Google Chrome 歷史舊版本 Page137

更新時間：2018-06-06
更新細節：

更新時間：2018-05-11
更新細節：

What's new in this version:

Google Chrome 66.0.3359.170 (32-bit)

- Publish DEPS for Chromium 66.0.3359.170 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.170 by chrome-release-bot
- Warmup text color API for pdf compositor service by Wei Li
- Incrementing VERSION to 66.0.3359.169 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.168 by chrome-release-bot
- [Blink] Simplify CompositedLayerMapping::ComputeGraphicsLayerParentLocation() by Tien-Ren Chen
- Incrementing VERSION to 66.0.3359.167 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.166 by chrome-release-bot
- Merge to M66: Apply ExtensionNavigationThrottle filesystem/blob checks to all frames. by Charlie Reis
- Incrementing VERSION to 66.0.3359.165 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.164 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.163 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.162 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.161 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.160 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.159 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.158 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.157 by chrome-release-bot
- [Android O] Stop registering notification channels in Incognito by Anita Woodruff
- m66 merge: Fix crash when the immesriv mode is enabled during initialization by Qiang Xu
- Merge 66: FrameSinkVideoCapture: BeginFrameArgs→DisplayScheduler timestamps by Adam Parker
- Incrementing VERSION to 66.0.3359.156 by chrome-release-bot
- Android: Fix crash when trying to select a photo from an <input> by Andrew Grieve
- Incrementing VERSION to 66.0.3359.155 by chrome-release-bot
- Merge M66 "cros: Move GetCurrentNetworkId call off IO thread." by Xiyuan Xia
- Incrementing VERSION to 66.0.3359.154 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.153 by chrome-release-bot
- [Android] Fix a NPE in ImeAdapterImpl by Shimi Zhang
- Merge the fix for crbug.com/817479 to M66. by Sahel Sharify
- Fix fullscreen app list bounds issue by Weidong Guo
- Incrementing VERSION to 66.0.3359.152 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.151 by chrome-release-bot
- Merge M66: Add Windows RS4/1803/17134 OS version support. by Will Harris
- Chrome OS, first run UI: Update rules for showing Sync Settings screen. by Alexander Alekseev
- Incrementing VERSION to 66.0.3359.150 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.149 by chrome-release-bot
- ONC: Allow client cert properties from UI by Steven Bennetts
- Incrementing VERSION to 66.0.3359.148 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.147 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.146 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.145 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.144 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.143 by chrome-release-bot
- Updating XTBs based on .GRDs from branch 3359 by Krishna Govind
- Incrementing VERSION to 66.0.3359.142 by chrome-release-bot
- Incrementing VERSION to 66.0.3359.141 by chrome-release-bot
- Fix the time origin of delayed MIDIOutput::send by tzik
- Incrementing VERSION to 66.0.3359.140 by chrome-release-bot


Google Chrome 66.0.3359.139 (32-bit)

- Publish DEPS for Chromium 66.0.3359.139
- Incrementing VERSION to 66.0.3359.139
- windows: call l10n_util::OverrideLocaleWithUILanguageList() earlier
- [MemCache] Fix bug while iterating LRU list in range doom
- Reland "Remove ".dd" extension from VR icons"
- Revert "Remove ".dd" extension from VR icons"
- Incrementing VERSION to 66.0.3359.138
- Incrementing VERSION to 66.0.3359.137
- Incrementing VERSION to 66.0.3359.136
- Incrementing VERSION to 66.0.3359.135
- Fix cherrypick of "Update isAtLeastP implementation."
- Incrementing VERSION to 66.0.3359.134
- Incrementing VERSION to 66.0.3359.133
- Update isAtLeastP implementation.
- Fix nullptr crash in UpdateSubFrameScrollOnMainReason
- Remove ".dd" extension from VR icons
- Incrementing VERSION to 66.0.3359.132
- Incrementing VERSION to 66.0.3359.131
- Incrementing VERSION to 66.0.3359.130
- Incrementing VERSION to 66.0.3359.129
- Incrementing VERSION to 66.0.3359.128
- Incrementing VERSION to 66.0.3359.127
- Settings > Display: Use a single div
- Incrementing VERSION to 66.0.3359.126
- Revert "Android Accessibility: Set flag to enable jump to last element on ACTION_PREVIOUS_HTML_ELEMENT"
- Revert "[MacViews] Add Lookup in the Textfield Context Menu"
- Incrementing VERSION to 66.0.3359.125
- Incrementing VERSION to 66.0.3359.124
- Updating XTBs based on .GRDs from branch 3359
- Incrementing VERSION to 66.0.3359.123
- Incrementing VERSION to 66.0.3359.122
- Return null InlineBoxPosition if no last text box.
- Incrementing VERSION to 66.0.3359.121

Ignore null navigation item inside didReceiveRedirectForNavigation:withURL:
- media/gpu/v4l2vda: Execute NotifyFlushDone for Flush if input stream is off
- Incrementing VERSION to 66.0.3359.120
- Incrementing VERSION to 66.0.3359.119
- Unbind binding_ in oom_intervention_tab_helper
- Updating XTBs based on .GRDs from branch 3359
- app_list: fix crashes.
- kUseMonitorColorSpace: mark DISABLED_BY_DEFAULT
- [Merge to M66] Cache command-line switches keyed
- m66 merge: cros: Minimized use pre-minimied show state for caption button update
- m66 merge: Move the caption color handling code from WindowStateDelegate to CustomFrameViewAsh
- Incrementing VERSION to 66.0.3359.118


Google Chrome 66.0.3359.117 (32-bit)

Site Isolation Trial:
- Chrome 66 will include a small percentage trial of Site Isolation, to prepare for a broader upcoming launch. Site Isolation improves Chrome's security and helps mitigate the risks posed by Spectre
- To diagnose whether an issue is caused by Site Isolation, use chrome://flags#site-isolation-trial-opt-out as described here. Please report any trial-specific issues to help us fix them before Site Isolation is launched more broadly

Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
- Chrome 66 will not trust website certificates issued by Symantec's legacy PKI before June 1st 2016, continuing the phased distrust outlined in our previous announcements
- This update includes 62 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information
- Critical CVE-2018-6085: Use after free in Disk Cache
- Critical CVE-2018-6086: Use after free in Disk Cache
- High CVE-2018-6087: Use after free in WebAssembly
- High CVE-2018-6088: Use after free in PDFium
- High CVE-2018-6089: Same origin policy bypass in Service Worker
- High CVE-2018-6090: Heap buffer overflow in Skia
- High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
- High CVE-2018-6092: Integer overflow in WebAssembly
- Medium CVE-2018-6093: Same origin bypass in Service Worker
- Medium CVE-2018-6094: Exploit hardening regression in Oilpan
- Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
- Medium CVE-2018-6096: Fullscreen UI spoof
- Medium CVE-2018-6097: Fullscreen UI spoof
- Medium CVE-2018-6098: URL spoof in Omnibox
- Medium CVE-2018-6099: CORS bypass in ServiceWorker
- Medium CVE-2018-6100: URL spoof in Omnibox
- Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools
- Medium CVE-2018-6102: URL spoof in Omnibox
- Medium CVE-2018-6103: UI spoof in Permissions
- Medium CVE-2018-6104: URL spoof in Omnibox
- Medium CVE-2018-6105: URL spoof in Omnibox
- Medium CVE-2018-6106: Incorrect handling of promises in V8
- Medium CVE-2018-6107: URL spoof in Omnibox
- Medium CVE-2018-6108: URL spoof in Omnibox
- Low CVE-2018-6109: Incorrect handling of files by FileAPI
- Low CVE-2018-6110: Incorrect handling of plaintext files via file://
- Low CVE-2018-6111: Heap-use-after-free in DevTools
- Low CVE-2018-6112: Incorrect URL handling in DevTools
- Low CVE-2018-6113: URL spoof in Navigation
- Low CVE-2018-6114: CSP bypass
- Low CVE-2018-6115: SmartScreen bypass in downloads
- Low CVE-2018-6116: Incorrect low memory handling in WebAssembly
- Low CVE-2018-6117: Confusing autofill settings
- Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL


Google Chrome 65.0.3325.181 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 65.0.3325.162 (32-bit)

- 3c9ddcc Publish DEPS for Chromium 65.0.3325.162
- 5d04e9e Incrementing VERSION to 65.0.3325.162
- bf9a718 Fix print job early termination during PDF conversion (M65)
- 0294d59 Clear the download item's target on dealloc.
- fc27079 [M-65] Remove libusb-Windows support for HID devices
- 0f531d1 Incrementing VERSION to 65.0.3325.161
- 502a044 Bail out if there are no stored encryption keys.
- db52a65 Incrementing VERSION to 65.0.3325.160
- a49a99e Incrementing VERSION to 65.0.3325.159
- 98307bfc Incrementing VERSION to 65.0.3325.158
- 03cc863 Incrementing VERSION to 65.0.3325.157
- e939f26 Incrementing VERSION to 65.0.3325.156
- fcbd411 Incrementing VERSION to 65.0.3325.155
- cb9332d [Merge to M65] Fix XFCE frame buttons rendering too large on GTK < 3.20
- dbe7058 Incrementing VERSION to 65.0.3325.154
- e9e37b0 Incrementing VERSION to 65.0.3325.153
- 62c9c15 Incrementing VERSION to 65.0.3325.152
- a0ead6a Fix decidePolicyForNavigationResponse crash for iframes downloads.
- 27ad4eb Logs First Run Sentinel creation failures with FirstRun.SignIn histogram
- 1e3ea2b Incrementing VERSION to 65.0.3325.151
- a6df90f Incrementing VERSION to 65.0.3325.150
- ed7c8bf Devtools: Fix clipping with device emulation.
- 20436a2 Incrementing VERSION to 65.0.3325.149
- d828201 Incrementing VERSION to 65.0.3325.148
- cd60292 Chrome OS OOBE: Change illustration when switching to tablet mode
- f99b7dd android: Fix sensors in device service
- f607cb3 Incrementing VERSION to 65.0.3325.147


