Google Chrome 99.0.4844.82 軟體資訊交流 Mac

What's new in this version:

Google Chrome 99.0.4844.82
- Change log not available for this version


Google Chrome 99.0.4844.74
- Change log not available for this version


Google Chrome 99.0.4844.51
Security fixes:
- Heap buffer overflow in ANGLE
- Use after free in Cast UI
- Use after free in Omnibox
- Out of bounds read in ANGLE
- Use after free in Views
- Use after free in WebShare
- Type Confusion in Blink Layout
- Use after free in Media
- Out of bounds memory access in Mojo
- Use after free in MediaStream
- Insufficient policy enforcement in Installer
- Heap buffer overflow in Cast UI
- Inappropriate implementation in HTML parser
- Inappropriate implementation in Full screen mode
- Inappropriate implementation in Permissions
- Inappropriate implementation in Full screen mode
- Use after free in Browser Switcher
- Data leak in Canvas
- Inappropriate implementation in Autofill
- Use after free in Chrome OS Shell
- Out of bounds memory access in WebXR
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 98.0.4758.102
[Extensions] Fix UAF issue in webstorePrivate API.
- Fix color space in DesktopCaptureMacV2
- Use AXTree for AXNode lookups by id
- Handle more corner cases for textrange endpoints node deletion
- [Shopping] Gate access to SubscriptionsManager on feature flag
- Updating XTBs based on .GRDs from branch 4758[Private Network Access] Merge: Fix handling of redirects after preflights.
- [Private Network Access] Merge: Web Platform Tests for redirects.
- [98] Reland "Reland "Take the playout AudioDevice from a MediaStreamTrack's creation frame""
- [Private Network Access] Merge: Test redirects after preflights.
- Code health cleanup: replacing animations.
- M98: FS: Fix FileUtil lifetime issue
- [M98][infra] Stop generating properties.textpb files.
- M98][Android] Fix race condition in assigning groups
- Updating XTBs based on .GRDs from branch 4758
- [Merge to M98] Disable InitialNavigationEntry flag
- M98 merge: [Extensions] Fix a null dereference in CrxInstaller
- fix adding to group that is deleted from the tab_menu_model
- Revert "WebDriver supports non-BMP characters in SendKeys"
- [M98] Unregister Accelerators when AccessiblePaneView is destroyed.
- [M98] Fix UAF in TailoredSecurity on Android
- [Start] Fix the toolbar gone issue.
- [m98] weblayer: Control swallow event only when visible[ios, kSingleNtp] Update LogoVendor's WebState as NTPMediator does
- [M98][infra] Change the file extension of the properties file. Cleanup PausablecriptExecutor usage.

[ios, kSingleNtp] Log IOS.NTP.Impression in displayWebState:
- [ios/crashpad] ios: Actually merge memory snapshot data
- [ios, singlntp] only call ntpDidChangeVisibility: if NTP is active
- [ios] Return early in configureCell if not correct MVT cell class
- [M98] Add a fuchsia branch type.
- [infra] Update active set of LUCI experiments.
- [M98] Update the branch.matches code to accept multiple selectors.
- [sheriffing] Disable PolicyCorruptedOnStartup test on CrOS.
- [M98] add service account in OWNERS file
- [M98] Fix linux-ash-chromium-generator-rel
- CWVCreditCardVerifierTest.IsExpirationDateValid: Bump years
- Fix potential handle reuse in Mojo
- Viz: Fix UAF on context loss
- [M98][Files SWA]: Use WeakPtr to prevent a possible UAR bug
- High CVE-2022-0603: Use after free in File Manager.High CVE-2022-0604: Heap buffer overflow in Tab Groups.
- High CVE-2022-0605: Use after free in Webstore API.
- High CVE-2022-0606: Use after free in ANGLE.
- High CVE-2022-0607: Use after free in GPU.
- High CVE-2022-0608: Integer overflow in Mojo.
- High CVE-2022-0609: Use after free in Animation.
- Medium CVE-2022-0610: Inappropriate implementation in Gamepad API
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 98.0.4758.82
- Change log not available for this version


Google Chrome 98.0.4758.80
Security Fixes:
- High CVE-2022-0452: Use after free in Safe Browsing
- High CVE-2022-0453: Use after free in Reader Mode
- High CVE-2022-0454: Heap buffer overflow in ANGLE
- High CVE-2022-0455: Inappropriate implementation in Full Screen Mode
- High CVE-2022-0456: Use after free in Web Search
- High CVE-2022-0457: Type Confusion in V8
- High CVE-2022-0458: Use after free in Thumbnail Tab Strip
- High CVE-2022-0459: Use after free in Screen Capture
- Medium CVE-2022-0460: Use after free in Window Dialog
- Medium CVE-2022-0461: Policy bypass in COOP
- Medium CVE-2022-0462: Inappropriate implementation in Scroll
- Medium CVE-2022-0463: Use after free in Accessibility
- Medium CVE-2022-0464: Use after free in Accessibility
- Medium CVE-2022-0465: Use after free in Extensions
- Medium CVE-2022-0466: Inappropriate implementation in Extensions Platform
- Medium CVE-2022-0467: Inappropriate implementation in Pointer Lock
- Medium CVE-2022-0468: Use after free in Payments
- Medium CVE-2022-0469: Use after free in Cast
- Low CVE-2022-0470: Out of bounds memory access in V8
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 97.0.4692.99
- Change log not available for this version


