-15992: Insufficient policy enforcement in networking
- Low CVE-2020-15988: Insufficient policy enforcement in downloads
- Low CVE-2020-15989: Uninitialized Use in PDFium


Google Chrome 85.0.4183.121
- [m85] Reland "Add more checks for chrome.debugger extensions"
- [Merge M85] Fix crash in InspectorCSSAgent::ResetPseudoStates
- [M85] Quota: Fix precision mistakes for storage pressure.
- Support disabling lens for incognito users
- [M85] Skip clean up if stored RealTimeUrlCheck verdict count is 0.
- (merge) widevine: Only enable Widevine CDM host verification for official builds
- [m85] Delegate TargetHandler::Session permission checks to the root client
- Reland Run ObfuscatedFileUtilMemoryDelegate entirely on TaskRunner.
- (merge) Check for context destroyed in MediaKeys
- Fix for UAF when referencing a deleted scrollbar layer.
- [merge to 85] Revert "cros: V2 apps open on the same display as GetDisplayForNewWindows."
- Re-Enable legacy deep scanning features in M85
- serial: Check that port is open before reading or writing
- [mojo] Fix SequenceLocalSyncEventWatcher reset
- Change how 3D API blocking is implemented
- Remove redundant lines from TestExpectations
- Do not override Navigator.share for insecure contexts
- Reland: Restrict web share feature to URLs without file protocol

Security Fixes:
- Out of bounds read in storage
- Insufficient policy enforcement in extensions
- Insufficient policy enforcement in serial
- Insufficient policy enforcement in extensions
- Out of bounds write in V8
- Insufficient policy enforcement in extensions
- Insufficient data validation in media
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 85.0.4183.102
Security fixes:
- Use after free in video
- Insufficient policy enforcement in installer
- Race in Mojo. Reported by Microsoft
- Use after free in offscreen canva
- Insufficient policy enforcement in networking


Google Chrome 85.0.4183.83
- Change log not available for this version


Google Chrome 84.0.4147.135
- Fixed: Heap buffer overflow in SwiftShader


Google Chrome 84.0.4147.125
Fixes:
- Use after free in ANGLE
- Use after free in task scheduling
- Use after free in media
- Use after free in audio
- Inappropriate implementation in installer
- Incorrect security UI in media
- Heap buffer overflow in Skia
- Use after free in media
- Use after free in IndexedDB
- Use after free in WebXR
- Use after free in Blink
- Use after free in offline mode
- Medium CVE-2020-6554: Use after free in extensions
- Medium CVE-2020-6555: Out of bounds read in WebGL


Google Chrome 84.0.4147.105
Security Fixes:
- Type Confusion in V8
- Inappropriate implementation in WebView
- Use after free in SCTP
- Use after free in CSS
- Heap buffer overflow in Skia
- Use after free in WebUSB
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 84.0.4147.89
- Change log not available for this version