Google Chrome 65.0.3325.146 (32-bit)

Security Fixes:
- High CVE-2018-6058: Use after free in Flash
- High CVE-2018-6059: Use after free in Flash
- High CVE-2018-6060: Use after free in Blink
- High CVE-2018-6061: Race condition in V8
- High CVE-2018-6062: Heap buffer overflow in Skia
- High CVE-2018-6057: Incorrect permissions on shared memory
- High CVE-2018-6063: Incorrect permissions on shared memory
- High CVE-2018-6064: Type confusion in V8
- High CVE-2018-6065: Integer overflow in V8
- Medium CVE-2018-6066: Same Origin Bypass via canvas
- Medium CVE-2018-6067: Buffer overflow in Skia
- Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- Medium CVE-2018-6069: Stack buffer overflow in Skia
- Medium CVE-2018-6070: CSP bypass through extensions
- Medium CVE-2018-6071: Heap bufffer overflow in Skia
- Medium CVE-2018-6072: Integer overflow in PDFium
- Medium CVE-2018-6073: Heap bufffer overflow in WebGL
- Medium CVE-2018-6074: Mark-of-the-Web bypass
- Medium CVE-2018-6075: Overly permissive cross origin downloads
- Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- Medium CVE-2018-6077: Timing attack using SVG filters
- Medium CVE-2018-6078: URL Spoof in OmniBox
- Medium CVE-2018-6079: Information disclosure via texture data in WebGL
- Medium CVE-2018-6080: Information disclosure in IPC call
- Low CVE-2018-6081: XSS in interstitials
- Low CVE-2018-6082: Circumvention of port blocking
- Low CVE-2018-6083: Incorrect processing of AppManifests
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version


Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26


Google Chrome 64.0.3282.140 (32-bit)

Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed

This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 64.0.3282.119 (32-bit)

Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109


Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot


Google Chrome 62.0.3202.89 (32-bit)

Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8


Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8


Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL


Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04


Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version


Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102


Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version


Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot


Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version


Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot


Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version


Google Chrome 59.0.3071.104 (32-bit)

Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer


Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.

Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba

Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC

Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8

Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null

Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version

Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative

Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version

Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version

Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version

Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version

Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version

Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP

Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version

Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).

Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version

Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.

Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.

Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version

Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."

Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.

Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.

Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).

Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.

Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)

Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome

Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version

Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.

Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)

Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267

Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing

Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version

Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)

Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer

Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).

Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version

Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8

Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)

Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version

Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink

Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance

Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue

Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported

Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards

Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160

Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print

Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch

Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).

Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance

Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.

Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version

Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version&l

更新時間：2018-05-11
更新細節：

What's new in this version:

Rank Tracker 8.23.2
- A few minor bugs have been fixed


Rank Tracker 8.23
- Discover the keywords a website is already ranking for with the help of a new Ranking Keywords method


Rank Tracker 8.22.9
- A few minor bugs have been fixed


Rank Tracker 8.22.8
- A few minor bugs have been fixed


Rank Tracker 8.22.7
- The whois library for checking domain age has been updated
- Fixed the issue of Yandex Direct results being collected together with organic rankings


Rank Tracker 8.22.6
- A few minor bugs have been fixed


Rank Tracker 8.22.5
- The problem of blurred interface on retina displays has been fixed


Rank Tracker 8.22.4
- A few minor bugs have been fixed


Rank Tracker 8.22.3
- A few minor bugs have been fixed


Rank Tracker 8.22.2
- A few minor bugs have been fixed


Rank Tracker 8.22.1
- A few minor bugs have been fixed


Rank Tracker 8.22
- Solved the problem with calculating average cost per click value


Rank Tracker 8.21.7
- The issue related to collecting search volume via Google Forecast has been fixed


Rank Tracker 8.21.6
- The fix for new Google Adwords Keyword Planner interface has been implemented


Rank Tracker 8.21.5
- A few minor bugs have been fixed


Rank Tracker 8.21.4
- A few minor bugs have been fixed


Rank Tracker 8.21.3
- Fixed the problem with collecting URLs from Google Top Stories into Keyword Difficulty results


Rank Tracker 8.21.2
- Fixed the bug that caused collecting wrong number of competitors for the 'Keyword Difficulty' tab


Rank Tracker 8.21.1
- A few minor bugs have been fixed


Rank Tracker 8.21
- Fixed the issue with incorrect visibility graph results for project competitors


Rank Tracker 8.20.5
- Fixed duplicated entries for the Keyword Map module, the issue with the filters for Yandex Regions has been fixed


Rank Tracker 8.20.4
- Fixed the problem with Rank Tracker modal windows on MacOS that opened under the main window


Rank Tracker 8.20.3
- Improved UI for minimized interface view and for screens with low resolution and some other minor bugs have been fixed


Rank Tracker 8.20.2
- The time filter from the Keyword Research module has been fixed


Rank Tracker 8.20.1
- New Rank Tracker version with improved memory utilization algorithm for 64-bit Windows machines


Rank Tracker 8.20
- Several bugs have been fixed and UX improvements implemented in Rank Tracker

更新時間：2018-05-05
更新細節：

What's new in this version:

WYSIWYG Web Builder 12.5.2

Fixed:
- PHP may be removed when optimize inline styles is active with breakpoints
- Full width Picture has fixed height in layout grid

Improved:
- 64bit version should ignore .uwbx extensions in the Extension Manager


WYSIWYG Web Builder 12.5.1
Improved:
- Block Manager ignores blocks created with a newer WWB version to prevent conflicts with future versions of the application
- Template selection window ignores templates created with a newer WWB version
- Added 'RGB' color type support for extensions


WYSIWYG Web Builder 12.5

Fixed:
- SlideShow pagination buttons have wrong z-index
- Folder should not be included in Open Graph URL

Improved:
- Now includes PHP Mailer 5.2.26
- Picture adaptive images now included in the Asset Manager
- Optimized HTML rendering of extensions, blog, article and other real-time HTML code in the workspace
- Blog And Article have been redesigned to use considerably less system resources
- Added support for boolean attributes in HTML formatter (readonly, autofocus, multiple etc.)
- Implemented 'accept' attribute for the File Upload object. This specifies the types of files that the file input accepts in the file browser. This works in combination with the form validation
- 'Automatically include viewport meta tag' now also works in combination with Flex Containers
- Implemented 'ctrl-tab' and 'shift-ctrl-tab' to switch between open windows
- Implemented 'ctrl-home' and 'ctrl-end' to scroll the main window area
- If no objects are selected, 'alt-enter' will open the page-properties
- Added the possibility to copy individual events (instead of all)
- Carousel next/previous buttons vertical alignment in breakpoints
- CSS gradients now use the latest syntax. Dropped browser prefixes
- Toolbar/Ribbon icons are now scaled on high DPI screens
- Icons of external files in Site Manager and 'Select Page' are managed more efficiently (lower memory usage)

New feature:
- Added 'background-size' property to animations and transitions
- Added 'none' option to the Layout Grid overflow properties. This will disable responsive columns, so column widths will be the same in all breakpoints (just like in WWB11)
- Added support for 64bit extensions (64bit version only)! Most extensions have been ported to 64bit


WYSIWYG Web Builder 12.4

Fixed:
- FlexBox Container max-width issue in breakpoints
- Nested layout grids inherit column properties from parent grid
- Missing div-prefix when using object anchors in links
- Issue with text links (64bit version only)

Improved:
- Now includes jquery-3.3.1
- Breakpoint copy now includes text breakpoint data
- 'onformchange' and 'onforminput' events of the Form object have been renamed to 'onchange' and 'oninput'
- Panel Layer size is now responsive in breakpoints
- Sticky Layer supports negative offsets
- File Upload and Radio Button validation
- Form validation no longer validates disabled and hidden input fields
- Added the possibility to edit text while in zoom mode (experimental, may be subject to MS RichEdit limitations)
- Navigation objects on master pages are now synchronized for each page individually
- Implemented a workaround for Windows 10 Fall Creators Update 2017 "GetPixel-bug" which causes toolbars/ribbon to load slow

New feature:
- Added 'Custom form processing' to layers and layout grids (when built-in form processor is enabled)
- Added support for WOFF2 format in 'Manually specify @font-face fonts' (Tools->Options->HTML)


WYSIWYG Web Builder 12.3.1

Fixed:
- Error in combobox conditions with multiple values
- jQuery Slider has wrong height in breakpoints

Improved:
- Added support for font-weight 'Black' to Google Fonts
- FireFox does not allow spaces in the preview path
- Added support for auto detecting 64bit browsers
- Layer Menu slide animations in breakpoints


WYSIWYG Web Builder 12.3

Fixed:
- Inline frame lightbox image is not responsive.
- 'Responsive Carousel' property is not visible for 'Full Page' mode.
- Bulleted list may cause crash when hidden in default view.