Google Chrome 97.0.4692.71
- Change log not available for this version


Google Chrome 96.0.4664.55
- Change log not available for this version


Google Chrome 96.0.4664.45
- Revert "Reland "[CSP] Fix wasm-eval check from workers""
- M96: Storage Foundation: Share FileState ownership with I/O threads.
- Fix bug where interception dialog would hang indefinitely for reauths
- webcodecs: Avoid premature destruction of |media_encoder_|
- [ios] Remove Infobar Overlays from Snapshot drawing
- M96: Storage Foundation: Avoid cross-thread access of DOMArrayBufferView.
- CHECK WebContents removal in UnloadController
- Extend the workaround list to disable hw H264 encoder on some old Intel drivers.
- Add "multi_gpu_category": "any" to H.264 encoder disable.
- Disable hw H264 encoder on some old NVIDIA drivers.
- [Coupon] Parse FL coded coupon response
- [M96] Fix linux-lacros-rel doesn't run on branches
- Use WeakPtr to prevent using the ptr out of scope
- [M96] Revert "[lacros skew tests] Refresh skew tests for M96"
- [WebXR] Make VR intent immutable
- M96: Storage Foundation: read/write tests with non-zero buffer offsets.
- Drop the minor version from macOS web tests
- [Start] Fix isStartSurfaceEnabled in Samsung.
- Fixed NPE in AddToHomescreenIPHController
- Cache HOMEPAGE_PARTNER_CUSTOMIZED_DEFAULT_URI to make getDefaultHomepageUri() correct.
- Update Mac Builder and Mac deterministic (dbg) to use Mac default
- Updating XTBs based on .GRDs from branch 4664
- Send integer values instead of floats for CPSS UKM stats
- Introduce CrossThreadCopier
- [M96][Sheriff] Disable grit_python_unittests on mac11-arm64-rel-tests bot.
- [Merge-M96] [CrOS] Enable the Release Notes notification from M96 onwards.
- [M96] [LensRegionSearch] Mac: use cursor-set rather than push
- Merge "Camera Roll: Prevent settings item from showing when flag is disabled"
- [Sheriff] Disable ReportingBrowserTest.CrashReportUnresponsive for Mac
- [M96 merge] personalization: shrink wallpaper images
- Revert "components: tweak the H264 profile at GAVEA"
- [M96][LensRegionSearch] Fix crosshair cursor on Mac over scrim.
- [layout] Fix performance regression associated with nested tables.
- Fix composited plugin paint offset in multicol
- Fix overlay scrollbar painting order under nested rel and abs pos
- Fix paint location of RemoteFrameView foreign layer
- [Contacts] Check the WebContents are still active/valid before launching picker
- Merge "SVG Text NG: Fix dynamic update of "transform" attribute" to M96 branch
- M96 merge: [STTS] Unregister ReceivingUiHandlers on shutdown
- Merge to 96: [Mac A11y] Check whether object exists before converting to BrowserAccessibilityCocoa.
- [M96] Reset surface param to default if the request is not a side panel request.
- Search History Link Android: fixed the logic to actually follow the signed-in state and not the sync consent
- [Merge 96] Site Storage Controls: Add remove metrics by sauski
- [M96 Merge] Card Unmask Authentication Selection Dialog Metrics
- ComputeContainerNode -> AnchorNode for ScopedForcedUpdate
- Disable release fences since they caused a graphical glitch in lacros
- [M96] Deleting unused field: `FetchEventPreloadHandle::url_loader`.
- [M96 Merge] Make TextOffsetMapping to handle SVG element correctly
- app_restore: Add default value for display id when launch ghost window
- [Merge-M96] [CrOS] Turn off base::Feature kDefaultCalculatorWebApp for M96.
- [merge-m96] [CrOS] Update help_app to BPQAq0LqR4VGeH0ANPn4ci0kkBTVzaLB3ewqcZtRacQC M96 "Reporting: Fix healthd callback not being called""
- [merge-96] [memories] Clear keyword cache when history items are deleted.
- [M96] Avoid scrolling from space key when a form field is in focus.
- [M96 Merge] [VCN] Add card unmask metrics by Siyu An
- Update test certs
- Fix crash in ContentSettingsToRequestType()
- [Merge 96] [memories] Hard cap visit count at kMaxVisitsToCluster
- CacheStorage: Store partial opaque responses.
- [M96 Merge] Fix Crash When Card Unmask Authentication Selection Dialog Displays With No Challenge Options
- content-visibility: Improve interactions with top layer.
- [VirtualCards] Add margin between authenticator icon and description
- Pin linux-chromeos-rel's tryjobs to 8 core machines.
- Updating XTBs based on .GRDs from branch 4664
- [Extensions] Fix a crash when background type is changed from SW to other


Google Chrome 95.0.4638.69
Security Fixes:
- High CVE-2021-37997 : Use after free in Sign-In
- High CVE-2021-37998 : Use after free in Garbage Collection
- High CVE-2021-37999 : Insufficient data validation in New Tab Page
- High CVE-2021-38000 : Insufficient validation of untrusted input in Intents
- High CVE-2021-38001 : Type Confusion in V8
- High CVE-2021-38002 : Use after free in Web Transport
- High CVE-2021-38003 : Inappropriate implementation in V8

Various fixes from internal audits, fuzzing and other initiatives:
- [mojo] Downgrade Mojo handle assertion to DCHECK
- [RBD] Fix cart extraction
- Updating XTBs based on .GRDs from branch 4638
- Prevent ::first-line from styling prefilled values
- Updating XTBs based on .GRDs from branch 4638
- [M95] Regenerate config with updated lucicfg
- [Sheriff/M95] Mark some oopr tests as flaky
- Updating XTBs based on .GRDs from branch 4638
- Disable QuicTransport explicitly in the Network Service
- Merge to M95 release branch: Fix glibc dependency addition
- [mojo] Validate INTRODUCE source node
- Updating XTBs based on .GRDs from branch 4638
- [Merge to 95] Change CHECK for rfh_restored_from_back_forward_cache_ to if condition
- Fix Use-After-Free in ForceSigninVerifier
- [M95] Merge fixes for silently redirecting to other browsers
- Merge M95: [wmp_ms] Add support for ARGB software frames to copy-on-pause
- Force kReadingListMessages flag for testContextMenuSwitch
- [M95][realbox] Treat suggestion answers as text without HTML markup
- [M95] Remove the use_gitiles_trigger experiment


Google Chrome 95.0.4638.54
Security Fixes:
- High CVE-2021-37981 : Heap buffer overflow in Skia
- High CVE-2021-37982 : Use after free in Incognito
- High CVE-2021-37983 : Use after free in Dev Tools
- High CVE-2021-37984 : Heap buffer overflow in PDFium
- High CVE-2021-37985 : Use after free in V8
- Medium CVE-2021-37986 : Heap buffer overflow in Settings
- Medium CVE-2021-37987 : Use after free in Network APIs
- Medium CVE-2021-37988 : Use after free in Profiles
- Medium CVE-2021-37989 : Inappropriate implementation in Blink
- Medium CVE-2021-37990 : Inappropriate implementation in WebView
- Medium CVE-2021-37991 : Race in V8
- Medium CVE-2021-37992 : Out of bounds read in WebAudio
- Medium CVE-2021-37993 : Use after free in PDF Accessibility. Ltd. on 2021-10-02
- Medium CVE-2021-37996 : Insufficient validation of untrusted input in Downloads
- Low CVE-2021-37994 : Inappropriate implementation in iFrame Sandbox
- Low CVE-2021-37995 : Inappropriate implementation in WebApp Installer

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 94.0.4606.81
- Revert "Do not restore scroll from history if page scrolled between navigation start and commit"
- [omnibox] [bookmark-paths] [short-bookmarks] Revert enable by default
- Fixed crash when adding all bookmarks to new group by Federico Paredes
- [Private Network Access] Disable secure context restriction on webview
- 5b51932 Updating XTBs based on .GRDs from branch 4606
- [merge-m94] [CrOS] Update media_app to coGiL8g_-jt1wKvzRoHIKonIrEXHPsTqmrLgG12siTgC
- [lacros skew tests] Refresh skew tests for M96
- Lens and Voice: Fix tracking and presentation on Search Activity.
- Updating XTBs based on .GRDs from branch 4606
- [Merge to M94] Use WeakPtr for rfh_restored_from_back_forward_cache_ in NavigationRequest
- Use DSE origin for a microphone activity indicator in NTP.ago
- [Merge M-94] mojo: CHECK when array has too many elements to serialize
- 4606: Disable failing ExtensionSettingsApiTest.ManagedStorageEvents test
- Updating XTBs based on .GRDs from branch 4606
- [Android][MFill][Payments] Remove caches from credit card controller
- [lacros skew tests] Refresh skew tests for M96
- XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- Tell clang not to devirtualize TargetServices
- [GMNext] Fix omnibox selection highlight color for Lollipop
- android: handle unusual classloaders correctly
- Temporarily supply a default for primary bg color
- 1320012 Return empty ShoppingPersistedTabData instead of null
- [TTS] Fix tap not dismissing after Long-press
- [TTS] Fix Smart Selection w/ unintelligent search
- Record TabGridSwitched for price drops in the correct place
- Remove extra header from "interests" and "hidden" management pages
- [Merge M94] Initialize font manager when renderer starts
- [Start] Fix location bar width by updating visuals.
- [Merge to M94]bento_bar: Add a boolean histogram Ash.Desks.BentoBarIsVisible
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- [Cherry-pick to M94] Allow reinstallation of SODA
- [ios] Add Tab.RendererTermination.TotalTabCount
- [iOS] Add feature flag for setting request attribution
- ios: Optimize calls to reloadInputViews in autofill
- [M94][ash-chrome] Fix crash in chromeos::LocaleChangeGuard::OnLogin
- Reland: [iOS] Mark requests sent to WKWebView as being user-initiated
- Updating XTBs based on .GRDs from branch 4606
- [M94][CrOSSharingHub] Close sharesheet if tab is closed by
- [lacros skew tests] Refresh skew tests for M96