Google Chrome 83.0.4103.116
- Change log not available for this version


Google Chrome 83.0.4103.106
- Disable CertVerifyProcInternalTest.EVVerificationMultipleOID
- [M83] Revert "[Media Device Management] Check if the interface is already bound
- Roll ChromeOS Orderfiles from 83-4103.77-1591006230-benchmark-83.0.4103.99-r1 to 83-4103.97-1591611962-benchmark-83.0.4103.103-r1
- [Viz, capture] Merge to M83: Fix corruption bug: Invalidate marked buffer on reuse and remark frames on size change
- Merge to M83: Re-land: Fix UAF in TtsPlatformImpl if a BrowserContext is deleted
- [M83] Drop 'future=True' for SBProtectionLevel - it launched in M83
- Roll ChromeOS Silvermont AFDO profile from 83-4103.77-1591006230-benchmark-83.0.4103.99-r1 to 83-4103.97-1591611962-benchmark-83.0.4103.103-r1
- Roll ChromeOS Broadwell AFDO profile from 83-4103.50-1590404133-benchmark-83.0.4103.92-r1 to 83-4103.77-1591610071-benchmark-83.0.4103.103-r1
- Roll ChromeOS Airmont AFDO profile from 83-4103.50-1590408034-benchmark-83.0.4103.92-r1 to 83-4103.97-1591614391-benchmark-83.0.4103.103-r1
- Merge ": Update a shadow node on resetting" to M83 branch
- [M83] Revert "fido: add FidoDiscoveryFactory::ResetRequestState()"
- Pass the PreferredColorScheme to SVGImage
- Merge M83: "[WebAudio] Call SetFormat() for every sink Initialize() call."
- Ash Tray: RemovePrivacyScreenToastController Obs in Dtor
- Roll ChromeOS Orderfiles from 83-4103.50-1590401629-benchmark-83.0.4103.92-r1 to 83-4103.77-1591006230-benchmark-83.0.4103.99-r1
- [WebView] Fix single-window-mode JS injection
- Fix observers in ChallengeResponseAuthKeysLoader
- Replace time restrictions with deny interactive logon type instead
- Roll ChromeOS Silvermont AFDO profile from 83-4103.77-1591006230-benchmark-83.0.4103.98-r1 to 83-4103.77-1591006230-benchmark-83.0.4103.99-r1
- Roll ChromeOS Silvermont AFDO profile from 83-4103.50-1590401629-benchmark-83.0.4103.92-r1 to 83-4103.77-1591006230-benchmark-83.0.4103.98-r1
- Forward built-in-admin-name and administrators-group-name as part of
- Collect and forward OS version to UploadDeviceDetails RPC
- Demo mode: Add new Chrome and Android apps to demo mode metrics
- Remove -stable GPU Mac OS usage
- Switch away from GPU synthetic dimensions
- [ShareButtonInToolbar] add explicit end animation state to explicit show
- Disable GPU buildbucket test
- Mark fast/speech/scripted/speechrecognition-restart-onend.html as flaky


Google Chrome 83.0.4103.97
- Change log not available for this version


Google Chrome 83.0.4103.61
Security Fixes:
- Use after free in reader mode
- Use after free in media
- Use after free in WebRTC
- Type Confusion in V8
- Insufficient policy enforcement in developer tools
- Insufficient validation of untrusted input in clipboard
- Insufficient policy enforcement in developer tools
- Insufficient policy enforcement in developer tools
- Insufficient policy enforcement in Blink
- Use after free in Blink
- Incorrect security UI in full screen
- Insufficient policy enforcement in tab strip
- Inappropriate implementation in installer
- Inappropriate implementation in full screen
- Inappropriate implementation in sharing
- Insufficient policy enforcement in enterprise
- Insufficient policy enforcement in URL formatting
- Insufficient policy enforcement in developer tools
- Insufficient policy enforcement in payments
- Insufficient data validation in ChromeDriver
- Insufficient data validation in media router
- Insufficient policy enforcement in navigations
- Insufficient policy enforcement in downloads
- Insufficient policy enforcement in downloads
- Inappropriate implementation in developer tools
- Insufficient data validation in loader
- Incorrect security UI in site information
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 81.0.4044.138
- Cherry picking usrsctp stack overflow fix to M81
- [chromedriver] Regenerate atoms files from selenium
- Fix "Completion handler not called" crash in //ios/web_view. by Hiroshi Ichikawa Revert "WebApp: Handle OS shortcut deletion for bookmark apps in web apps land."
- Element moving betor no-op between lifecycles
- Removes spammy log in blink::WebRtcAudioSink
- Allow Device Service access from any thread
- [Autofill] Fixed requesting invalid country codes from CountryData
- Fix customized built-in element constructor behavior
- Only run Mac non-isolated scripts in compile tasks
- Remove mdm enrollment check in AllowSigninRestrictions


Google Chrome 81.0.4044.129
- Change log not available for this version


Google Chrome 81.0.4044.122
- Compiles //components/sessions/core/ios with ARC
- Invalidate view background when root element adds/removes paint properties
- Bump theme pak version from 72 to 73 on M81
- [ios] Creates flag to enable Messages only for iOS13
- LZMA: Unconditionally flush output files after unmapping
- [ios] Checks if Bookmarks rootNode is not nullptr before caching row
- Block gcpw login if allowed domains registry key is missing
- [SelfShare] Update manifests for renamed/unified handler
- Check ResourceContext is alive before binding SafeBrowsing in weblayer/webview
- Move unmapping of large pages out of the spin-lock in PartitionAlloc
- Merge to M81: [viz, capture] Add debug logging to FrameSinkVideoCapturer
- Merge to M81: Add webrtc logging in WebrtcVideoFrameAdapter. Do not cause lifecycle change during AX serialization by Aaron Leventhal · 6 days ago
- [Merge M81][Web Payment] Browser context owned callback
- Revert "[ios] Disables failing tests in RestoreTestCase"
- Revert "Only use SupervisedUserNavigationObserver for child accounts"
- Reland "Don't decode invalid punycode in URL formatter"
- [Merge to M81] Do not allow window dragging/resizing in oobe or login screen