Improved:
- Page background CSS is now included for all breakpoints for better results with 'Include min width'.
- Padding and margin of FlexBox container are now responsive.
- Re-arranging flexbox containers is now easier with the Arrange tools. Move forward/Move back will skip non-floating objects in the z-order.
- Added flex grow/shrink support for images in Flex Container.
- Generating new IDs now also takes master pages/frames into account. New IDs will not be a duplicate of an object on the master page/frame.
- The software will now try to fix duplicated IDs automatically (when possible). Note: Automatically check for duplicated IDs should be enabled in Tools->Options->General

New feature:
- jQuery Tab and jQuery Accordion panels can now be moved, renamed, deleted randomly. Previously only the last panel(s) could be removed.
- Added 'Move Up' and Move Down' options to Carousel properties to re-arrange the slides. Also Carousel slides can now be deleted randomly.


WYSIWYG Web Builder 12.2.3

Fixed:
- Offset in SlideShow/Carousel when used in master frame with breakpoints
- jQuery Dialog/Tabs offset in breakpoints
- Child objects in tables are now taken into account when inserting, removing, merging and sorting rows/columns

Improved:
- Picture positioning in layer/carousel
- SlideShow full sceen resizing
- Added support for 'Inside tag' in Text object when used in layout grid
- Links to external services (google fonts, youtube, vimeo) now use 'https' by default


WYSIWYG Web Builder 12.2.2

Іmрrоvеd:
- Іmрlеmеntеd ѕuрроrt fоr hіddеn tехt іn Flех Соntаіnеr
- Сарtсhа оbјесt саn nоw аlѕо bе uѕеd іn а Маѕtеr Раgе
- Аѕѕеt Маnаgеr іgnоrеѕ еmрtу fіlеnаmе рrореrtіеѕ
- Рhоtо Gаllеrу dоеѕ nоt сору lіnkеd fіlеѕ


WYSIWYG Web Builder 12.2.1
- Fixed: Crash when using arrange tools
- Fixed: Crash when using bullets in layout grid with breakpoints
- Improved: Multi-level containers like tabs, accordion, carousel now also display child elements in the correct order in the Object Manager


WYSIWYG Web Builder 12.2
- Fixed: Photo Gallery image preview issue in properties
- Fixed: Table cells do not support text-align: justify
- Fixed: Duplicated font-weight in styles using Google fonts
- Fixed: Article does not save background image
- Fixed: Heading does not save border
- Fixed: Incorrect margin in responsive bullets
- Fixed: File Upload width issue in breakpoints
- Improved: Layers with video background can now also have a different background in breakpoints
- Improved: 'Snap to objects' behavior with nested layers
- Improved: Rollover layer now also works in a master frame
- Improved: Fixed background images are now also rendered fixed in the workspace
- Improved: 'Import Page from another project' attempts to preserve internal links when multiple pages are imported
- Improved: og:url (Open Graph Meta Tags) can now include the page name in the URL
- New feature: Added new responsive functions to extension API: LoadBreakpointData, GetBreakPointCSS. This will be used for future versions of (official) extensions.
- New feature: Added new option to Breadcrumb 'Synchronize with Site manager' -> 'First level (no folders)'. When this option is selected, then folders will not be included in the navigation.
- New feature: Added 'Icon Font Library' option to Breadcrumb, Panel Menu and Responsive Menu. This specifies whether to use FontAwesome Icons or Material Icons.
- New feature: Added experimental SVG render support
- New feature: Added 'equal to (choice)' and 'not equal to (choice)' options to Combobox conditions. This creates unique conditions for the specifies values.
- New feature: Added 'Install Extension' option in the context menu of the Toolbox.
- New feature: Added support for separate title and alt text in the Photo Gallery and Photo Collage. Example: Use 'title^alt' in the title field. The second item (after ^) will be used as the alt text.
- New feature: Added 'goto' support to the SlideShow which can be used in events (just like the Carousel). Example: $('#SlideShow1').slideshow('goto,2');
- New feature: Added "Copy/Paste' buttons in navigation objects. This makes it possible to copy the links from one navigation object to another.
- New feature: Added global lightbox support. This adds the ability to have images on different parts of the page to trigger the same lightbox gallery (see tutorial).
- New feature: Added 'Enable form' to the Carousel. This makes it possible to use the Carousel as a multi page form (see tutorial).


WYSIWYG Web Builder 12.1.2 (August 10th, 2017)
- Improved: Implemented support for hidden text in Flex Container
- Improved: Captcha object can now also be used in a Master Page
- Improved: Asset Manager ignores empty filename properties
- Fixed: Photo Gallery does not copy linked files


WYSIWYG Web Builder 12.1.1
- Improved: Carousel should not display background overlay option
- Improved: Bulleted list height calculation in layout grids
- Improved: Added 'transparent' option to text shadow property in jQuery Mobile Themes. This makes it possible to disable the text shadow for text.
- Fixed: Bulleted list should not be a drop container
- Fixed: Open Graph Meta Tag og:url is missing
- Fixed: 'Rotate' button is hidden


WYSIWYG Web Builder 12.1.0
- Fixed: Issue with Fade animation in Photo Collage
- Fixed: Background overlay in floating layer needs z-index
- Improved: padding and margin of the Text object is now responsive
- Improved: Added 'Font Awesome' and 'Material Icon' to mobile page toolbox
- Improved: Added 'Select above/below/left/right' to main menu. This also makes it possible to assign keyboard shortcuts to these commands.
- Improved: HTML object adds asterisk to 'Resources' button if not empty
- Improved: Implemented a workaround for issues with text links and the Windows 10 Creators Update
- Improved: Now includes jquery-3.2.
- New feature: Added 'Include locked objects in lasso selection' option to Guide Settings. This specifies whether to include locked objects should be included in lasso selection.
- New feature: Added 'Remove from Layer' command to Object Manager context menu.
- New feature: Added support for export to Quick 'n Easy Web Builder 5.x format.
- New feature: Added 'Alignment' option to overflow settings in Layout Grid, this allows you to control the horizontal alignment of overflow columns.
- New feature: Added 'Rotate' option to Photo Gallery, Photo Collage and SlideShow properties. This makes it possible to quickly rotate an image without leaving the appplcation.
- New feature: Added 'Tables styles' menu to menubar (in addition to the to Ribbon gallery)
- New feature: Added 'Place Holder' property to jQuery Auto Complete.
- New feature: The Photo Collage properties now displays the number of images used by each layout.
- New feature: When using 'Convert to form' for Login forms which are inside a layout grid, the child elements will be converted to floating elements. The layout grid will be used as the form container.
- New feature: Added the possibility to have multiple heading styles in the Style Manager. To create a new heading style simply copy an existing heading and give it a valid (class) name.
- New feature: Added 'Remove Built-width logo' to the Tools menu, so you can easily remove the logo from all pages in the project.
- New feature: Added 'Open master page' option to the context menu of Master Objects to quickly open the embedded page.
- New feature: Added 'Direction' option to 'Bulleted list'. This specifies the place of the bullets: left or right side. This may be useful for RTL languages.
- New feature: Added toolbar to Blocks Manager with commands 'Delete',' Refresh' and 'Open File Location'
- New feature: Added a search option to the Blocks Manager. This makes is possible to filter items in the Block Manager to quickly locate a specific Block.


WYSIWYG Web Builder 12.0.5
- Fixed: Lines which are part of a Page Footer but not within the viewport do affect the page size
- Fixed: Removed redundant data-ride attribute from SlideShow->Carousel
- Fixed: Crash when adding box shadow to FontAwesome Icon
- Fixed: Text object: Closing anchor tag should be before the end of heading tag
- Fixed: Crash when using undo with SVG extension
- New feature: Added new 'Full Width' options for third party extensions: "width: 100%, height: auto" and "width: 100%, height: fixed" (note that these only apply to 'use div' extensions!)


WYSIWYG Web Builder 12.0.4
- Fixed: Heading text-alignment in layout grid
- Fixed: Problem with stretching CSS menu in breakpoints
- Fixed: Checkbox and radio button helper element has offset
- Fixed: Responsive Menu ignores font setting in mobile mode


WYSIWYG Web Builder 12.0.3
- Fixed: Font size of jQuery Button in Layout Grid
- Fixed: The child elements of a Rollover Layer should not include visibility in breakpoints
- Fixed: Missing child elements in tables when used in combination with a master frame
- Fixed: CSS of Material Icons is not compatible with CSS beautifier
- Fixed: Crash when editing text with minimized Ribbon
- Fixed: Object Manager ignores object order in Layout Grids
- Fixed: Problem with Animation Pause/Resume in Events


WYSIWYG Web Builder 12.0.2
- Fixed: Incorrect text alignment in breakpoint in some upgraded projects
- Fixed: Panel menu not compatible with jQuery 3
- Fixed: Background images of rollover layer not included in templates/blocks
- Fixed: Skinned font picker dialog refresh issue
- Fixed: Background overlay color in Layout grid not supported
- Fixed: Problem with delayed text height calculation in Carousel
- Fixed: 'Doubtful size error' for Rollover Images in Layout grid
- Fixed: Internal link not possible in Events
- Fixed: Crash when applying Site Properties
- Fixed: Icon selection in Responsive menu
- Fixed: Redirect in Page Properties to internal link displays wrong link type
- Fixed: Master page updates page width when breakpoints views are not in sync
- Fixed: Invalid Error Report message for tables
- Fixed: Auto Responder input field cannot be changed in layout grid form
- Improved: Extensions which use live rendering are now loaded more efficiently. The HTML rendering engine will only be initialized when the page is open/visible. This reduces the memory usage in larger projects.