Security fixes:
- High CVE-2021-37977 : Use after free in Garbage Collection
- High CVE-2021-37978 : Heap buffer overflow in Blink
- High CVE-2021-37979 : Heap buffer overflow in WebRTC
- High CVE-2021-37980 : Inappropriate implementation in Sandbox


Google Chrome 94.0.4606.71
- [M94 merge] personalization: Sync Wallpaper on user's new device.
- [Merge to M94] Prevents non-browser processes from requesting memory dumps.
- Turn off fractional line-height feature
- [Merge 94] Crash fix: do not use parent chain during aria-owns validity check
- [iOS] Cancel touches when displaying context menu
- Stop Chrome crashing: Disable WindowCaptureMacV2
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- [Sheriff] Disable PopupBlockerBrowserTest.PrintPreviewPopUnder
- Revert "Cancel impl-side scroll animation when we get a programmatic..."
- [Merge M94] Observe WebContents in PPAPIDownloadRequest
- Updating XTBs based on .GRDs from branch 4606
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- Temporarily add win10-rel-orchestrator/compilator to m94
- [Sheriff] Disable flaky test on all platforms.
- [Merge to M94] Avoid potential CHECK in TtsExtensionEngineChromeOS
- [WebAPK] Pass icon data as byte arrays through JNI.
- [M94] Collect sizes of direct children of profile data directory.
- [lacros skew tests] Refresh skew tests for M96
- [CrOS WebAPKs] Don't create WebApkManager when Web Apps are disabled
- heap: Fix write barrier for HashTable backing store
- [lacros skew tests] Refresh skew tests for M96
- [M94][ash-chrome] Restore HIDDetectionScreenDisabledAfterRestartTest(s)
- Updating XTBs based on .GRDs from branch 4606
- [lacros skew tests] Refresh skew tests for M96
- [web-engine] Push device change notification to system monitor
- [Merge to M94]bento_bar: Counting the number of target users of the experiment
- [94]: Disable failing AppListRemoveSpaceSyncCompatibilityTest.Basics.
- [94] Disable failing KioskUpdateTest.IncompliantPlatformDelayInstall.
- [M94] vaapi: fix use-after-frees
- [Sheriff] Disable flaky ProfilePicker test
- [ios] Cleanup //ios/chrome/app:chrome target


Google Chrome 94.0.4606.61
- Kill a renderer if it provides an unexpected FrameOwnerElementType
- Fix a crash in GpuChannelManager::OnContextLost
- [Sheriff] Disable flaky ProfilePicker test
- [SHERIFF] Disable failing ProfileManagerBrowserTest.AddMultipleProfiles
- [M94] Ash is ready file in test_ash_chrome
- [94]: Bump RDB results experiment to 100% for CI and try
- Updating XTBs based on .GRDs from branch 4606
- Updating XTBs based on .GRDs from branch 4606
- Disable TestClonedInstallClientIdReset in browser_test
- Disable IncognitoSSLHostStateDelegateTest.AfterRestartHttp
- Updating XTBs based on .GRDs from branch 4606
- tracing: Fix browser crash on socket connection failure on CrOS
- Updating XTBs based on .GRDs from branch 4606
- Disable WebXrVrTransitionTest#testPresentationPromiseRejected

Security fixes:
- High CVE-2021-37973 : Use after free in Portals


Google Chrome 94.0.4606.54
Security Fixes:
- High CVE-2021-37956: Use after free in Offline use
- High CVE-2021-37957 : Use after free in WebGPU
- High CVE-2021-37958 : Inappropriate implementation in Navigation
- High CVE-2021-37959 : Use after free in Task Manager
- High CVE-2021-37960 : Inappropriate implementation in Blink graphics
- Medium CVE-2021-37961 : Use after free in Tab Strip
- Medium CVE-2021-37962 : Use after free in Performance Manager
- Medium CVE-2021-37963 : Side-channel information leakage in DevTools
- Medium CVE-2021-37964 : Inappropriate implementation in ChromeOS Networking
- Medium CVE-2021-37965 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37966 : Inappropriate implementation in Compositing
- Medium CVE-2021-37967 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37968 : Inappropriate implementation in Background Fetch API
- Medium CVE-2021-37969 : Inappropriate implementation in Google Updater
- Medium CVE-2021-37970 : Use after free in File System API
- Low CVE-2021-37971 : Incorrect security UI in Web Browser UI
- Low CVE-2021-37972 : Out of bounds read in libjpeg-turbo