Google Chrome 81.0.4044.113
- Revert "Don't decode invalid punycode in URL formatter"
- Don't decode invalid punycode in URL formatter
- Flush the output file after writing if it was mapped into memory
- Revert "[css-grid] Exclude implicit grid tracks from the resolved value"
- Fix crash when launching Release Notes PWA in Chrome OS
- SpeechRecognizerImpl: use a WeakPtr to itself for all tasks
- Compute omnibox background color from toolbar color, for custom themes
- Donot refresh login UI if auth enforcement was already performed on
- Make gcpw default cred provider
- [GCPW] Add retry mechanism for WinHttpUrlFetcher
- Update Google static pins
- network_config.js: Avoid assert when vpnType_ is undefined
- Switched to using a groupping role for embedded objects with children
- viz: Use child sequence number from parent if embed token changes
- M81: Support Sharp PPD color parsing by Lei Zhang Always return a valid IOSChromeSyncedTabDelegate::GetCurrentEntryIndex
- Don't set occlusion region when the frame is disabled
- Add sliders to modify mic gain in system tray
- GpuVDA: Override ProvidePictureBuffersWithVisibleRect()
- Ash,Wallpaper: Add support for reloading WallpaperType::ONE_SHOT
- Add option to enable system tray mic gain in chrome://flags
- Modify system tray icons to match new specs
- [MERGE 81] weblayer: increase allowed version skew to 4
- [Cherry-pick] WebUI Tab Strip: Add alert indicator for HID connected
- Add feature flag for mic gain settings in system tray
- Fixing NPE in cacheEvent of BTSUma
- [merge] media: Disallow CDM reset in mojo media services
- 4044: [code coverage] Merge script changes for separated test types
- CrOS network config: Cleanup and fix partial setting of ConfigProperties
- Require kvm for browser tests
- Handle visible_rect in V4L2/VAAPI VDAs when origin != (0, 0)
- V4L2SVDA: Validate visible rectangle
- media: Fix non-zero offset in visible rect
- VdaVD: Advertise a VideoFrame's visible size as the coded size


Google Chrome 81.0.4044.92
Fixed:
- Use after free in extensions
- Use after free in audio
- Out of bounds read in WebSQL
- Type Confusion in V8
- Insufficient validation of untrusted input in clipboard
- Insufficient policy enforcement in full screen
- Insufficient policy enforcement in navigations
- Insufficient policy enforcement in extensions
- Use after free in devtools
- Insufficient policy enforcement in extensions
- Use after free in window management
- Inappropriate implementation in WebView
- Insufficient policy enforcement in extensions
- Insufficient policy enforcement in navigations
- Inappropriate implementation in extensions
- Insufficient policy enforcement in omnibox
- Inappropriate implementation in cache
- Insufficient data validation in developer tools
- Uninitialized Use in WebRTC
- Insufficient policy enforcement in trusted types
- Insufficient policy enforcement in trusted types
- Inappropriate implementation in developer tools
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 80.0.3987.163
- media/gpu/v4l2(s)vda: stop accessing device members from child thread
- [Picture-in-Picture] Fix crash when closing window
- [Sync] Add feature flag to disable cache guid mismatch logic
- Fix sync Nigori cache GUID left empty upon mismatch
- [Sync] Implement Nigori cache guid mismatch
- [M81] OOBE - Make recommended apps illustration smaller
- [M81] OOBE - Add scroll shadows to the sign in screen
- M81 merge: Fix themes for supervised users on extensions lite
- [M81] Batch whitelist Imprivata extensions
- Android: Update Play Core
- Fixes bad code affected by -ftrivial-auto-var-init=pattern
- [M81] [Extensions] Fix couple of ProcessManager UaF issues
- [M81 Merge] Disallow pasting SVG use elements data URI
- remoting: Check autorepeat on keydown
- Do not attempt update for Tether networks
- M81 Merge: Add UMA for child installing extensions from
- Wait until native is loaded before issuing voice search queries
- Remove pref store initialization check from
- Fix in-session password change success detection for Ping IdP
- [Merge to M-81] Desks: Add a flag to limit windows in Alt-Tab to the current active desk
- Update help center URL of ADB sideloading