WYSIWYG Web Builder 12.0.1
- Fixed: Error in PHP form script: missing ')'
- Fixed: Issue with fade events when target is the object itself
- Fixed: Issue with Global Replace
- Fixed: 'Use jQuery UI theme' in Date Picker should be 'true' for existing project
- Fixed: Open Graph image needs absolute path
- Fixed: Crash when publishing non-visible CMS View
- Fixed: Missing ReplaceVariables function in form processor
- Fixed: Missing Material Icon code in external global style sheet
- Fixed: Blocks Manager not initialized in Menu/Toolbar mode
- Reversed: max-width is applied to Layout grid container instead of the content, just like in WB11


WYSIWYG Web Builder 12.0.0
General:
- Improved: Using 'Center in page' on objects inside a layer/form will center the object inside its container
- Improved: The preview folder (in Tools->Options->Files & Folders) is now project specific, so you can configure a different folder for each project
- Improved: Drag selection in the workspace no longer includes lock objects Note that you can stil select locked objects with click or select all
- New feature: Added 'Center in page -> Both', to quickly center one or multiple objects in the center of the page
- New feature: Added 'Make width same as page width', to quickly make the width of an object the same as the page width This can be useful for full width layers/carousels etc
- New feature: Added link to Twitter page in the help menu
- New feature: Added 'Office 2016 - Black' color scheme
- New feature: Implemented Office 2016-like Ribbon commands search ("Tell Me") When the user types a part of command text in the box, a list of matching commands is displayed on the Main Panel
- New feature: All built-in dialogs now use the selected color scheme (like in MS Office apps) A new option has been added to enbale/disable this functionality: Tools->Options->Uswer Interface->Enable skinned dialogs
- New feature: Added the ability to edit ruler guides in 'Format Ruler Guides' dialog
- New feature: Added 'Reset settings' to Options This will restore the default settings
- New feature: Added 'Display all objects in Links->Bookmark' option When this option is enabled then the Bookmark dropdown menu in Links will display all objects (instead of just bookmarks and layers) This basically makes it possible to turn any object into a bookmark!
- New feature: Added 'Easy Mode' This options may be useful for new users who are overwhelmed by all the advanced features of WWB When this option is enabled then advanced features (like events, animations, cms, login tools) will be hidden in the toolbox, ribbon and properties Easy Mode can easily be toggled to make the options available again
- New feature: Added 'Keyboard shortcuts' to the help menu This option displays the current key assignments by category It is also possible to copy or print the commands
- New feature: Added 'Help' button to property windows to open context sensitive help
- New feature: Added 'Include partially selected objects in lasso selection' to Guide settings This option specifies whether partially selected objects will be included in lasso (net) selection If this option is disabled, then the entire object needs to be inside the lasso to be selected

Blocks:
- New feature: Version 12 introduces the "Blocks' toolbox Blocks are building blocks trhat make it possible to quickly creates a website by dragging predefined blocks to the workspace Blocks are basically just groups of standard WWB objects so once dragged to the page you can fully customize the behavior and apprance of the content
- WWB includes a dozen of standard blocks to help you get started, but you can also create your own blocks (by saving a group of objects as 'Block'), so you can reuse them in other pages or projects

Open Graph Meta Tags:
- New feature: Added support for Open Graph Meta Tags in Page Properties->Meta tags These settings make it easy to add Open Graph meta tags to a page to enable it to be come a "rich" social object For instance, Facebook uses this information to work out how to preview shared content in a user's Facebook profile
- The following properties are supported: og:url, og:title, og::description, og::image and og::type

PNG/JPEG compression:
- New feature: Added PNG/JPEG compression for dynamically generated images (shapes, drawing tools, images with filters etc) This makes it possible to optimize images for quality or performance (larger images look better but take more time to download and process) Support 10 levels

Asset Manager:
- New feature: Added the posibility to move orphan files to another folder (instead of just removing the files)

Object Manager:
- Improved: Multiple objects can be selected (using the CTRL key)
- New feature: Added 'Hide in other breakpoints' option Use this option to hide the selected object in other breakpoints (but not in the current view)
- New feature: Added 'Unhide in all breakpoints' option Use this option to unhide the selected object in all breakpoints (including the current view)

Publish:
- Improved: Added a warning message when you try to publish a page that is set to "Don't publish this page"
- New feature: Added "Publish' option to context menu in Site Manager, so you can quickly publish the selected page
- New feature: Added ‘Make a backup of the project on the server' option to the publish dialog This can be used to override the global setting for the current session

Error Reports:
- New feature: Error Reports displays a warning when the page name is the same as the project name because this may cause a conflict with style sheets
- New feature: Error Reports detects missing fonts If an object uses a font which not installed then an error message will be displayed
- New feature: Error Reports detects missing extensions If the page uses an extension which is not installed, then an error message will be displayed
- New feature: Added the posibility to hide warnings for specific objects via the context menu Also an option 'Show hidden warnings' have been added to restore the warnings
- New feature: The 'Error Reports' window can now be docked, floating or set to autohide so it can be made visible all the time When visible, the error list automatically refreshes when you switch between pages Double click an item in the list to select the object in the workspace

Global Replace:
- Improved: Replacing URLs now includes support for tel, email, facetime, sms and skype links

HTML:
- Improved: Made beautify/minify options ASP compatible
- New feature: Added 'CSS in media query' option This make it possible to add breakpoint specific CSS styles This can be useful if you need different styles in breakpoints

Multi-Page Properties:
- New feature: Added Multi-Page Properties tool to modify selected properties for multiple (selectable) pages at once This makes it possible for example to quickly change the master page for a group of pages But also background properties, meta tags, page extension etc Only the modified value(s) will be applied to all selected pages

Toolbox:
- New feature: Added 'Uninstall Extension' to context menu to quickly remove an extension without opening the Extension Manager

HTML/CSS:
- New feature: Added the ability to use semantic HTML5 tags Tools->Options->HTML->Use HTML5 Semantic Tags When this option is enabled WWB will automatically output semantic HTML5 tags instead of divs For example page header page footer , navigation
- New feature: Added 'Move external CSS style sheets to the end of the page' This is often recommended by Google PageSpeed Insights to improve the performance of the page Please read the help for more details! Note however that this also may affect the way to page is rendered beucase styles are loaded after the contnet has been load, resulting in flicker Also some scripot may bnot support this becuase they exccpet style to be between the head tags
- New feature: Added 'CSS visibility property' (visibility vs display) HTML/CSS options This option controls the way objects are hidden When using 'visibility:hidden' hidden objects will not be visible but they still affect the layout (just like in previous versions of WWB) On the other hand 'display:none' removes the object from the layout so it no longer affects the size of the page This can be useful when hiding objects that are not inside the page boundaries in breakpoints
- Flash Video Player has been renamed to WWB Video Player The player no longer supports Flash, it is now pure HTML5/CSS3 The reason is that movile brwoser do not supprot flash and most browsers consider Flash as being unsafe

Text:
- Improved: When using "enable response fonts" the text alignment is now also responsive, so you can have different alignments in breakpoints
- New feature: Text styles now display style gallery with preview
- New feature: Add 'Create a style' option Create a style based on the formatting of the selected text
- New feature: Added support for native Windows spell checker With 'spell as you type', 'Checking spelling' dialog (F7) and context menu suggestions Supports all language dictionaries you have installed in Windows Requires Windows 8, 81 or 10!

Links:
- New feature: Added 'Reverse' option to hyperlink styles When this option is enabled the transition will be reversed (underline will be initially visible and hidden on hover)

jQuery:
- New feature: Added support for jQuery 3 This version promises to be slimmer and faster

jQuery UI:
- Improved: Upgraded to the latest version All jQuery UI scripts are combined in one file (jquery-uiminjs instead of jqueryuiwidgetminjs, jqueryuiaccordionminjs, jqueryuieffectminjs etc) This reduces the number of generated files which may help speed up loading of your pages
- All internal scripts have been updated If you have created custom theme you will need to upgrade them to make sure they work with the new version
- New feature: A new jQuery UI theme ‘base’ has been added
- New feature: Added the ability to customize colors of the jQuery UI widgets independently of the jQuery UI theme

Carousel:
- New feature: Added 'News Paper' and 'Flip Horizontal/Vertical' animations
- New feature: Added 'CSS3 animation' option Select animations created with the Animation Manager A different animation can be selected for 'show' and 'hide' to create sophisticated animation effects
- New feature: Added 'Full Page' support An easy way to create fullscreen scrolling websites (also known as single page websites or onepage sites) This option uses the great 'fullPagejs' jQuery plugin

Tabs:
- New feature: Tabs can now be part of a layout grid!
- New feature: Added the ability to align the navigation tabs in the header
- New feature: Added support for Bootstrap tabs
- New feature: Added floating mode to Tabs When this option is enabled objects inside the tabs float instead of having a fixed position This is recommended for flexible layouts with layout grids

Accordion:
- New feature: Accordions can now be part of a layout grid!
- New feature: Added support for Bootstrap Accordion
- New feature: Added floating mode to Accordion When this option is enabled objects inside the panels float instead of having a fixed position This is recommended for flexible layouts with layout grids

jQuery Dialog:
- Improved: The jQuery Dialog can now have sizes and different layouts in breakpoints