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 93.0.4577.82
- Sync: Reset unreasonably-short polling intervals
- M93: [IndexedDB] Don't ReportBadMessage for Commit calls
- M93: [IndexedDB] Add browser-side checks for committing transactions. [ChromeCart] Add rate control for cart content extraction
- Updating XTBs based on .GRDs from branch 4577
- [BackgroundFetch] Pass a copy of the job ID string to cancel event
- Roll ChromeOS Bigcore AFDO profile from 93-4577.69-1630924723-benchmark-93.0.4577.77-r1 to 93-4577.69-1630924723-benchmark-93.0.4577.80-r1
- Merge "FIELDSET: Fix a crash on dynamic changes of pseudo elements" to M93 branch
- Incrementing VERSION to 93.0.4577.80
- M93: Enable RDB experiment for 5% of all CI and try builds
- Merge 4577: Apply list item quirks only when the nested list is block-level
- [layout] Remove limit from LayoutInline::SplitInlines
- Skip WebGL conformance/programs/program-test.html on all platforms
- Rename ci/mac{,11}-arm64-rel-tests try/mac{,11}-arm64-rel
- Check if profile manager initialized when checking profile
- [ContentIndex] Add Origin checks to mojo methods
- [Merge to M93][bfcache] Remove DumpWithoutCrashing for race conditions
- [Merge to M93] Ignore OnCreateChildFrame when we're missing RVH for proxy creation
- [Merge to M93] Stop crashing when OldPageInfo is sent to non-main frames
- [CCT] Fix white background issue for the rounded corner
- Updating XTBs based on .GRDs from branch 4577
- Incrementing VERSION to 93.0.4577.79
- [M93 Merge] Fix window focus bug on Windows due to a Linux fix
- Remove invalid Terminal app registration pref
- [GMNext] Add android:popupMenuStyle attr for translate infobar
- Disable overscroll when prefers-reduced-motion is set
- [M93 Cherry-Pick] Reland "[Paint Preview] Fix bitmap locking"
- Fix crash trying to observe gesture event when animations disabled
- [M93 merge] compositor: fix bug in sending damage regions
- Tweak android overscroll stretch parameters
- Updating XTBs based on .GRDs from branch 4577 by Ben Mason
- ReadingList Sync: Fix ping-pong-prone logic
- Fix a crash in SavedPasswordsPresenter
- Ensure ShowBubble is a no-op if already showing
- [M93 Merge][tab strip] Move WebContentsDelegate logic to the TabStripPageHandler by tom
- Updating XTBs based on .GRDs from branch 4577
- Ios: Speculative fix for viewWillTransitionToSize crash
- Roll src/third_party/libavif/src/ f8b782aad..efed11856 (16 commits)
- Content-visibility: Force range base/extent when computing visual selection
- [M93] X11: fix tab drag
- M93: [X11] Coalesce mouse motion events when dragging
- Invalidate for changed PaintedOutputInvisible when a PaintLayer is removed
- [segmentation_platform] Fixed segment selector |is_ready|
- [RBD] Avoid appending multiple utm_source tags
- [Start] Add two new variations.
- Updating XTBs based on .GRDs from branch 4577
- [M93 merge] webui: make WebUIAllowlist and WebUIAllowlistProvider thread-safe
- [Messages] Update popup block primary action button text
- [M93] Remove the glob for generated/luci-milo*.cfg
- [M93] Generate the LUCI services configs into a luci subdirectory
- [Fuchsia][M93 merge] Fix FuchsiaAudioRenderer to handle PCM streams correctly
- [M93] Reject AudioData invalid indexes
- [M93] [WebCodecs] Implement support for converting AudioData to float32
- Provide reason for BottomSheetObserver.onSheetStateChanged


Google Chrome 93.0.4577.63
Security Fixes:
- High CVE-2021-30606: Use after free in Blink.
- High CVE-2021-30607: Use after free in Permissions.
- High CVE-2021-30608: Use after free in Web Share.
- High CVE-2021-30609: Use after free in Sign-In.
- N/A1200440 High CVE-2021-30610: Use after free in Extensions API.
- Medium CVE-2021-30611: Use after free in WebRTC.
- Medium CVE-2021-30612: Use after free in WebRTC.
- Medium CVE-2021-30613: Use after free in Base internals.
- Medium CVE-2021-30614: Heap buffer overflow in TabStrip.
- Medium CVE-2021-30615: Cross-origin data leak in Navigation.
- Medium CVE-2021-30616: Use after free in Media.
- Medium CVE-2021-30617: Policy bypass in Blink.
- Medium CVE-2021-30618: Inappropriate implementation in DevTools.
- Medium CVE-2021-30619: UI Spoofing in Autofill.
- NA1063518 Medium CVE-2021-30620: Insufficient policy enforcement in Blink.
- NA1204722 Medium CVE-2021-30621: UI Spoofing in Autofill.
- NA1224419 Medium CVE-2021-30622: Use after free in WebApp Installs.
- Low CVE-2021-30623: Use after free in Bookmarks.
- TBD1230513 Low CVE-2021-30624: Use after free in Autofill.

Various fixes from internal audits, fuzzing and other initiatives:
- [Win] Notify TextInputClient about input type change during Omnibox init
- MediaStreamVideoTrack::GetCaptureHandle: Check WeakPtr before dereferencing
- Migrate PermissionChip to OnWidgetDestroying
- Merge 93: Null check to fix crash in PlatformGetParent
- Updating XTBs based on .GRDs from branch 4577
- [M93] Stop exporting test results to `luci-resultdb.chromium.*`
- Updating XTBs based on .GRDs from branch 4577
- [Merge to M93] bento_bar: Consolidate window state with the bento bar
- [Merge M93] Fix parameter validation for chrome.tcpServer.getInfo()
- [M93] Cleanup branched builders on chromium.fyi console.
- Fix eventsource/format-utf-8.htm wpt
- [Fuchsia][M93 merge] Fix --shared-array-buffer-allowed-origins for worklets
- [CSN] Tweak element paddings
- [CSN] Do not trigger on tablets
- Revert "Stop setting kStabilityExitedCleanly to true in InitializeMetricsState."
- Updating XTBs based on .GRDs from branch 4577
- Updating XTBs based on .GRDs from branch 4577
- Fix X-Geo header not sent despite user explicitly allowing geolocation
- [Merge to M93] bento_bar: Ensure the bento bar is only created in ACTIVE user session
- [Merge 93] Invalidate frame_view in ChromeNativeAppWindowViewsAuraAsh::SetFullscreen
- [Sheriff] Disable CrComponentsMostVisitedTest.Modification on Linux Tests dbg
- [Android] Record metric only when data is wiped on child account sign-in
- [Merge M93] Do not process non-dictionary configurations
- Do not paint fragmented foreign layers
- Fix heap-use-after-free by passing route_id by copy
- Disable printing tests that require the Windows print spooler service.
- Prevent OOB on dragging tab group
- [Offline Measurements] Handled cases with multiple HttpURLConnections
- [PriceTracking] Fix the price drop IPH focus issue
- Don't retain BrowserContext on stopping audio debug recordings
- [Start] Move UndoGroupSnackbarController to TabbedRootUICoordinator.
- [M93 Stylize] Round down the pixel size for template and padding
- Fix Android Fullscreen Rotation with SurfaceSyncThrottle
- Set app menu background color to match items.
- [Traffic Annotation] Roll traffic_annotation_auditor
- [M93] Use ash feature flag for fetching account capabilities for CrOS
- Merge "FIELDSET: Don't reattach on descendant reattach" to M93 branch


Google Chrome 92.0.4515.159
Security Fixes:
- High CVE-2021-30598: Type Confusion in V8.
- High CVE-2021-30599: Type Confusion in V8.
- High CVE-2021-30600: Use after free in Printing.
- High CVE-2021-30601: Use after free in Extensions API.
- High CVE-2021-30602: Use after free in WebRTC.
- High CVE-2021-30603: Race in WebAudio.
- High CVE-2021-30604: Use after free in ANGLE.

Various fixes from internal audits, fuzzing and other initiatives:
- Revert "Forbid script execution for entire lifecycle update"
- Disable kDesktopCaptureMacV2
- Updating XTBs based on .GRDs from branch 4515
- [Merge 92] Protect candidate better from garbage collection during negotiation.
- [segmentation_platform] Add V2 to the feature name
- Move to Python 3 in chrome/installer/mac/BUILD.gn
- [M92][Credentialless] Fix flakes about iframeTest.js
- [M-92] Check if kArcIsManaged is set before triggering transition
- [RBD] Fetch discount immediately after loading carts
- Re-configure "enable_launch_polish" and "enable_launch_bug_fix"
- Fix error running Mac signing under py3.
- M92: Do more class validity checks in PrintViewManagerBase.
- Disable different origin subframe JS dialog suppression
- M92: NativeIO: Fix potential NativeIOHost lifetime issue.
- Merchant: Don't erase ProfileProtoDB in memory.
- [M92] CP icu fix for nb/no res
- Add UMA for metrics related to the DSE autogrant being disabled.
- Fixed bug where Resetting DSE permissions didn't account for kRevertDSEAutomaticPermissions
- [segmentation_platform] Set and validate feature name hash
- Defer looking up the WebContents for the directory confirmation dialog.
- Disable flaky SubresourceRedirectLoginRobotsBrowserTest tests
- Fix bug where the UI still showed "allowed for your default search engine"
- [M92] Fixed a NPE in DownloadController.requestFileAccessPermissionHelper
- Add a feature that allows control over DSE permission logic
- cros: Disable flaky test RestoreBrowserWindowsToDesks
- Fix a flaky test of MediaHistoryForPrerenderBrowserTest
- [segmentation_platform] Add internal metrics.
- [segmentation_platform] Fixed SignalKey collision
- [segmentation_platform] Update signal collection on model updates
- [Android][Sheriff] Disable Flaky LocationBarTest
- Register SyntheticTrialsActiveGroupIdProvider in WebLayer
- [Fuchsia][M92 merge] Signal last release fences in ~OutputPresenterFuchsia
- Protect HRTF database loader thread from access by different threads
- [M92] Set sheriff rotations as a property on builders
- Address NPE in TabGroupUtils
- [M92] Modify branches.value to support values varied per branch selector
- Sheriff: Disable a flaky test
- [Autofill Assistant] Fixed unit test for starter.
- [Sheriff] Disable flaky test CheckHostPointToScreenInMouseWarpRegion
- 4515: Replace the rdb 'enable' field in testing specs with a better name
- Reapply flaky test expectation for animate-fling-to-snap-points-1.html
- 4515: Update the "py" wheel to a version that is compatible with pytest-6.2.2
- [Merge to 4515] Lacros: fine grained control for google rollout.
- [Sheriff] Disable flaky tast test launcher.SearchBuiltInApps
- [M92] Export chromium test results to chrome-luci-data.chromium.*_test_results


Google Chrome 92.0.4515.131
Security Fixes:
- High CVE-2021-30590: Heap buffer overflow in Bookmarks
- High CVE-2021-30591: Use after free in File System API
- High CVE-2021-30592: Out of bounds write in Tab Groups
- High CVE-2021-30593: Out of bounds read in Tab Strip
- N/A1218468 High CVE-2021-30594: Use after free in Page Info UI
- Medium CVE-2021-30596: Incorrect security UI in Navigation
- TBD1232617 Medium CVE-2021-30597: Use after free in Browser UI
- Various fixes from internal audits, fuzzing and other initiatives
- dpwas: Don't show WebAppFrameToolbarView in fullscreen on win10
- [M92] Fix potential UAF in holding space item views
- [RBD] Add UTM tag
- [Merge 92] Revert "[SH] Allow highlighting text fragments on history navigations"
- [segmentation_platform] Hide voice button setting when useless (Merge CL)
- Fix null pointer dereference
- Updating XTBs based on .GRDs from branch 4515
- arc: Fix intent helper metrics use-after-free
- M92: Add 'UnlimitedSize' to extensions.mojom.LocalFrameHost.Request()
- Handle an empty tabstrip in TabStrip::GetDropBounds
- Fix case where an extension could open a pinned grouped tab
- M92: Revert "Allow multiple relayout passes when scrollbars change."
- [sheriff] Mark RTCPeerConnection-reload-sctptransport.html as flaky
- Updating XTBs based on .GRDs from branch 4515
- [PA] Make GetUsableSize() handle nullptr gracefully
- Fix backspace event triggered twice problem
- M92: [printing] Ensure that the quit closures for Mojo are called
- [Merge-M92] Fix JS dialog navigation deferral race
- PreviewTab: Disable Web Share feature and fix the crash
- Add support for DXGI typeless format for SharedImageBackingFactoryD3D
- Forbid script execution for entire lifecycle update
- [Merge 92] [omnibox] Fix Android about:blank security regression
- M92: Sheriff: disable OutOfProcessPPAPITest.Printing on Win7
- Increase robustness of the move assignment operator for ACMatch
- M92: Disable PrintingContextTests that are failing on Win7 bots
- [Fuchsia][M92 Merge] Improve underflow handling in FuchsiaAudioOutputDevice
- [Autofill Assistant] Retain all script parameters
- [Autofill Assistant] Fix potential crashes in trigger scripts
- Update OWNERS for translation artifacts
- [M92 merge] Lift WebMediaPlayer limits much higher
- Manually post task to bind FileUtilitiesHost
- Merge 4515: Fix nested inline box fragmentation
- [Merge to M92]cr-buildbucket.cfg: export gpu test results to chrome-luci-data
- Fix RecentlyUsedFoldersComboModel heap overflows
- [segmentation_platform] Fix various issues for executing models
- [segmentation_platform] Consistent minimum screen width logic
- [segmentation_platform] Add tracing for processor intensive tasks
- [segmentation_platform] Added core metrics
- [Merge to M92]bento_bar: Adding pref kUserHasUsedDesksRecently
- testing: increase shard for blink_web_tests on 'Mac10.15 Tests (dbg)'
- [PageInfo] PageInfo UI handles WebContents being destroyed


Google Chrome 92.0.4515.107
Security Fixes:
- High CVE-2021-30566: Stack buffer overflow in Printing
- High CVE-2021-30567: Use after free in DevTools
- High CVE-2021-30568: Heap buffer overflow in WebGL
- High CVE-2021-30569: Use after free in sqlite
- High CVE-2021-30571: Insufficient policy enforcement in DevTools
- High CVE-2021-30572: Use after free in Autofill
- High CVE-2021-30573: Use after free in GPU
- High CVE-2021-30574: Use after free in protocol handling
- Medium CVE-2021-30575: Out of bounds read in Autofill
- Medium CVE-2021-30576: Use after free in DevTools
- Medium CVE-2021-30577: Insufficient policy enforcement in Installer
- Medium CVE-2021-30578: Uninitialized Use in Media
- Medium CVE-2021-30579: Use after free in UI framework
- Medium CVE-2021-30580: Insufficient policy enforcement in Android intents
- Medium CVE-2021-30581: Use after free in DevTools
- Medium CVE-2021-30582: Inappropriate implementation in Animation
- Medium CVE-2021-30583: Insufficient policy enforcement in image handling on Windows
- Medium CVE-2021-30584: Incorrect security UI in Downloads
- Medium CVE-2021-30585: Use after free in sensor handling
- Medium CVE-2021-30586: Use after free in dialog box handling on Windows
- Medium CVE-2021-30587: Inappropriate implementation in Compositing on Windows
- Low CVE-2021-30588: Type Confusion in V8
- Low CVE-2021-30589: Insufficient validation of untrusted input in Sharing

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [1231294] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 91.0.4472.164
Security Fixes:
- Out of bounds write in ANGLE
- Use after free in V8
- [$N/A][1219209] High CVE-2021-30560: Use after free in Blink XSLT
- Type Confusion in V8
- Use after free in WebSerial
- Type Confusion in V8
- Heap buffer overflow in WebXR

Various fixes from internal audits, fuzzing and other initiatives:
- [M91] [Sheriff] Disable flaky mac test
- 4472: infra: Allow CI & try builds to create RDB invocations in their realms
- Revert "Change low stylus battery notification message"
- ChromeAppSorting should ignore bookmark app extensions which obsolete
- ExtensionSyncService::ApplySyncData should not set ChromeAppSorting ordinals for bookmark apps
- Fix use-after-free with XSLT strip-space
- serial: Fix parent class tracing for SerialPort
- Revert "[fuchsia] Use Ubuntu 16.04 or 20.4 for Fuchsia arm64 tests."
- Change low stylus battery notification message
- Fix Samsung Odyssey Input Profile Mismatch
- [fuchsia] Use Ubuntu 16.04 or 20.4 for Fuchsia arm64 tests
- [M91] Migrate all builds to bbagent
- Add luci and test configurations for Win10 20h2 tester and trybot
- Add the ability to not generate location tag metadata at runhooks-time
- [M91][Extensions][Tabs] Allow tabs.query and tabs.get while drag in progress


Google Chrome 91.0.4472.114
- Ensure that XRLayer includes base EventTarget in Trace
- [M91] Disable QRGeneratorUtilTest.GenerateQRCode_ValidData
- Reland "Regenerate group IDs when restoring closed window"
- [ChromeCart] Fix AddToCart false positives for some sites
- Initialize FFT HashMap with all possible keys
- [M91] Reland: PaymentInstrumentIconFetcher avoids using released WebContents
- M91: Update all iOS CI & try builders to accept only Mac 11
- [91] chromeos: Unset BOTO_CONFIG env var when flashing public images

Security Fixes:
- High CVE-2021-30554: Use after free in WebGL
- High CVE-2021-30555: Use after free in Sharing
- High CVE-2021-30556: Use after free in WebAudio
- High CVE-2021-30557: Use after free in TabGroups


Google Chrome 91.0.4472.106
- Change log not available for this version


Google Chrome 91.0.4472.77
- High CVE-2021-30521: Heap buffer overflow in Autofill
- High CVE-2021-30522: Use after free in WebAudio
- High CVE-2021-30523: Use after free in WebRTC
- High CVE-2021-30524: Use after free in TabStrip
- High CVE-2021-30525: Use after free in TabGroups
- High CVE-2021-30526: Out of bounds write in TabStrip
- High CVE-2021-30527: Use after free in WebUI
- NA1206329 High CVE-2021-30528: Use after free in WebAuthentication
- Medium CVE-2021-30529: Use after free in Bookmarks
- Medium CVE-2021-30530: Out of bounds memory access in WebAudio
- Medium CVE-2021-30531: Insufficient policy enforcement in Content Security Policy
- Medium CVE-2021-30532: Insufficient policy enforcement in Content Security Policy
- Medium CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
- Medium CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
- Medium CVE-2021-30535: Double free in ICU
- Medium CVE-2021-21212: Insufficient data validation in networking
- Low CVE-2021-30536: Out of bounds read in V8
- Low CVE-2021-30537: Insufficient policy enforcement in cookies
- Low CVE-2021-30538: Insufficient policy enforcement in content security policy
- Low CVE-2021-30539: Insufficient policy enforcement in content security policy
- Low CVE-2021-30540: Incorrect security UI in payments

Various fixes from internal audits, fuzzing and other initiatives:
- Prevent crashes from large origin trial config
- Present FRE on the view controller of the current interface that is active
- [M91] Fix Lacros intermitent build failure
- WebSQL: Re-enable ALTER TABLE ADD COLUMN
- WebLayer: Disable 2 tests for Android 10 x86 skew tests
- Migrate tsan builders to bionic by Stephen Martinis
- Allow for empty full name and icon URL
- [M-91] OOBE: Use wildcard label for authorization key when adding PIN
- [Merge to M-91] capture_mode: Fix being able to capture a window with protected content by Ahmed Fakhry ·
- Updating XTBs based on .GRDs from branch 4472
- [fuchsia] Fix an incorrect use of StringPiece
- [91] Migrate internal linux & CrOS builders' tests to bionic
- Revert "Do not ignore null navigation context on iOS 13"
- Updating XTBs based on .GRDs from branch 4472
- M91: WebUI: Fix dangling observers in two webui handlers. by Matt Falkenhagen
- b5e5 Reland "Fix target=_blank crash for existing-client-navigate link captures" by Alan Cutter
- a4b341cb7 Bumping up the quickoffice chrome flag's expiry version. This gives buffer to investigate how to get rid of this flag, or to present the case to make this flag "never expire". by Harmandeep Singh
- Leave LiveCaption disabled by default on Chrome OS
- Revert "Roll ChromeOS Atom AFDO profile from 91-4472.33-1620643607-benchmark-91.0.4472.63-r1 to 91-4472.60-1621245530-benchmark-91.0.4472.65-r1"
- [M91][Extensions][Tabs] Ensure tab strip is editable before editing
- Revert "Roll ChromeOS Atom AFDO profile from 91-4472.60-1621245530-benchmark-91.0.4472.65-r1 to 91-4472.60-1621245530-benchmark-91.0.4472.66-r1"
- [91] Migrate all tests on the ASan CQ bot to bionic
- [TablesNG] Fix size of table-cell child with overflow and percent height
- Download: Use tab's OTRProfileID when opening download home
- Privacy Sandbox Android: updated the default URL
- Remove tabs and line breaks from the middle of app names when parsing
- Cloud print: Don't double search for empty account [M91]
- [M91] chromium.fyi builders to bionic
- Cloud Print: Give up on loading cloud printers for FAILED event [M91]
- Disable DesktopCaptureMacV2
- [media-router] Remove CancelableTaskTracker from DialServiceImpl
- Updating XTBs based on .GRDs from branch 4472
- Fix use-after-free allocating bt allocating memory for strings
- Make previous fix for Mac z-fighting more specific to avoid Win7 issue


Google Chrome 90.0.4430.212
- Change log not available for this version


Google Chrome 90.0.4430.93
- Disable mac IsUVPAA startup metric
- Merge to 90: Presentational objects should not create a paragraph boundary
- Roll ChromeOS Orderfiles from 90-4430.36-1617012563-benchmark-90.0.4430.53-r1 to 90-4430.73-1618827280-benchmark-90.0.4430.89-r1
- [ChromeCart] Improve cart content extraction
- [ChromeCart] Fix AddToCart detection for some sites
- [MIX-DL] Fix blob: URL handling and clarify console messages
- Remove CHECK on BigBuffer shm failure
- [Merge M90][Extensions] Policy blocked hosts supersede `debugger`
- [printing] Quit the runloop on Mojo disconnectio
- Read later: Add new Finch param and new flag for follow up experiment
- Fix issue on
- [flex] Don't stretch orthog. flex-items in column flexboxes.
- Set OAC correctly when committing a data URL with a base URL.
- Fix CanAccessWindow bindings CHECK failing.
- [M90] Need to populate OriginAccessList for split-mode extensions.
- Trigger full invalidation when frame becomes unthrottled
- Roll ChromeOS Orderfiles from 90-4430.36-1617012563-benchmark-
- [PAS] Escape URL when passed as a QueryParam
- [Merge M90] Unexpire a few histograms to explore page load performanc
- [Merge M90] Add histograms for subresource load timings during navigation
- [M90 merge] weblayer: don't crash if onNativeLoaded called multiple times
- Download: Show a proper URL in download home UI.
- [M90][mac][infra] Remove Mac10.13 Tests (dbg)

Security fixes:
- Insufficient data validation in V8
- Use after free in Dev Tools
- Heap buffer overflow in ANGLE
- Insufficient policy enforcement in extensions
- Incorrect security UI in downloads
- Type Confusion in V8
- Insufficient data validation in V8


Google Chrome 90.0.4430.85
- Reland "Fix the wrong direction with disabling CSSPseudoDir flag"
- [Message] Update scope change on #navigationEntryCommitted
- [DevTools] Use OriginalProfile for DevTools window if possible
- Revert "Resolve Service Worker redirects based on the response"
- [merge][90][GeneratedCodeCache] Copy large data before hashing and writing
- [PriceTracking] Set visibility of menu dialog item before it shows
- [PriceTracking] Add PriceDropNotification feature parameter
- Don't report PaymentRequest CSP errors
- [M90] OOBE - Prevent Renderer Crashes
- Ensure that BrowserContext is not used after it has been freed
- Add null pointer check in RenderWidgetHostInputEventRouter
- vaapi: Fix infinite loop in encrypted sample parsing
- Add weak pointer to RWHIER::FrameSinkIdOwnerMap and RWHIER::TargetMap
- Add crashkeys to identify where |target| is assigned to a stale value
- [views] Handle window deletion during HandleDisplayChange
- Mojo: Properly validate broadcast events
- Fix order of matrix multiplication in playback params
- [M90] OOBE - Improve Renderer Stability
- Disable the default web apps migration on Chrome OS
- [CrOS] Disable touchscreen logging
- Cherry pick: [trigger_script] Include resultdb invocation in tasks
- [Start] Add early return for testShow_SingleAsHomepage_BackButtonOnHomepageWithGroupTabsDialog__Instant_Return
- [M90][Sheriff] Disable flaky test BitmapGeneratorTest#testCapturedNewOne
- [M90][Sheriff] Disable various flaky blink tests
- [4430] Remove nacl_loader_unittests from "Mac11 Tests" builder

Security fixes:
- High CVE-2021-21222: Heap buffer overflow in V8
- High CVE-2021-21223: Integer overflow in Mojo
- High CVE-2021-21224: Type Confusion in V8
- High CVE-2021-21225: Out of bounds memory access in V8
- High CVE-2021-21226: Use after free in navigation
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 90.0.4430.72
Security fixes:
- High: CVE-2021-21201: Use after free in permissions
- High: CVE-2021-21202: Use after free in extensions
- High: CVE-2021-21203: Use after free in Blink
- High: CVE-2021-21204: Use after free in Blink
- High: CVE-2021-21205: Insufficient policy enforcement in navigation
- High: CVE-2021-21221: Insufficient validation of untrusted input in Mojo
- Medium: CVE-2021-21207: Use after free in IndexedDB
- Medium: CVE-2021-21208: Insufficient data validation in QR scanner
- Medium: CVE-2021-21209: Inappropriate implementation in storage
- Medium: CVE-2021-21210: Inappropriate implementation in Network
- Medium: CVE-2021-21211: Inappropriate implementation in Navigation
- Medium: CVE-2021-21212: Incorrect security UI in Network Config UI
- Medium: CVE-2021-21213: Use after free in WebMIDI
- Medium: CVE-2021-21214: Use after free in Network API
- Medium: CVE-2021-21215: Inappropriate implementation in Autofill
- Medium: CVE-2021-21216: Inappropriate implementation in Autofill
- Low: CVE-2021-21217: Uninitialized Use in PDFium
- Low: CVE-2021-21218: Uninitialized Use in PDFium
- Low: CVE-2021-21219: Uninitialized Use in PDFium


Google Chrome 89.0.4389.128
- Forbid script execution while updating the paint lifecycle
- [WPT] Mark permissions policy timing test slow on debug
- [GCPW] Fallback to registry when permitted domains cloud policy is empty
- Pin win10_chromium_x64_rel_ng and win7-rel to 16 cores
- Created a duplicate 'Mac11 Tests' from 'Mac11.0 Tests'
- Launching app inventory, upload device details and fetch experiments
- [Fuchsia] Add Fuchsia official builders to mb_config
- [Fuchsia] Remove unnecessary package vars from yaml files
- Only show krane's custom Demo Mode attract loop on krane devices
- [4389][mac][infra] Add Mac10.15 Tests (dbg)

Security fixes:
- High CVE-2021-21206: Use after free in Blink
- High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64


Google Chrome 89.0.4389.114
Security Fixes:
- High CVE-2021-21194: Use after free in screen capture.
- High CVE-2021-21195: Use after free in V8.
- High CVE-2021-21196: Heap buffer overflow in TabStrip.
- TBD1173903 High CVE-2021-21197: Heap buffer overflow in TabStrip.
- TBD1184399 High CVE-2021-21198: Out of bounds read in IPC.
- High CVE-2021-21199: Use Use after free in Aura.

Various fixes from internal audits, fuzzing and other initiatives:
- Merge 4389: Make ComputeNGCaretPosition() to handle upstream position after soft line wrap
- Enable cloud policies by default
- Read Os version from registries.
- [ChromeCart] Fix URL matching for cart and checkout
- [ChromeCart] Extract product images in absolute URL
- [ChromeCart] Improve cart visit detection heuristics
- Disable flaky CommerceHintCacaoTest.Rejected test.
- [ChromeCart] Exclude products in "saved for later" section
- [ChromeCart] Fix false positives of add-to-cart detection
- Reland "Reland "[ChromeCart] Improve checkout detection heuristics""
- Setting AppType for Win32 apps.
- [privacy_budget] Remove unnecessary kCanvasReadback metrics.
- Upload app data only when device is enrolled.
- Don't use BigBuffer for IPC::Message transport
- Fix container overflow in add to existing window and group tab context menu commands.
- Merge 89: Handle DOM-created tables with atypical structure
- [fuchsia] Recreate web.Context if persisted cache is erased.
- [floats] Fix overlap tests in NGExclusionSpace.
- Avoid starting invalidations multiple times.
- Changes to fetch win32 apps installed on the managed windows device and upload them.
- [Fuchsia] Fix FuchsiaAudioRenderer to call Stop() only after Start()
- Allow logged-in sites to be mentioned via optimization guide
- WebContents bug fix: Device capture only if web contents is valid
- Unlock win7-rel to run on machines with any core count.
- Disable variations layers when low entropy provider is null
- [M89 merge] x11/ozone: fix two edge cases
- Fix PageInfo for https image compression
- [M89][CrOS] Align password to start of password row when no icon is shown
- Allow first K images to load faster
- Add scheme check to crashing login detection code
- [Messages] Control autodismiss duration from Finch experiment
- Record image compression ukm metrics
- [Start] Make tab switcher page scroll to the last selected card.
- Download: Support legacy SD card download path content URI on R.
- [Start] Fix java.lang.NullPointerException at FeedStream.getView(FeedStream.java)
- [fuchsia] Ensure thread safety for ScenicOverlayView
- [fuchsia] Disable memory mitigations for visible LayerTreeHostImpls.
- Sheriff: Disable LoadTimingBrowserTest on the M89 branch.
- Sheriff: Disable broken StartSurface test on M89.
- Pull muted tab audio on a RT thread in the audio process.
- [fuchsia] Add vmodule flag support from config-data for WebEngine
- Allow ServiceWorkerResourceReader::ReadData() to return empty handle
- [fuchsia] Change minimum log level when verbose logging is on
- [fuchsia] Enable the media log as VLOGs on Fuchsia
- [fuchsia] Disable memory-pressure handling in Renderers by default
- Use a longer timeout for android-marshamllow-arm64-rel on branches.
- [CCA] Remove metadata observer when closing streams
- Add auto rollers as OWNERS of the files they touch
- [Fuchsia] Fix crash in VideoCaptureDeviceFactoryFuchsia
- Rename is_master to is_main.
- Get CameraAppDeviceImpl upon using in CrOS VCD
- VCD: Refactor CameraAppDeviceBridgeImpl and CameraAppDeviceImpl
- [ChromeCart] Allow skipping products
- [ChromeCart] Only handle http(s) schemes
- OOBE OfflineLogin: Correct login call to use internal authorization
- [CrOS] Show placeholder text on login/lock screen even with empty pwd
- Fix crash when restoring selection after a drag during which a dragged tab was closed.
- [Merge M89] Multi-User WM: Fix disappearing windows during profile switching.
- [M89][Lacros] Disable multiple Chrome OS sign-in when Lacros is enabled
- m89: Mitigate performance issues in Google tts
- [M89] Adds lacros_version_metadata


Google Chrome 89.0.4389.90
- High CVE-2021-21191: Use after free in WebRTC. Reported
- High CVE-2021-21192: Heap buffer overflow in tab groups. Reported
- High CVE-2021-21193: Use after free in Blink. Reported
- Various fixes from internal audits, fuzzing and other initiatives
- [Merge to M89] Expose langid events from SODA to Chrome and switch to protos
- Disable SVG composited animation if effective zoom is not 1
- Remove pre-target event handler before main widget close
- Fix remaining instances of RevertDragAt losing track of tabs.
- [ChromeCart] Extract products in shopping cart (2/2)
- [headless] Don't CHECK() crash on OSCrypt initialization failure.
- [headless] Move PrefService to HeadlessBrowserMainParts
- [WebLayer] Fix crash in GPU process when using GMS APIs
- [Grid] Auto-scroll to selected tab after tab model switching
- Revert "[headless] Configure renderer preferences from system settings"
- [headless] Configure renderer preferences from system settings
- [Merge to M89] Iterate more carefully over DTLS transports at close
- [ChromeCart] Restore module visibility when cart-action happens
- [ChromeCart] Extract products in shopping cart (1/2)
- Mark additional RootInlineBox dirty when culled inline box is removed
- [ChromeCart] Deflake CommerceHintAgentTest.CartPriority
- [Sheriff] Disable CommerceHintAgentTest.CartPriority on Linux
- Copy CSSM_TP_APPLE_EVIDENCE_INFO immediately after SecTrustGetResult
- Fix null domWindow crash in VisualViewport events
- [ChromeCart] Try to obtain cart URL when add-to-cart is detected
- [ChromeCart] Use optimization guide to filter out non-shopping sites
- M89: Increase BrowsingInstance cleanup delay.
- [ChromeCart] Pick the best source of cart URL
- [ChromeCart] Hide a unused function on CrOS
- [ChromeCart] Disable cart for non-SignIn single-profile users
- [ChromeCart] De-flake CommerceHintAgentTest tests
- [ChromeCart] Look up cart URL and merchant name when adding cart
- [ChromeCart] Add OWNERS file for chrome/renderer/cart
- [ChromeCart] Disable flaky CommerceHintAgentTest tests
- [Sheriff] Disable benchmark under Msan.
- [ChromeCart] Detect more shopping actions
- [ChromeCart] Implement add-to-cart detection
- [fuchsia] Add logging to diagnose a crash in the request rewrite throttles
- Handle resize bitmap operation failing.
- Revert changes to PPD file parsing
- [fuchsia] Suppress |is_main_document_loaded| if navigations are pending.
- Updating XTBs based on .GRDs from branch 4389
- [floc] change the API return type to Promise
- SiteForCookies now computes value for frame tree
- [base/allocator] Intercept (v)asprintf() in the shims on Android.
- [a11y] Accessibility bridge rejects actions on invalidtrees.
- [M89] [sheriff] Disable ExtensionInstallDialogViewInteractiveBrowserTest.InvokeUi_ManyPermissions on Windows for real


Google Chrome 89.0.4389.82
- GMC: Enable Global Media Controls for ChromeOS
- [sheriff] Disable flaky CartHandlerTest.TestEnableFakeData
- [Sheriff] Disable flaky test on TSAN
- Call SetNeedsAssignmentRecalc in HTMLSlotElement::ChildrenChanged
- Stop preloading vr module to avoid racey crash
- Don't crash on reentrant RunMoveLoop call
- Fix download resumption in reduced mode
- Add WebLayer getters for referrer and form submission
- Enable chromium M89 CQ to trigger chrome M90 builders
- [Merge to M89][Multipaste] Restrict the size of the web contents from the copied HTML
- cros: Make AcceleratorHistory higher priority
- Wi-Fi Sync: Default autoconnect to enabled when unspecified
- Active user takes ownership of networks on password updates
- Prevent showing notification when Wi-Fi Sync is not visible in settings
- [M89]Use the chrome.exe path instead of the directory
- [Fuchsia] Fix OutputPresenterFuchsia to send non-decreasing timestamps
- Condition Price Tracking on MBB Consent
- [fuchsia] Add multiple component support for audio/video capturers
- [iOS] Guard against grid view item array overrun
- [iOS][MF] Validate web state
- [iOS][Settings] Fixes clear browsing data link
- [Merge M89] Bento: Save desk names and workspaces after desk reordering
- [M89] ash: Handle nullptr window in WebAuthn request registrar
- [Merge to M-89][Multipaste] Destruct the multipaste menu views asynchronously
- Revert "Use stereo audio processing in stereo calls"
- m89: Makes all accessibility * enable prefs non-synchable


Google Chrome 89.0.4389.72
Fixed:
- Heap buffer overflow in TabStrip
- Heap buffer overflow in WebAudio
- Heap buffer overflow in TabStrip
- Use after free in WebRTC
- Insufficient data validation in Reader Mode
- Insufficient data validation in Chrome for iOS<