Google Chrome 80.0.3987.162
- Revert "3987: pin v8 to 9c25291e705136181ede345dabcf05fb054812af."
- 3987: [iOS]Updated "shard size" to "swarming tasks" for EG tests
- Android: Update Play Core
- [Merge to M80] Worker: Stop passing creator's origin for starting a dedicated worker
- M80 merge: Enable supervised users to install extensions from policy allowlist
- Pepper: support GpuMemoryBuffer-based frame in MediaStream Video
- Clear context from orphan handlers when BaseAudioContext is going away
- [PM] Fix invariant tracking
- Crash when a process node is destroyed while still hosting worker nodes
- Protect AutofillPopupControllerImpl from being destroyed in Show()
- Protect automatic pull handlers with Mutex
- 3987: pin v8 to 9c25291e705136181ede345dabcf05fb054812af
- Make finished_source_handlers_ hold scoped_refptrs
- [Merge] Reland: Sequentialise access to callbacks in DWriteFontLookupTableBuilder
- [M80 merge] Verify if the context is still available
- Reland "Use SupportsWeakPtr for messaging from rendering thread to main thread"
- Reland "[Merge M80] - Point usrsctp to a68325e7d9ed844cc84ec134192d788586ea6cc1."
- Update comment now that the speculative fix is (mostly) confirmed
- Speculative fix for crashes in ~FileChooserImpl()
- Use WeakPtr for cross-thread posting
- MojoVideoEncodeAcceleratorService: handle potential later Initialize()
- Break connections before removing from active_source_handlers_
- Revert "[Merge M81] - Point usrsctp to a68325e7d9ed844cc84ec134192d788586ea6cc1."
- [Merge M81] - Point usrsctp to a68325e7d9ed844cc84ec134192d788586ea6cc1
- Revert "Use SupportsWeakPtr for messaging from rendering thread to main thread"
- Use SupportsWeakPtr for messaging from rendering thread to main thread
- Reland "media/gpu/vaapi: Create VAImage with va surface size on UploadVideoFrameToSurface()"
- M80 "Fix flicker on Dru when capturing"
- 3987: Move all public ios swarming tests to new template pool


Google Chrome 80.0.3987.149
- Make finished_source_handlers_ hold scoped_refptrs
- Verify if the context is still available
- 3987_137: Roll v8 to 9c25291e705136181ede345dabcf05fb054812af
- [Merge] Reland: Sequentialise access to callbacks in DWriteFontLookupTableBuilder
- Update comment now that the speculative fix is (mostly) confirmed
- Speculative fix for crashes in ~FileChooserImpl()
- Use WeakPtr for cross-thread posting
- MojoVideoEncodeAcceleratorService: handle potential later Initialize()
- Break connections before removing from active_source_handlers_
- Use SupportsWeakPtr for messaging from rendering thread to main thread
- [Merge M80 minibranch] - Point usrsctp to a68325e7d9ed844cc84ec134192d788586ea6cc1
- arc: net: Prevent Service property update loops
- arc: net: print NetworkConfiguration service name
- media/gpu/vaapi: fix kNone VaapiVDA decode case
- media/gpu/vaapi: fix VASurfaceID leak in VaapiVideoDecodeAccelerator
- arc: net: Consistently get IP configs of host networks
- Cherry pick to M80
- Roll airmont AFDO profile from 80-3987.89-1581937220-benchmark-80.0.3987.133-r1 to 80-3987.89-1581937220-benchmark-80.0.3987.134-r1 by Chrome Release Autoroll
- Fix crash in OwnerSettingsServiceChromeOS::StorePendingChanges
- Roll airmont AFDO profile from 80-3987.89-1581937220-benchmark-80.0.3987.131-r1 to 80-3987.89-1581937220-benchmark-80.0.3987.133-r1 by Chrome Release Autoroll
- Roll airmont AFDO profile from 80-3987.89-1581937220-benchmark-80.0.3987.129-r1 to 80-3987.89-1581937220-benchmark-80.0.3987.131-r1 by Chrome Release Autoroll


Google Chrome 80.0.3987.132
Security fixes:
- High CVE-2020-6420: Insufficient policy enforcement in media
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 80.0.3987.122
- Change log not available for this version