Layer:
- Improved: margins of floating layers are now responsive, so they can have different values in breakpoints
- New feature: Added ‘Position children’ option By default, child elements of the layer use absolute positions so you can place them anywhere you want By using 'floating' mode the objects inside the layer will float instead of having a fixed position This can be useful when using floating layers which are set to 'Relative horizontal sizing' to create fluid layouts
- New feature: Added ‘100vh’ to floating mode options This will set the height of the layer to 100% of the viewport This can be useful to create floating layers with a relative horizontal size For example, to create full height columns
- New feature: Added background overlay option This uses the specified background color (and alpha value) to add and an overlay to the background image
- New feature: Added the ability to use a video as background Supported are Youtube and Vimeo URLs This is especially useful for full width/full screen layers
- New feature: Added option to select semantic HTML5 tag instead of generic

更新時間：2018-04-29
更新細節：

更新時間：2018-04-29
更新細節：

更新時間：2018-04-27
更新細節：

What's new in this version:

Google Chrome 66.0.3359.139 (32-bit)
- Change log not available for this version


Google Chrome 66.0.3359.117 (32-bit)

Site Isolation Trial:
- Chrome 66 will include a small percentage trial of Site Isolation, to prepare for a broader upcoming launch. Site Isolation improves Chrome's security and helps mitigate the risks posed by Spectre
- To diagnose whether an issue is caused by Site Isolation, use chrome://flags#site-isolation-trial-opt-out as described here. Please report any trial-specific issues to help us fix them before Site Isolation is launched more broadly

Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed
- Chrome 66 will not trust website certificates issued by Symantec's legacy PKI before June 1st 2016, continuing the phased distrust outlined in our previous announcements
- This update includes 62 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information
- Critical CVE-2018-6085: Use after free in Disk Cache
- Critical CVE-2018-6086: Use after free in Disk Cache
- High CVE-2018-6087: Use after free in WebAssembly
- High CVE-2018-6088: Use after free in PDFium
- High CVE-2018-6089: Same origin policy bypass in Service Worker
- High CVE-2018-6090: Heap buffer overflow in Skia
- High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
- High CVE-2018-6092: Integer overflow in WebAssembly
- Medium CVE-2018-6093: Same origin bypass in Service Worker
- Medium CVE-2018-6094: Exploit hardening regression in Oilpan
- Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
- Medium CVE-2018-6096: Fullscreen UI spoof
- Medium CVE-2018-6097: Fullscreen UI spoof
- Medium CVE-2018-6098: URL spoof in Omnibox
- Medium CVE-2018-6099: CORS bypass in ServiceWorker
- Medium CVE-2018-6100: URL spoof in Omnibox
- Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools
- Medium CVE-2018-6102: URL spoof in Omnibox
- Medium CVE-2018-6103: UI spoof in Permissions
- Medium CVE-2018-6104: URL spoof in Omnibox
- Medium CVE-2018-6105: URL spoof in Omnibox
- Medium CVE-2018-6106: Incorrect handling of promises in V8
- Medium CVE-2018-6107: URL spoof in Omnibox
- Medium CVE-2018-6108: URL spoof in Omnibox
- Low CVE-2018-6109: Incorrect handling of files by FileAPI
- Low CVE-2018-6110: Incorrect handling of plaintext files via file://
- Low CVE-2018-6111: Heap-use-after-free in DevTools
- Low CVE-2018-6112: Incorrect URL handling in DevTools
- Low CVE-2018-6113: URL spoof in Navigation
- Low CVE-2018-6114: CSP bypass
- Low CVE-2018-6115: SmartScreen bypass in downloads
- Low CVE-2018-6116: Incorrect low memory handling in WebAssembly
- Low CVE-2018-6117: Confusing autofill settings
- Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL


Google Chrome 65.0.3325.181 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 65.0.3325.162 (32-bit)

- 3c9ddcc Publish DEPS for Chromium 65.0.3325.162
- 5d04e9e Incrementing VERSION to 65.0.3325.162
- bf9a718 Fix print job early termination during PDF conversion (M65)
- 0294d59 Clear the download item's target on dealloc.
- fc27079 [M-65] Remove libusb-Windows support for HID devices
- 0f531d1 Incrementing VERSION to 65.0.3325.161
- 502a044 Bail out if there are no stored encryption keys.
- db52a65 Incrementing VERSION to 65.0.3325.160
- a49a99e Incrementing VERSION to 65.0.3325.159
- 98307bfc Incrementing VERSION to 65.0.3325.158
- 03cc863 Incrementing VERSION to 65.0.3325.157
- e939f26 Incrementing VERSION to 65.0.3325.156
- fcbd411 Incrementing VERSION to 65.0.3325.155
- cb9332d [Merge to M65] Fix XFCE frame buttons rendering too large on GTK < 3.20
- dbe7058 Incrementing VERSION to 65.0.3325.154
- e9e37b0 Incrementing VERSION to 65.0.3325.153
- 62c9c15 Incrementing VERSION to 65.0.3325.152
- a0ead6a Fix decidePolicyForNavigationResponse crash for iframes downloads.
- 27ad4eb Logs First Run Sentinel creation failures with FirstRun.SignIn histogram
- 1e3ea2b Incrementing VERSION to 65.0.3325.151
- a6df90f Incrementing VERSION to 65.0.3325.150
- ed7c8bf Devtools: Fix clipping with device emulation.
- 20436a2 Incrementing VERSION to 65.0.3325.149
- d828201 Incrementing VERSION to 65.0.3325.148
- cd60292 Chrome OS OOBE: Change illustration when switching to tablet mode
- f99b7dd android: Fix sensors in device service
- f607cb3 Incrementing VERSION to 65.0.3325.147


Google Chrome 65.0.3325.146 (32-bit)

Security Fixes:
- High CVE-2018-6058: Use after free in Flash
- High CVE-2018-6059: Use after free in Flash
- High CVE-2018-6060: Use after free in Blink
- High CVE-2018-6061: Race condition in V8
- High CVE-2018-6062: Heap buffer overflow in Skia
- High CVE-2018-6057: Incorrect permissions on shared memory
- High CVE-2018-6063: Incorrect permissions on shared memory
- High CVE-2018-6064: Type confusion in V8
- High CVE-2018-6065: Integer overflow in V8
- Medium CVE-2018-6066: Same Origin Bypass via canvas
- Medium CVE-2018-6067: Buffer overflow in Skia
- Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- Medium CVE-2018-6069: Stack buffer overflow in Skia
- Medium CVE-2018-6070: CSP bypass through extensions
- Medium CVE-2018-6071: Heap bufffer overflow in Skia
- Medium CVE-2018-6072: Integer overflow in PDFium
- Medium CVE-2018-6073: Heap bufffer overflow in WebGL
- Medium CVE-2018-6074: Mark-of-the-Web bypass
- Medium CVE-2018-6075: Overly permissive cross origin downloads
- Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- Medium CVE-2018-6077: Timing attack using SVG filters
- Medium CVE-2018-6078: URL Spoof in OmniBox
- Medium CVE-2018-6079: Information disclosure via texture data in WebGL
- Medium CVE-2018-6080: Information disclosure in IPC call
- Low CVE-2018-6081: XSS in interstitials
- Low CVE-2018-6082: Circumvention of port blocking
- Low CVE-2018-6083: Incorrect processing of AppManifests
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version


Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26


Google Chrome 64.0.3282.140 (32-bit)

Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed

This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 64.0.3282.119 (32-bit)

Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109


Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot


Google Chrome 62.0.3202.89 (32-bit)

Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8


Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8


Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL


Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04


Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version


Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102


Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version


Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot


Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version


Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot


Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version


Google Chrome 59.0.3071.104 (32-bit)

Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer


Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.

Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba

Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC

Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8

Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null

Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version

Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative

Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version

Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version

Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version

Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version

Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version

Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP

Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version

Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).

Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version

Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.

Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.

Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version

Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."

Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.

Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.

Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).

Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.

Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)

Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome

Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version

Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.

Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)

Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267

Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing

Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version

Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)

Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer

Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).

Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version

Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8

Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)

Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version

Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink

Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance

Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue

Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported

Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards

Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160

Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print

Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch

Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).

Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance

Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.

Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version

Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version

Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes

Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version

Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals

Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message

Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.

Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version

Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes

Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance

Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version

Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings

Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS

Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower

Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version

Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).

Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media

Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes

Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing

Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214

Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode

更新時間：2018-03-21
更新細節：

What's new in this version:

Google Chrome 65.0.3325.181 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 65.0.3325.162 (32-bit)

- 3c9ddcc Publish DEPS for Chromium 65.0.3325.162
- 5d04e9e Incrementing VERSION to 65.0.3325.162
- bf9a718 Fix print job early termination during PDF conversion (M65)
- 0294d59 Clear the download item's target on dealloc.
- fc27079 [M-65] Remove libusb-Windows support for HID devices
- 0f531d1 Incrementing VERSION to 65.0.3325.161
- 502a044 Bail out if there are no stored encryption keys.
- db52a65 Incrementing VERSION to 65.0.3325.160
- a49a99e Incrementing VERSION to 65.0.3325.159
- 98307bfc Incrementing VERSION to 65.0.3325.158
- 03cc863 Incrementing VERSION to 65.0.3325.157
- e939f26 Incrementing VERSION to 65.0.3325.156
- fcbd411 Incrementing VERSION to 65.0.3325.155
- cb9332d [Merge to M65] Fix XFCE frame buttons rendering too large on GTK < 3.20
- dbe7058 Incrementing VERSION to 65.0.3325.154
- e9e37b0 Incrementing VERSION to 65.0.3325.153
- 62c9c15 Incrementing VERSION to 65.0.3325.152
- a0ead6a Fix decidePolicyForNavigationResponse crash for iframes downloads.
- 27ad4eb Logs First Run Sentinel creation failures with FirstRun.SignIn histogram
- 1e3ea2b Incrementing VERSION to 65.0.3325.151
- a6df90f Incrementing VERSION to 65.0.3325.150
- ed7c8bf Devtools: Fix clipping with device emulation.
- 20436a2 Incrementing VERSION to 65.0.3325.149
- d828201 Incrementing VERSION to 65.0.3325.148
- cd60292 Chrome OS OOBE: Change illustration when switching to tablet mode
- f99b7dd android: Fix sensors in device service
- f607cb3 Incrementing VERSION to 65.0.3325.147


Google Chrome 65.0.3325.146 (32-bit)

Security Fixes:
- High CVE-2018-6058: Use after free in Flash
- High CVE-2018-6059: Use after free in Flash
- High CVE-2018-6060: Use after free in Blink
- High CVE-2018-6061: Race condition in V8
- High CVE-2018-6062: Heap buffer overflow in Skia
- High CVE-2018-6057: Incorrect permissions on shared memory
- High CVE-2018-6063: Incorrect permissions on shared memory
- High CVE-2018-6064: Type confusion in V8
- High CVE-2018-6065: Integer overflow in V8
- Medium CVE-2018-6066: Same Origin Bypass via canvas
- Medium CVE-2018-6067: Buffer overflow in Skia
- Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- Medium CVE-2018-6069: Stack buffer overflow in Skia
- Medium CVE-2018-6070: CSP bypass through extensions
- Medium CVE-2018-6071: Heap bufffer overflow in Skia
- Medium CVE-2018-6072: Integer overflow in PDFium
- Medium CVE-2018-6073: Heap bufffer overflow in WebGL
- Medium CVE-2018-6074: Mark-of-the-Web bypass
- Medium CVE-2018-6075: Overly permissive cross origin downloads
- Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- Medium CVE-2018-6077: Timing attack using SVG filters
- Medium CVE-2018-6078: URL Spoof in OmniBox
- Medium CVE-2018-6079: Information disclosure via texture data in WebGL
- Medium CVE-2018-6080: Information disclosure in IPC call
- Low CVE-2018-6081: XSS in interstitials
- Low CVE-2018-6082: Circumvention of port blocking
- Low CVE-2018-6083: Incorrect processing of AppManifests
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version


Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26


Google Chrome 64.0.3282.140 (32-bit)

Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed

This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 64.0.3282.119 (32-bit)

Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109


Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot


Google Chrome 62.0.3202.89 (32-bit)

Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8


Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8


Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL


Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04


Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version


Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102


Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version


Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot


Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version


Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot


Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version


Google Chrome 59.0.3071.104 (32-bit)

Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer


Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.

Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba

Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC

Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8

Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null

Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version

Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative

Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version

Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version

Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version

Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version

Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version

Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP

Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version

Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).

Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version

Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.

Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.

Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version

Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."

Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.

Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.

Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).

Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.

Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)

Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome

Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version

Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.

Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)

Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267

Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing

Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version

Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)

Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer

Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).

Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version

Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8

Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)

Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version

Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink

Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance

Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue

Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported

Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards

Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160

Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print

Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch

Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).

Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance

Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.

Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version

Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version

Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes

Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version

Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals

Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message

Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.

Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version

Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes

Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance

Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version

Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings

Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS

Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower

Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version

Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).

Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media

Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes

Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing

Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214

Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance

Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue

Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18

Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10

Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers

Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version

Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes

Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes

Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7

Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues

Google Chrome 30.0.1599.69
- Tabs freeze up 
- Lag in some games/GPU issues with certain monitors

Google Chrome 30.0.1599.66
- Easier searching by image

更新時間：2018-03-13
更新細節：

What's new in this version:

Google Chrome 65.0.3325.162 (32-bit)

- 3c9ddcc Publish DEPS for Chromium 65.0.3325.162
- 5d04e9e Incrementing VERSION to 65.0.3325.162
- bf9a718 Fix print job early termination during PDF conversion (M65)
- 0294d59 Clear the download item's target on dealloc.
- fc27079 [M-65] Remove libusb-Windows support for HID devices
- 0f531d1 Incrementing VERSION to 65.0.3325.161
- 502a044 Bail out if there are no stored encryption keys.
- db52a65 Incrementing VERSION to 65.0.3325.160
- a49a99e Incrementing VERSION to 65.0.3325.159
- 98307bfc Incrementing VERSION to 65.0.3325.158
- 03cc863 Incrementing VERSION to 65.0.3325.157
- e939f26 Incrementing VERSION to 65.0.3325.156
- fcbd411 Incrementing VERSION to 65.0.3325.155
- cb9332d [Merge to M65] Fix XFCE frame buttons rendering too large on GTK < 3.20
- dbe7058 Incrementing VERSION to 65.0.3325.154
- e9e37b0 Incrementing VERSION to 65.0.3325.153
- 62c9c15 Incrementing VERSION to 65.0.3325.152
- a0ead6a Fix decidePolicyForNavigationResponse crash for iframes downloads.
- 27ad4eb Logs First Run Sentinel creation failures with FirstRun.SignIn histogram
- 1e3ea2b Incrementing VERSION to 65.0.3325.151
- a6df90f Incrementing VERSION to 65.0.3325.150
- ed7c8bf Devtools: Fix clipping with device emulation.
- 20436a2 Incrementing VERSION to 65.0.3325.149
- d828201 Incrementing VERSION to 65.0.3325.148
- cd60292 Chrome OS OOBE: Change illustration when switching to tablet mode
- f99b7dd android: Fix sensors in device service
- f607cb3 Incrementing VERSION to 65.0.3325.147


Google Chrome 65.0.3325.146 (32-bit)

Security Fixes:
- High CVE-2018-6058: Use after free in Flash
- High CVE-2018-6059: Use after free in Flash
- High CVE-2018-6060: Use after free in Blink
- High CVE-2018-6061: Race condition in V8
- High CVE-2018-6062: Heap buffer overflow in Skia
- High CVE-2018-6057: Incorrect permissions on shared memory
- High CVE-2018-6063: Incorrect permissions on shared memory
- High CVE-2018-6064: Type confusion in V8
- High CVE-2018-6065: Integer overflow in V8
- Medium CVE-2018-6066: Same Origin Bypass via canvas
- Medium CVE-2018-6067: Buffer overflow in Skia
- Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab
- Medium CVE-2018-6069: Stack buffer overflow in Skia
- Medium CVE-2018-6070: CSP bypass through extensions
- Medium CVE-2018-6071: Heap bufffer overflow in Skia
- Medium CVE-2018-6072: Integer overflow in PDFium
- Medium CVE-2018-6073: Heap bufffer overflow in WebGL
- Medium CVE-2018-6074: Mark-of-the-Web bypass
- Medium CVE-2018-6075: Overly permissive cross origin downloads
- Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink
- Medium CVE-2018-6077: Timing attack using SVG filters
- Medium CVE-2018-6078: URL Spoof in OmniBox
- Medium CVE-2018-6079: Information disclosure via texture data in WebGL
- Medium CVE-2018-6080: Information disclosure in IPC call
- Low CVE-2018-6081: XSS in interstitials
- Low CVE-2018-6082: Circumvention of port blocking
- Low CVE-2018-6083: Incorrect processing of AppManifests
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 64.0.3282.186 (32-bit)
- Change log not available for this version


Google Chrome 64.0.3282.167 (32-bit)
- Security fix: High CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt of Google Project Zero on 2018-01-26


Google Chrome 64.0.3282.140 (32-bit)

Security Fixes and Rewards:
- Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed

This update includes 1 security fix found by our ongoing internal security work:
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 64.0.3282.119 (32-bit)

Security Fixes:
- High CVE-2018-6031: Use after free in PDFium
- High CVE-2018-6032: Same origin bypass in Shared Worker
- High CVE-2018-6033: Race when opening downloaded files
- Medium CVE-2018-6034: Integer overflow in Blink
- Medium CVE-2018-6035: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6036: Integer underflow in WebAssembly
- Medium CVE-2018-6037: Insufficient user gesture requirements in autofill
- Medium CVE-2018-6038: Heap buffer overflow in WebGL
- Medium CVE-2018-6039: XSS in DevTools
- Medium CVE-2018-6040: Content security policy bypass
- Medium CVE-2018-6041: URL spoof in Navigation
- Medium CVE-2018-6042: URL spoof in OmniBox
- Medium CVE-2018-6043: Insufficient escaping with external URL handlers
- Medium CVE-2018-6045: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6046: Insufficient isolation of devtools from extensions
- Medium CVE-2018-6047: Cross origin URL leak in WebGL
- Low CVE-2018-6048: Referrer policy bypass in Blink
- Low CVE-2017-15420: URL spoofing in Omnibox
- Low CVE-2018-6049: UI spoof in Permissions
- Low CVE-2018-6050: URL spoof in OmniBox
- Low CVE-2018-6051: Referrer leak in XSS Auditor
- Low CVE-2018-6052: Incomplete no-referrer policy implementation
- Low CVE-2018-6053: Leak of page thumbnails in New Tab Page
- Low CVE-2018-6054: Use after free in WebUI
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 63.0.3239.132 (32-bit)
- Publish DEPS for Chromium 63.0.3239.132
- Incrementing VERSION to 63.0.3239.132
- Fix rlz disabling breakage on CrOS
- DevTools: do not report raw headers and cookies for protected subresources
- Incrementing VERSION to 63.0.3239.131
- Incrementing VERSION to 63.0.3239.130
- Incrementing VERSION to 63.0.3239.129
- Incrementing VERSION to 63.0.3239.128
- Incrementing VERSION to 63.0.3239.127
- Avoid crashing if |webview()->MainFrame()| is null
- Merge fix for leaving same-site iframes in opener or main frame process to M63
- Incrementing VERSION to 63.0.3239.126
- Incrementing VERSION to 63.0.3239.125
- Incrementing VERSION to 63.0.3239.124
- Incrementing VERSION to 63.0.3239.123
- Incrementing VERSION to 63.0.3239.122
- Incrementing VERSION to 63.0.3239.121
- Incrementing VERSION to 63.0.3239.120
- Incrementing VERSION to 63.0.3239.119
- Incrementing VERSION to 63.0.3239.118
- Incrementing VERSION to 63.0.3239.117
- Incrementing VERSION to 63.0.3239.116
- Incrementing VERSION to 63.0.3239.115
- [Merge to M63] Use X509Certificate printable_string_is_utf8 hack in more ChromeOS client cert code
- Incrementing VERSION to 63.0.3239.114
- Incrementing VERSION to 63.0.3239.113
- DCHECK fail related to canvas, select and ARIA row
- Incrementing VERSION to 63.0.3239.112
- Incrementing VERSION to 63.0.3239.111
- Revert "Disable "Convert Enter-in-omnibox to a reload" for webview."
- Incrementing VERSION to 63.0.3239.110
- Disable "Convert Enter-in-omnibox to a reload" for webview.
- Fix third party cookies not being sent in WebView iframes.
- Incrementing VERSION to 63.0.3239.109


Google Chrome 63.0.3239.108 (32-bit)
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 62.0.3202.94 (32-bit)
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot


Google Chrome 62.0.3202.89 (32-bit)

Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8


Google Chrome 62.0.3202.75 (32-bit)
Security Fixes:
- High CVE-2017-15396: Stack overflow in V8


Google Chrome 62.0.3202.62 (32-bit)
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL


Google Chrome 61.0.3163.100 (32-bit)
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04


Google Chrome 61.0.3163.91 (32-bit)
- Change log not available for this version


Google Chrome 61.0.3163.79 (32-bit)
This update includes 22 security fixes. Below, we highlight fixes that were contributed by external researchers:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- [762099] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 60.0.3112.113 (32-bit)
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102


Google Chrome 60.0.3112.101 (32-bit)
- Change log not available for this version


Google Chrome 60.0.3112.90 (32-bit)
- Publish DEPS for Chromium 60.0.3112.90 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.90 by chrome-release-bot
- Fix SpecialLocaleHandler to handle google correctly. by Ted Choc
- Fix bug in PaintOpBuffer folding alpha optimization by Adrienne Walker
- Incrementing VERSION to 60.0.3112.89 by chrome-release-bot
- Revert "Stability instrumentation Crashpad integration" by Scott Graham
- Incrementing VERSION to 60.0.3112.88 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.87 by chrome-release-bot
- Incrementing VERSION to 60.0.3112.86 by chrome-release-bot
- Fixing a compile error on M60 branch due to missing forward declaration by EhsanK
- Incrementing VERSION to 60.0.3112.85 by chrome-release-bot
- Fix a crash due to GetDocument().GetFrame() returning nullptr by EhsanK
- Roll src/third_party/freetype/src/ a12a34451..7819aeb62 (58 commits) by Ben Wagner
- [iOS] Adding underlying errors information when displaying an error by Jérôme Lebel
- [ios] Check that an active WebState exists before returning page titles. by Peter K. Lee
- Back property with weak ivar in GoogleLandingVC by Justin Cohen
- Incrementing VERSION to 60.0.3112.84 by chrome-release-bot
- Reland: Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- Incrementing VERSION to 60.0.3112.83 by chrome-release-bot
- Revert "Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused." by Alexandre Elias
- Incrementing VERSION to 60.0.3112.82 by chrome-release-bot
- [M60] Fix the merge for AutofillOfferLocalSaveIfServerCardManuallyEntered by Mathieu Perreault
- Reland OOBE display chooser commits + add Mash guard by Jacob Dufault
- Incrementing VERSION to 60.0.3112.81 by chrome-release-bot
- [Merge M60] Upstream should not be offered for masked cards when AutofillOfferLocalSaveIfServerCardManuallyEntered flag is off by Mathieu Perreault
- Incrementing VERSION to 60.0.3112.80 by chrome-release-bot
- Revert "window.open() should gate new tab/new popup based on toolbar visibility." by Daniel Cheng
- Fix WebViewImpl::SetZoomLevel to not be a no-op if a plugin is focused. by Daniel Cheng
- [merge to m60] Bad format at all_time_in_state by Qiang Xu
- [merge to m60] Make cpu_data_collector handle "N/A" by Qiang Xu
- Fixed webViewLoadingStateDidChange crash. by Eugene But
- Incrementing VERSION to 60.0.3112.79 by chrome-release-bot


Google Chrome 60.0.3112.78 (32-bit)
- Change log not available for this version


Google Chrome 59.0.3071.115 (32-bit)
- Publish DEPS for Chromium 59.0.3071.115 by chrome-release-bot
- Incrementing VERSION to 59.0.3071.115 by chrome-release-bot
- [Fork M59] android: Warmup after library load
- Revert cloud print service process type name to "service"
- Incrementing VERSION to 59.0.3071.114 by chrome-release-bot
- Use new sysfs entry to obtain available memory
- Incrementing VERSION to 59.0.3071.113 by chrome-release-bot
- Don't lock and save the orientation change made not through ScreenOrientationController
- ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
- Revert of ozone/drm: Only reuse ScanoutBuffers with compatible modifiers (patchset #4 id:60001 of https://codereview.chromium.org/2919533003/ )
- [Merge M59] Reduce AudioDeviceThread priority on Chrome OS.
- Incrementing VERSION to 59.0.3071.112 by chrome-release-bot
- CherryPick:Add new UMA to record image download issues
- Incrementing VERSION to 59.0.3071.111 by chrome-release-bot
- [M59] Block U+0620 on Mac from being shown in Unicode in IDN
- Incrementing VERSION to 59.0.3071.110 by chrome-release-bot


Google Chrome 59.0.3071.109 (32-bit)
- Change log not available for this version


Google Chrome 59.0.3071.104 (32-bit)

Security fixes:
- High CVE-2017-5087: Sandbox Escape in IndexedDB
- High CVE-2017-5088: Out of bounds read in V8
- Medium CVE-2017-5089: Domain spoofing in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 59.0.3071.86 (32-bit)
- Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 59
- This update includes 30 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

Security Fixes and Rewards:
- High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [$N/A][692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on
- We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel

As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, Control Flow Integrity, or libFuzzer


Google Chrome 58.0.3029.110 (32-bit)
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.

Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 ???? Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba

Google Chrome 58.0.3029.96 (32-bit)
- Race condition in WebRTC

Google Chrome 58.0.3029.81 (32-bit)
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 57.0.2987.133 (32-bit)
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8

Google Chrome 57.0.2987.110 (32-bit)
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null

Google Chrome 57.0.2987.98 (32-bit)
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 56.0.2924.87 (32-bit)
- Change log not available for this version

Google Chrome 56.0.2924.76 (32-bit)
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative

Google Chrome 55.0.2883.87 (32-bit)
- Change log not available for this version

Google Chrome 55.0.2883.75 (32-bit)
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.99 (32-bit)
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.87 (32-bit)
- Change log not available for this version

Google Chrome 54.0.2840.71 (32-bit)
- Change log not available for this version

Google Chrome 54.0.2840.59 (32-bit)
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.143 (32-bit)
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.116 (32-bit)
- Change log not available for this version

Google Chrome 53.0.2785.113 (32-bit)
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.101 (32-bit)
- Change log not available for this version

Google Chrome 53.0.2785.89 (32-bit)
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.116 (32-bit)
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.82 (32-bit)
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP

Google Chrome 51.0.2704.106 (32-bit)
- Change log not available for this version

Google Chrome 51.0.2704.103 (32-bit)
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).

Google Chrome 51.0.2704.84 (32-bit)
- Change log not available for this version

Google Chrome 51.0.2704.79 (32-bit)
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.

Google Chrome 51.0.2704.63 (32-bit)
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.102 (32-bit)
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.

Google Chrome 50.0.2661.94 (32-bit)
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.87 (32-bit)
- Change log not available for this version

Google Chrome 50.0.2661.86 (32-bit)
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."

Google Chrome 50.0.2661.75 (32-bit)
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 49.0.2623.112 (32-bit)
- Change log not available for this version.

Google Chrome 49.0.2623.110 (32-bit)
- Change log not available for this version.

Google Chrome 49.0.2623.108 (32-bit)
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).

Google Chrome 49.0.2623.87 (32-bit)
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.

Google Chrome 49.0.2623.75 (32-bit)
- Same-origin bypass in Blink
- Same-origin bypass in Pepper Plugin
- Bad cast in Extensions
- Use-after-free in Blink
- Use-after-free in Blink
- Use-after-free in Blink
- SRI Validation Bypass
- Out-of-bounds access in libpng
- Information Leak in Skia
- WebAPI Bypass
- Use-after-free in WebRTC
- Origin confusion in Extensions UI
- Use-after-free in Favicon
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26)

Google Chrome 48.0.2564.116 (32-bit)
- Same-origin bypass in Blink and Sandbox escape in Chrome

Google Chrome 48.0.2564.109 (32-bit)
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 48.0.2564.103 (32-bit)
- Change log not available for this version

Google Chrome 48.0.2564.97 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.286.

Google Chrome 48.0.2564.82 (32-bit)
- Bad cast in V8. Credit to cloudfuzzer
- Use-after-free in PDFium. Credit to anonymous
- Information leak in Blink. Credit to Christoph Diehl
- Origin confusion in Omnibox. Credit to Ron Masas
- URL Spoofing. Credit to Luan Herrera
- History sniffing with HSTS and CSP. Credit to jenuis
- Weak random number generator in Blink. Credit to Aaron Toponce
- Out-of-bounds read in PDFium. Credit to Keve Nagy
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17)

Google Chrome 47.0.2526.111 (32-bit)
- This release contains an update to Adobe Flash Player 20.0.0.267

Google Chrome 47.0.2526.106 (32-bit)
- Two security fixes from internal audits and fuzzing

Google Chrome 47.0.2526.80 (32-bit)
- Change log not available for this version

Google Chrome 47.0.2526.73 (32-bit)
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)

Google Chrome 46.0.2490.86 (32-bit)
- This release contains an update to Adobe Flash Player (19.0.0.245)
Security fixes:
- Information leak in PDF viewer

Google Chrome 46.0.2490.80 (32-bit)
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).

Google Chrome 46.0.2490.71 (32-bit)
- Change log not available for this version

Google Chrome 45.0.2454.101 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in V8

Google Chrome 45.0.2454.99 (32-bit)
- This release contains a critical update to Adobe Flash Player (19.0.0.185)

Google Chrome 45.0.2454.93 (32-bit)
- Change log not available for this version

Google Chrome 45.0.2454.85 (32-bit)
- Cross-origin bypass in DOM
- Cross-origin bypass in ServiceWorker
- Cross-origin bypass in DOM
- Use-after-free in Skia
- Use-after-free in Printing
- Character spoofing in omnibox
- Permission scoping error in WebRequest
- URL validation error in extensions
- Use-after-free in Blink
- Information leak in Blink

Google Chrome 44.0.2403.157 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.155 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.130 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.125 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.107 (32-bit)
- Change log not available for this version

Google Chrome 44.0.2403.89 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance

Google Chrome 43.0.2357.134 (32-bit)
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue

Google Chrome 43.0.2357.132 (32-bit)
- Fix use of ShellDispatch.NameSpace
- Pin shortcuts via shell verbs rather than ShellExecuteEx
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported

Google Chrome 43.0.2357.130 (32-bit)
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards

Google Chrome 43.0.2357.124 (32-bit)
- Updated Adobe Flash Player to 18.0.0.160

Google Chrome 43.0.2357.81 (32-bit)
- Fixed an issue where sometimes a blank page would print

Google Chrome 43.0.2357.65 (32-bit)
- Sandbox escape in Chrome
- Cross-origin bypass in DOM
- Cross-origin bypass in Editing
- Use-after-free in WebAudio
- Use-after-free in SVG
- Use-after-free in Speech
- Container-overflow in SVG
- Negative-size parameter in Libvpx
- Uninitialized value in PDFium
- Use-after-free in WebRTC
- URL bar spoofing
- Uninitialized value in Blink
- Insecure download of spellcheck dictionary
- Cross-site scripting in bookmarks
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch

Google Chrome 42.0.2311.152 (32-bit)
- A new version of Adobe Flash (17.0.0.188).

Google Chrome 42.0.2311.135 (32-bit)
- Use-after-free in DOM
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 42.0.2311.90 (32-bit)
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance

Google Chrome 41.0.2272.118 (32-bit)
- Change log not available for this version.

Google Chrome 41.0.2272.101 (32-bit)
- Change log not available for this version

Google Chrome 41.0.2272.89 (32-bit)
- Change log not available for this version

Google Chrome 41.0.2272.76 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes

Google Chrome 40.0.2214.115 (32-bit)
- Change log not available for this version

Google Chrome 40.0.2214.111 (32-bit)
- Use-after-free in DOM
- Cross-origin-bypass in V8 bindings
- Privilege escalation using service workers
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 40.0.2214.94 (32-bit)
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals

Google Chrome 40.0.2214.91 (32-bit)
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message

Google Chrome 39.0.2171.99 (32-bit)
- This release contains an update for Adobe Flash as well as a number of other fixes.

Google Chrome 39.0.2171.95 (32-bit)
- Change log not available for this version

Google Chrome 39.0.2171.71 (32-bit)
- Contains an update for Adobe Flash
- A number of other fixes

Google Chrome 39.0.2171.65 (32-bit)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance

Google Chrome 38.0.2125.122 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.111 (32-bit)
- Change log not available for this version

Google Chrome 38.0.2125.104 (32-bit)
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.101 (32-bit)
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox
- Out-of-bounds read in PDFium
- Use-after-free in Events
- Use-after-free in Rendering
- Use-after-free in DOM
- Type confusion in Session Management
- Use-after-free in Web Workers
- Information Leak in V8
- Permissions bypass in Windows Sandbox
- Information Leak in XSS Auditor
- Out-of-bounds read in PDFium
- Release Assert in V8 bindings

Google Chrome 37.0.2062.124 (32-bit)
- RSA signature malleability in NSS

Google Chrome 37.0.2062.120 (32-bit)
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 37.0.2062.103 (32-bit)
- This addresses some user feedback related to how Chrome renders text when display scaling is set to 125% or lower

Google Chrome 37.0.2062.102 (32-bit)
- Change log not available for this version

Google Chrome 37.0.2062.94 (32-bit)
- DirectWrite support on Windows for improved font rendering
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance Security Fixes:
- Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- High CVE-2014-3168: Use-after-free in SVG
- High CVE-2014-3169: Use-after-free in DOM
- High CVE-2014-3170: Extension permission dialog spoofing
- High CVE-2014-3171: Use-after-free in bindings
- Medium CVE-2014-3172: Issue related to extension debugging
- Medium CVE-2014-3173: Uninitialized memory read in WebGL
- Medium CVE-2014-3174: Uninitialized memory read in Web Audio
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives (Chrome 37).

Google Chrome 36.0.1985.143
- Use-after-free in web sockets
- Information disclosure in SPDY
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 36.0.1985.125 (32-bit)
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance Security Fixes:
- Same-Origin-Policy bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 35.0.1916.153 (32-bit)
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media

Google Chrome 35.0.1916.114 (32-bit)
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes

Google Chrome 34.0.1847.137 (32-bit)
- Use-after-free in WebSockets
- Integer overflow in DOM ranges
- Use-after-free in editing

Google Chrome 34.0.1847.131 (32-bit)
- This release fixes a number of crashes and other bugs
- Contains a Flash Player update, to version 13.0.0.214

Google Chrome 34.0.1847.116 (32-bit)
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance

Google Chrome 33.0.1750.154 (32-bit)
- Code execution outside sandbox. Credit to VUPEN
- Use-after-free in Blink bindings
- Code execution outside sandbox. Credit to Anonymous
- Memory corruption in V8
- Directory traversal issue

Google Chrome 33.0.1750.149 (32-bit)
- Use-after-free in speech
- UXSS in events
- Use-after-free in web database. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Potential sandbox escape due to a use-after-free in web sockets
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18

Google Chrome 33.0.1750.146 (32-bit)
- Use-after-free in svg images
- Use-after-free in speech recognition.
- Heap buffer overflow in software rendering
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10

Google Chrome 33.0.1750.117 (32-bit)
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid
- Use-after-free related to web contents. Credit to Khalil Zhani
- Bad cast in SVG. Credit to TheShow3511
- Use-after-free in layout. Credit to cloudfuzzer
- Information leak in XSS auditor. Credit to NeexEmil
- Use-after-free in layout. Credit to cloudfuzzer
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris
- Information leak in drag and drop. Credit to bishopjeffreys
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers

Google Chrome 32.0.1700.107 (32-bit)
- Change log not available for this version

Google Chrome 32.0.1700.102 (32-bit)
- Mouse Pointer disappears after exiting full-screen mode
- Drag and drop files into Chrome may not work properly
- Quicktime Plugin crashes in Chrome
- Chrome becomes unresponsive
- Trackpad users may not be able to scroll horizontally
- Scrolling does not work in combo box
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword
- This update includes 14 security fixes

Google Chrome 32.0.1700.76 (32-bit)
- Tab indicators for sound, webcam and casting
- A different look for Win8 Metro mode
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Flash Player has been updated to version 12.0.0.41
- This update includes 11 security fixes

Google Chrome 31.0.1650.63 (32-bit)
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7
- Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7

Google Chrome 31.0.1650.57 (32-bit)
- Fixed multiple memory corruption issues

Google Chrome 30.0.1599.69
- Tabs freeze up 
- Lag in some games/GPU issues with certain monitors

Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance

更新時間：2018-03-13
更新細節：

What's new in this version:

GOM Mix Pro 2.0.1.4
- Fixed error that audio not playing in some video
- Fixed error that audio not playing: Hamomy02.mp3

GOM Mix Pro 2.0.1.3
Addition and improvement of functions:
- Added crop function
- Added custom setting of rotation function
- Changed rotate media icon to video adjustment icon
- (Reverse/Rotate can be set in video adjustment
- The Playback speed setting is in preparation. Please wait a moment.)
- Added 2 kinds of vintage, 2 kinds of camera/film filter
- Added 8 kinds of pastel filter
- Added 8 kinds of gradient cellophane filter

GOM Mix Pro 2.0.1.2
- Fixed freeze error when encoding at 1080p
- Fixed errors related to background music from certain types of formats
- Improved the stability of Preview

GOM Mix Pro 2.0.1.1
- [Urgent] Fixed overlay clip track errors

GOM Mix Pro 2.0.0.10
- [Urgent] Fixed and improved additional package installation errors