Google Chrome 80.0.3987.116
- Change log not available for this version


Google Chrome 80.0.3987.106
- Performance: Respect navigation's AllowTimingDetails() override in workerStart()
- Disable NV12 dynamic textures on AMD GPUs in general
- Revert "Remove scroll offset rounding in position:sticky"
- Roll broadwell AFDO profile from 80-3987.76-1581332381-benchmark-80.0.3987.100-r1 to 80-3987.76-1581332381-benchmark-80.0.3987.104-r1
- Roll airmont AFDO profile from 80-3987.76-1581334369-benchmark-80.0.3987.100-r1 to 80-3987.76-1581334369-benchmark-80.0.3987.104-r1
- [M80] Revert "FrameHost::SubresourceResponseStarted: s/ url / origin_of_final_url /."
- Roll silvermont AFDO profile from 80-3987.76-1581334760-benchmark-80.0.3987.100-r1 to 80-3987.76-1581334760-benchmark-80.0.3987.104-r1
- [ChromeDriver] Restore Chrome binary search order by Tricia Crichton · 2 days ago
- Roll ChromeOS orderfile from 80-3987.76-1581334760-benchmark-80.0.3987.98-r1 to 80-3987.76-1581334760-benchmark-80.0.3987.100-r1
- Updating XTBs based on .GRDs from branch 3987 by Ben Mason
- Roll broadwell AFDO profile from 80-3987.76-1581332381-benchmark-80.0.3987.98-r1 to 80-3987.76-1581332381-benchmark-80.0.3987.100-r1
- Roll airmont AFDO profile from 80-3987.76-1581334369-benchmark-80.0.3987.98-r1 to 80-3987.76-1581334369-benchmark-80.0.3987.100-r1
- Roll silvermont AFDO profile from 80-3987.76-1581334760-benchmark-80.0.3987.98-r1 to 80-3987.76-1581334760-benchmark-80.0.3987.100-r1
- Roll ChromeOS orderfile from 80-3987.76-1580727679-benchmark-80.0.3987.97-r1 to 80-3987.76-1581334760-benchmark-80.0.3987.98-r1


Google Chrome 80.0.3987.100
- Change log not available for this version


Google Chrome 80.0.3987.87
- Change log not available for this version


Google Chrome 79.0.3945.117
- Change log not available for this version


Google Chrome 79.0.3945.88
- Change log not available for this version


Google Chrome 79.0.3945.79
- Change log not available for this version


Google Chrome 78.0.3904.108
- Reland "Fix ownership of BluetoothAdapter in BluetoothDeviceChooserController"
- Fix OOB in OnBluetoothScanningPromptEvent
- Revert "Fix ownership of BluetoothAdapter in BluetoothDeviceChooserController"
- Fix ownership of BluetoothAdapter in BluetoothDeviceChooserController
- [libusb] Fix racy UAF in libusb_get_next_timeout
- Add to rendering orphan handlers when destination is running
- [TransactionalLevelDB] Fix iterating 'Prev' from evicted iterators
- Avoid unexpected render frame host reentrancy during Window destruction
- Fix a crash in ManagePasswordsState with use-after-free
- Updating XTBs based on .GRDs from branch 3904
- Fix compile
- Get the element central location correctly if there is drop down menu
- Re-add "Close Other Tabs" to tabstrip context menu
- [Feed] Import [email protected]faf8047d85528377950a4061
- Fix IsInitialScrollHitTestReliable for fixed elements
- Fix main thread viewport pan from outside root scroller
- OOBE: Fix high CPU usage on login screen
- [Passwords] Fix for LoginDatabase that got downgraded from 25 to 24
- Revise SameSite cookie warning messages to correct misleading wording


Google Chrome 78.0.3904.97
- Change log not available for this version


Google Chrome 78.0.3904.70
Security Fixes:
This update includes 37 security fixes. Below, we highlight fixes that were contributed by external researchers:
- Use-after-free in media
- Buffer overrun in Blink
- URL spoof in navigation
- Privilege elevation in Installer
- URL bar spoofing
- CSP bypass
- Extension permission bypass
- Out-of-bounds read in PDFium
- File storage disclosure
- HTTP authentication spoof
- File download protection bypass
- File download protection bypass
- Cross-context information leak
- Buffer overflow in expat
- Cross-origin data leak
- CSS injection
- Address bar spoofing
- Service worker state error
- Notification obscured
- IDN spoof
- Notification obscured

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives