The fast, free browser that`s built for the modern web

Google Chrome for Mac

Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more

Download Google Chrome 63.0.3239.108

Google Chrome for Mac

 -  100% Safe  -  Freeware

What's new in this version:

Google Chrome 63.0.3239.108
- Fixes UXSS in V8
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 63.0.3239.84
Security Fixes:
- Critical CVE-2017-15407: Out of bounds write in QUIC
- High CVE-2017-15408: Heap buffer overflow in PDFium
- High CVE-2017-15409: Out of bounds write in Skia
- High CVE-2017-15410: Use after free in PDFium
- High CVE-2017-15411: Use after free in PDFium
- High CVE-2017-15412: Use after free in libXML
- High CVE-2017-15413: Type confusion in WebAssembly
- Medium CVE-2017-15415: Pointer information disclosure in IPC call
- Medium CVE-2017-15416: Out of bounds read in Blink
- Medium CVE-2017-15417: Cross origin information disclosure in Skia
- Medium CVE-2017-15418: Use of uninitialized value in Skia
- Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink
- Medium CVE-2017-15420: URL spoofing in Omnibox
- Medium CVE-2017-15422: Integer overflow in ICU
- Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL
- Low CVE-2017-15424: URL Spoof in Omnibox
- Low CVE-2017-15425: URL Spoof in Omnibox
- Low CVE-2017-15426: URL Spoof in Omnibox
- Low CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 62.0.3202.94
- Publish DEPS for Chromium 62.0.3202.94 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.94 by chrome-release-bot
- Remove WinScreenKeyboardObserver as an observer in its class Destructor by EhsanK
- Incrementing VERSION to 62.0.3202.93 by chrome-release-bot
- [merge to m62] viz: Do not use root render pass size in lieu of output surface size. by Sunny Sachanandani
- Correct name of field trial for SerializeCoreAudioPauseAndResumeDuringSystemSleep finch study. by Henrik Grunell
- Feature flag for serialized CoreAudio pause/resume. by Henrik Grunell
- Serialize AUHAL Pause/Resume calls to workaround missing callbacks error by Oskar Sundbom
- Support infinite progress in new style notification. by Tetsui Ohkubo
- Incrementing VERSION to 62.0.3202.92 by chrome-release-bot
- Block component updater in M62 for kernel 3.8 and 3.10 by Xiaochu Liu
- Not remove views in OnBoundsAnimatorDone after clearing all by yoshiki iguchi
- Check |clearing_all_views_| before telling observers that all views have been cleared. by yoshiki iguchi
- Incrementing VERSION to 62.0.3202.91 by chrome-release-bot
- Incrementing VERSION to 62.0.3202.90 by chrome-release-bot

Google Chrome 62.0.3202.89
Security Fixes:
- Critical CVE-2017-15398: Stack buffer overflow in QUIC
- High CVE-2017-15399: Use after free in V8

Google Chrome 62.0.3202.75
Security fix:
- High CVE-2017-15396: Stack overflow in V8

Google Chrome 62.0.3202.62
- High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
- High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
- High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
- High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
- High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
- High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
- High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
- High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
- Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
- Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
- Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
- Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
- Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
- Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
- Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
- Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
- Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
- Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
- Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
- Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 61.0.3163.100
Security fixes:
- High CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet, Microsoft Offensive Security Research and Microsoft ChakraCore team on 2017-09-14
- High CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han of Naver Corporation on 2017-08-04
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 61.0.3163.91
- Change log not available for this version

Google Chrome 61.0.3163.79
Security Fixes:
- High CVE-2017-5111: Use after free in PDFium
- High CVE-2017-5112: Heap buffer overflow in WebGL
- High CVE-2017-5113: Heap buffer overflow in Skia
- High CVE-2017-5114: Memory lifecycle issue in PDFium
- High CVE-2017-5115: Type confusion in V8
- High CVE-2017-5116: Type confusion in V8
- Medium CVE-2017-5117: Use of uninitialized value in Skia
- Medium CVE-2017-5118: Bypass of Content Security Policy in Blink
- Medium CVE-2017-5119: Use of uninitialized value in Skia
- Low CVE-2017-5120: Potential HTTPS downgrade during redirect navigation
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 60.0.3112.113
- 35e4318 Publish DEPS for Chromium 60.0.3112.113
- 95c4543 Incrementing VERSION to 60.0.3112.113
- 366f124 Extensions: properly check the extension URL for background permission
- aaa2c97 Settings: Internet: Hide/disable Forget for policy networks
- bbaa207 Incrementing VERSION to 60.0.3112.112
- b73aaa1 Revert "Merge M60 "kiosk: Reset virtual keyboard after app profile load""
- 7a624d4 Incrementing VERSION to 60.0.3112.111
- 08254a9 Incrementing VERSION to 60.0.3112.110
- 579b1be Incrementing VERSION to 60.0.3112.109
- 8b314d0 Incrementing VERSION to 60.0.3112.108
- 1b127f8 Incrementing VERSION to 60.0.3112.107
- d96fab6 Disable explicit multisample resolve on more configs
- 85602dc Fix build
- 63fa43c Fix ToSAckedReceiver after AccountManager refactoring.
- fee9f72 [Android] Add the ability to disable the filtering of custom search engines.
- fd56404 Incrementing VERSION to 60.0.3112.106
- bc2a8c9 [TTS] Fix index out of bounds adjusting selection.
- 46c461b V4L2SVDA/VAAPIVDA: use visible size from decoder and pass to client
- 8ca93e9 Incrementing VERSION to 60.0.3112.105
- 4ef1465 Incrementing VERSION to 60.0.3112.104
- e698830 Incrementing VERSION to 60.0.3112.103
- c87f857 Incrementing VERSION to 60.0.3112.102

Google Chrome 60.0.3112.101
- Change log not available for this version

Google Chrome 60.0.3112.90
- Change log not available for this version

Google Chrome 60.0.3112.78
Security Fixes:
- High CVE-2017-5091: Use after free in IndexedDB
- High CVE-2017-5092: Use after free in PPAPI
- High CVE-2017-5093: UI spoofing in Blink
- High CVE-2017-5094: Type confusion in extensions
- High CVE-2017-5095: Out-of-bounds write in PDFium
- High CVE-2017-5096: User information leak via Android intents
- High CVE-2017-5097: Out-of-bounds read in Skia
- High CVE-2017-5098: Use after free in V8
- High CVE-2017-5099: Out-of-bounds write in PPAPI
- Medium CVE-2017-5100: Use after free in Chrome Apps
- Medium CVE-2017-5101: URL spoofing in OmniBox
- Medium CVE-2017-5102: Uninitialized use in Skia
- Medium CVE-2017-5103: Uninitialized use in Skia
- Medium CVE-2017-5104: UI spoofing in browser
- Medium CVE-2017-7000: Pointer disclosure in SQLite
- Low CVE-2017-5105: URL spoofing in OmniBox
- Medium CVE-2017-5106: URL spoofing in OmniBox
- Low CVE-2017-5107: User information leak via SVG
- Low CVE-2017-5108: Type confusion in PDFium
- Low CVE-2017-5109: UI spoofing in browser
- Low CVE-2017-5110: UI spoofing in payments dialog
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 59.0.3071.115
- Change log not available for this version

Google Chrome 59.0.3071.109
- Change log not available for this version

Google Chrome 59.0.3071.104
Security fixes:
- [725032] High CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson on 2017-05-22
- [729991] High CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong of Tencent Security Platform Department on 2017-06-06
- [714196] Medium CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski on 2017-04-21.
- [732498] Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 59.0.3071.86
Security Fixes:
- [722756] High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
- [715582] High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
- [709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
- [716474] High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
- [700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
- [678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
- [722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
- [719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
- [716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
- [711020] Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
- [713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
- [708819] Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
- [672008] Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
- [721579] Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
- [714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
- [692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15
- [729639] Various fixes from internal audits, fuzzing and other initiatives


Google Chrome 58.0.3029.110
- In order to improve stability, performance, and security, users who are currently on 32-bit version of Chrome, and 64-bit Windows with 4GB or more of memory and auto-update enabled will be automatically migrated to 64-bit Chrome during this update. 32-bit Chrome will still be available via the Chrome download page.

Fixed issues:
- c831ce8 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- d89459e Settings reset prompt: Fix crash when fetching default settings. by Chris Sharp
- 8bd8b3c ProcessSingletonPosix: don't CHECK if trying to connect to existing process with too long socket symlink target. by Matt Mueller
- fc1487f [base/files] Respect MAC_CHROMIUM_TMPDIR instead of TMPDIR on macOS. by Matt Mueller
- c68ec2b arc: Fix merge conflict by khmel
- a815ce8 Revert "[Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8" by Alex Mineer
- cac791b Revert of [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. (patchset #1 id:1 of https://codereview.chromium.org/2871673002/ ) by khmel
- 0b1ac3f Revert "Move MediaQuery classes off BlinkGC heap" by Keishi Hattori
- d1910d3 Move MediaQuery classes off BlinkGC heap by Keishi Hattori
- 9aed31b Fix a crash on Chrome OS when selecting a file in chrome://net-export/ by Eric Roman
- cb8fbf7 [Merge to M58]cros: Replace "TPM" with "secure module" for machines without TPM. by Sammie Quon
- f6325d6 📺 Disable Video Persistence by default. by peconn
- 8fc4d05 [Merge m58] Change TaskQueueImpl to use a Deque with an inline capacity of 8 by Alex Clarke
- 169f4fa Don't send activation event when created by Mitsuru Oshima
- b849071 Do not disable minimize animation for maximized/fullscreened exo windows by Mitsuru Oshima
- b0cae97 Merge to m58: A11y: Don't accounce password keystrokes twice by Paul Miller
- 8347e93 [Android] Add support for adaptive icons by Theresa Wellington
- 33e4115 Allow disk writes while checking webview version pref. by Torne (Richard Coles)
- d005254 [M58] exo: Fix multi-display cursor crash by domlaskowski
- 2f70254 [M58] exo: Confine windows to primary display by domlaskowski
- a0532b2 Revert of Don't set cpu architecture field on iOS in UMA logs. (patchset #2 id:20001 of https://codereview.chromium.org/2671433002/ ) by sczs
- 585417f Exclude crash tests for O by Alex Mineer
- b66d27e [merge to m58] cros: Update touchscreen status with backlights forced off state during start by Qiang Xu
- ec201b4 [ios] Revert of History didReceiveQueryResult performBatchUpdates. by sczs
- 54bf50a [Android] Update check for whether current OS platform is O by Tommy Nyquist
- eb45121 [Media,Android] Always call startForeground after startForegroundService by Anton Vayvod
- c6d0312 ChromeOS DBUS: wait for update engine to become available before querying it. by Alexander Alekseev
- 8b8080a [Merge to M58] CrOS: Do not allow notifications to be added during shutdown. by Sammie Quon
- 47ed318 arc: M58: Set migration success notification pref. by Kazuhiro Inaba

Google Chrome 58.0.3029.96
- Race condition in WebRTC

Google Chrome 58.0.3029.81
- Type confusion in PDFium
- Heap use after free in Print Preview
- Type confusion in Blink
- URL spoofing in Omnibox
- Use after free in Chrome Apps
- Heap overflow in Skia
- Use after free in Blink
- Incorrect UI in Blink
- Incorrect signature handing in Networking
- URL spoofing in Omnibox
- Cross-origin bypass in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 57.0.2987.133
- Use after free in printing
- Heap buffer overflow in V8
- Bad cast in Blink
- Use after free in Blink
- Out of bounds memory access in V8

Google Chrome 57.0.2987.110
- Publish DEPS for Chromium 57.0.2987.110
- DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
- Incrementing VERSION to 57.0.2987.108
- [scheduler] Move DatabaseAccess tasks to loading tq
- v8bindings: Reverts crrev.com/2606723002 with minimum changes
- [Merge to M57] Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
- Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
- base: Make TimeDurationFormat* report failures
- Avoid rotation anchor during transitional fullscreen states
- Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
- Do not attempt to retry failed EarlGrey test cases
- Disable Form-Not-Secure warning when |autofill_client_| is null

Google Chrome 57.0.2987.98
- Memory corruption in V8
- Use after free in ANGLE
- Out of bounds write in PDFium
- Integer overflow in libxslt
- Use after free in PDFium
- Incorrect security UI in Omnibox
- Use after free in PDFium
- Multiple out of bounds writes in ChunkDemuxer
- Information disclosure in V8
- Address spoofing in Omnibox
- Bypass of Content Security Policy in Blink
- Incorrect handling of cookies in Cast
- Use after free in GuestView
- Heap overflow in Skia
- Information disclosure in XSS Auditor
- Information disclosure in Blink
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 56.0.2924.87
- Change log not available for this version

Google Chrome 56.0.2924.76
- Universal XSS in Blink
- Unauthorised file access in Devtools
- Out of bounds memory access in WebRTC
- Heap overflow in V8
- Address spoofing in Omnibox
- Heap overflow in Skia
- Address spoofing in Omnibox
- Use after free in Renderer
- UI spoofing in Blink
- Uninitialised memory access in webm video
- Universal XSS in chrome://apps
- Universal XSS in chrome://downloads
- Use after free in Extensions
- Bypass of Content Security Policy in Blink
- Type confusion in metrics
- Heap overflow in FFmpeg
- UI spoofing
- Various fixes from internal audits, fuzzing and other initiative

Google Chrome 55.0.2883.95
- Change log not available for this version

Google Chrome 55.0.2883.87
- Change log not available for this version

Google Chrome 55.0.2883.75
- Private property access in V8
- Universal XSS in Blink
- Universal XSS in Blink
- Same-origin bypass in PDFium
- Universal XSS in Blink
- Universal XSS in Blink
- Out of bounds write in Blink
- Use after free in PDFium
- Out of bounds write in PDFium
- Local file disclosure in DevTools
- Use after free in PDFium
- Use after free in V8
- File download protection bypass
- Use after free in PDFium
- Use after free in Webaudio
- Use of unvalidated data in PDFium
- Address spoofing in Omnibox
- Use after free in V8
- Integer overflow in ANGLE
- Local file access in PDFium
- Address spoofing in Omnibox
- CSP Referrer disclosure
- Integer overflow in PDFium
- CSP bypass in Blink
- Same-origin bypass in SVG
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.99
- Heap corruption in FFmpeg
- Out of bounds memory access in V8
- Info leak in extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 54.0.2840.87
- Change log not available for this version

Google Chrome 54.0.2840.71
- Change log not available for this version

Google Chrome 54.0.2840.59
- Universal XSS in Blink
- Heap overflow in Blink
- Use after free in PDFium
- Use after free in Blink
- URL spoofing
- UI spoofing
- Cross-origin bypass in Blink
- URL spoofing
- Out of bounds read in DevTools
- Universal XSS in Bookmarks
- Use after free in Internals
- Scheme bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.143
- Use after free in V8
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.116
- Change log not available for this version

Google Chrome 53.0.2785.113
- Use after free in Blink
- Arbitrary Memory Read in v8
- Extension resource access
- Popup not correctly suppressed
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 53.0.2785.101
- Change log not available for this version

Google Chrome 53.0.2785.89
- Universal XSS in Blink.
- Script injection in extensions
- Use after free in Blink
- Use after free in PDFium
- Use after destruction in Blink
- Heap overflow in PDFium
- Address bar spoofing
- Use after free in event bindings
- Heap overflow in PDFium.
- Type confusion in Blink
- Extensions web accessible resources bypass
- Address bar spoofing
- Universal XSS using DevTools
- Script injection in DevTools
- SMB Relay Attack via Save Page As
- Extensions web accessible resources bypass
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.116
- Address bar spoofing
- Use-after-free in Blink
- Heap overflow in pdfium
- Same origin bypass for images in Blink
- Parameter sanitization failure in DevTools
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 52.0.2743.82
- Sandbox escape in PPAPI
- URL spoofing on iOS
- Use-after-free in Extensions
- Heap-buffer-overflow in sfntly
- Same-origin bypass in Blink
- Use-after-free in Blink
- Same-origin bypass in V8
- Memory corruption in V8
- URL spoofing
- Use-after-free in libxml
- Limited same-origin bypass in Service Workers
- Origin confusion in proxy authentication
- URL leakage via PAC script
- Content-Security-Policy bypass
- Use after free in extensions
- History sniffing with HSTS and CSP

Google Chrome 51.0.2704.106
- Change log not available for this version

Google Chrome 51.0.2704.103
- Various fixes from internal audits, fuzzing and other initiatives.
- This release contains an update to Adobe Flash Player (22.0.0.192).

Google Chrome 51.0.2704.84
- Change log not available for this version

Google Chrome 51.0.2704.79
- This update includes 15 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
- Cross-origin bypass in Extension bindings.
- Cross-origin bypass in Blink.
- Information leak in Extension bindings.
- Parameter sanitization failure in DevTools.
- Use-after-free in Extensions.
- Use-after-free in Autofill.
- Out-of-bounds read in Skia.

Google Chrome 51.0.2704.63
- Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
- Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
- Cross-origin bypass in extension bindings. Credit to Rob Wu.
- Type confusion in V8. Credit to Guang Gong of Qihoo 360.
- Heap overflow in V8. Credit to Christian Holler.
- Heap use-after-free in V8 bindings. Credit to Rob Wu.
- Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
- Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
- CSP bypass for ServiceWorker. Credit to KingstonTime.
- Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
- Integer overflow in libxslt. Credit to Nicolas Gregoire.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
- Information leak in extensions. Credit to Rob Wu.
- Out-of-bounds read in V8. Credit to Max Korenko.
- Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
- Heap use-after-free in Autofill. Credit to Rob Wu.
- Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
- Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
- HTTP Download of Software Removal Tool. Credit to Khalil Zhani.
- HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadega
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.102
- Same origin bypass in DOM.
- Same origin bypass in Blink V8 bindings.
- Buffer overflow in V8. Credit to Choongwoo Han.
- Race condition in loader.
- Directory traversal using the file scheme on Android.

Google Chrome 50.0.2661.94
- Out-of-bounds write in Blink.
- Memory corruption in cross-process frames.
- Use-after-free in extensions.
- Use-after-free in Blink’s V8 bindings.
- Address bar spoofing.
- Information leak in V8.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 50.0.2661.87
- Change log not available for this version

Google Chrome 50.0.2661.86
- Add CHECK for null WebState in CRWWebController.
- Fix MediaNotificationInfo.equals().
- Bump the min-supported OS version in the installer.
- Updating XTBs based on .GRDs from branch 2661.
- Fix Range.getClientRects() to include full grapheme clusters.
- Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
- Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
- Add more tracing to a test to make it easier to track down failures.
- Call CheckTrialGroup only under lock.
- Remove FrameView::isPainting() and use lifecycle state instead.
- Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
- Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
- Check CSP before registering ServiceWorkers.
- Fixes stable build by including stringprintf.h.
- Revert "Check CSP before registering ServiceWorkers".
- Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
- QUIC - Fix a type casting bug in quic stream sequencer buffer.
- Fixed regression in WEBGL_draw_buffers support.
- Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
- Fix a bug that mime type isn't passed when checking Codec capabilities.
- Temporarily disable float empty-phase optimization.
- Updating XTBs based on .GRDs from branch 2661.
- Make sure binding security checks don't pass if the frame is remote.
- Avoid using MediaCodecList from Renderer process.
- Revert "Treat percent-height div inside auto-height cells as auto".
- Revert "cc: Stop locking the raster scale factor at 1 after any change."

Google Chrome 50.0.2661.75
- Universal XSS in extension bindings
- Out-of-bounds write in V8
- Out-of-bounds read in Pdfium JPEG2000 decoding
- Uninitialized memory read in media
- Use-after-free related to extensions
- Android downloaded file path restriction bypass
- Address bar spoofing
- Potential leak of sensitive information to malicious extensions
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 49.0.2623.112
- Change log not available for this version.

Google Chrome 49.0.2623.110
- Security fixes

Google Chrome 49.0.2623.108
- Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
- Use-after-free in Navigation. Credit to anonymous.
- Use-after-free in Extensions. Credit to anonymous.
- Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
- As usual, our ongoing internal security work was responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).

Google Chrome 49.0.2623.87
- Type confusion in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
- Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.

Google Chrome 49.0.2623.75
- Same-origin bypass in Blink. Credit to Mariusz Mlynski.
- Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski.
- Bad cast in Extensions. Credit to anonymous.
- Use-after-free in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to cloudfuzzer.
- Use-after-free in Blink. Credit to Rob Wu.
- SRI Validation Bypass. Credit to ryan@cyph.com.
- Out-of-bounds access in libpng. Credit to joerg.bornemann.
- Information Leak in Skia. Credit to Keve Nagy.
- WebAPI Bypass. Credit to Rob Wu.
- Use-after-free in WebRTC. Credit to Khalil Zhani.
- Origin confusion in Extensions UI. Credit to Luan Herrera.
- Use-after-free in Favicon. Credit to Atte Kettunen of OUSPG.
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26).

Google Chrome 48.0.2564.116
- Same-origin bypass in Blink and Sandbox escape in Chrome

Google Chrome 48.0.2564.109
- Same-origin bypass in Extensions. Credit to anonymous.
- Same-origin bypass in DOM. Credit to Mariusz Mlynski.
- Buffer overflow in Brotli. Credit to lukezli.
- Navigation bypass in Chrome Instant. Credit to Jann Horn.
- Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 48.0.2564.103
- Change log not available for this version.

Google Chrome 48.0.2564.97
- This release contains an update to Adobe Flash Player 20.0.0.286.

Google Chrome 48.0.2564.82
- Bad cast in V8. Credit to cloudfuzzer.
- Use-after-free in PDFium. Credit to anonymous.
- Information leak in Blink. Credit to Christoph Diehl.
- Origin confusion in Omnibox. Credit to Ron Masas.
- URL Spoofing. Credit to Luan Herrera.
- History sniffing with HSTS and CSP. Credit to jenuis.
- Weak random number generator in Blink. Credit to Aaron Toponce.
- Out-of-bounds read in PDFium. Credit to Keve Nagy.
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17).

Google Chrome 47.0.2526.111
- This release contains an update to Adobe Flash Player 20.0.0.267

Google Chrome 47.0.2526.106
- Two security fixes from internal audits and fuzzing

Google Chrome 47.0.2526.80
- Change log not available for this version.

Google Chrome 47.0.2526.73
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Use-after-free in AppCache. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Cross-origin bypass in core. Credit to Mariusz Mlynski
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to anonymous
- Cross-origin bypass in DOM. Credit to Mariusz Mlynski
- Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own
- Out of bounds access in Skia. Credit to cloudfuzzer
- Use-after-free in Extensions. Credit to anonymous
- Type confusion in PDFium. Credit to Atte Kettunen of OUSPG
- Out of bounds access in PDFium. Credit to Hanno Böck
- Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team
- Out of bounds access in PDFium. Credit to Karl Skomski
- Scheme bypass in PDFium. Credit to Ullrich Tiljasper
- Use-after-free in Infobars. Credit to Khalil Zhani
- Integer overflow in Sfntly. Credit to miaubiz
- Content spoofing in Omnibox. Credit to Luan Herrera
- Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski
- Escaping issue in saved pages. Credit to Inti De Ceukelaire
- Wildcard matching issue in CSP.
- Scheme bypass in CSP.
- Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23)

Google Chrome 46.0.2490.86
- Information leak in PDF viewer.

Google Chrome 46.0.2490.80
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).

Google Chrome 46.0.2490.71
- Cross-origin bypass in Blink
- Use-after-free in PDFium
- Use-after-free in ServiceWorker
- Bad-cast in PDFium
- Information leakage in LocalStorage
- Improper error handling in libANGLE
- Memory corruption in FFMpeg
- CORS bypass via CSS fonts
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23).

Google Chrome 45.0.2454.101
- Cross-origin bypass in DOM.
- Cross-origin bypass in V8.

Google Chrome 45.0.2454.99
- This release contains a critical update to Adobe Flash Player (19.0.0.185).

Google Chrome 45.0.2454.93
- Change log not available for this version.

Google Chrome 45.0.2454.85
- Cross-origin bypass in DOM.
- Cross-origin bypass in ServiceWorker.
- Cross-origin bypass in DOM.
- Use-after-free in Skia.
- Use-after-free in Printing.
- Character spoofing in omnibox.
- Permission scoping error in WebRequest.
- URL validation error in extensions.
- Use-after-free in Blink.
- Information leak in Blink.

Google Chrome 44.0.2403.157
- Change log not available for this version.

Google Chrome 44.0.2403.155
- Change log not available for this version.

Google Chrome 44.0.2403.130
- Change log not available for this version.

Google Chrome 44.0.2403.125
- Change log not available for this version.

Google Chrome 44.0.2403.107
- Change log not available for this version.

Google Chrome 41.0.2272.118
- Change log not available for this version.

Google Chrome 44.0.2403.89
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance

Google Chrome 43.0.2357.134
- Critical update to Adobe Flash Player (18.0.0.209)
- Fix for a full screen casting issue.

Google Chrome 43.0.2357.132
- Fix use of ShellDispatch.NameSpace.
- Pin shortcuts via shell verbs rather than ShellExecuteEx.
- [Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names.
- Revert "[Merge to M43] Use StartsWith rather than == to compare BackgroundRendererProcesses experiment group names."
- ash: Restore user selected rotation on startup.
- Add .website to dangerous download extensions. Add .website and .url to safebrowsing download checks.
- [Merge to M43] Initialize AVFoundation explicitly instead of implicitly via IsAVFoundationSupported.

Google Chrome 43.0.2357.130
- Scheme validation error in WebUI
- Cross-origin bypass in Blink
- Normalization error in HSTS/HPKP preload list
- Security Fixes and Rewards

Google Chrome 43.0.2357.124
- Updated Adobe Flash Player to 18.0.0.160

Google Chrome 43.0.2357.81
- Fixed an issue where sometimes a blank page would print.

Google Chrome 43.0.2357.65
- Sandbox escape in Chrome.
- Cross-origin bypass in DOM.
- Cross-origin bypass in Editing.
- Use-after-free in WebAudio.
- Use-after-free in SVG.
- Use-after-free in Speech.
- Container-overflow in SVG.
- Negative-size parameter in Libvpx.
- Uninitialized value in PDFium.
- Use-after-free in WebRTC.
- URL bar spoofing.
- Uninitialized value in Blink.
- Insecure download of spellcheck dictionary.
- Cross-site scripting in bookmarks.
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch

Google Chrome 42.0.2311.152
- A new version of Adobe Flash (17.0.0.188).

Google Chrome 42.0.2311.135
- Use-after-free in DOM.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 42.0.2311.90
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance

Google Chrome 41.0.2272.118
- Change log not available for this version.

Google Chrome 41.0.2272.101
- Change log not available for this version.

Google Chrome 41.0.2272.89
- Change log not available for this version.

Google Chrome 41.0.2272.76
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- 51 security fixes

Google Chrome 40.0.2214.115
- Revert from M40 branch 2214: "Get high resolution frame timebase and interval on compatible systems"
- Disable the inconsistent group policy check in the installer.
- Cryptohome: Notify about error in async calls if cryptohome is not ready yet.
- Remove "ui-sans" from the ChromeOS system UI default font list.
- Correctly track texture cleared state for sharing
- gpu: Allow virtual context for in-process gpu thread

Google Chrome 40.0.2214.111
- Use-after-free in DOM.
- Cross-origin-bypass in V8 bindings.
- Privilege escalation using service workers.

Google Chrome 40.0.2214.94
- Handle invalid sync item ordinals when adding OEM folders. Certain edge cases were exposing a lack of proper checking for validity when handling sync ordinals.

Google Chrome 40.0.2214.91
- Updated info dialog for Chrome app on Windows and Linux
- A new clock behind/ahead error message

Google Chrome 39.0.2171.99
- This release contains an update for Adobe Flash as well as a number of other fixes.

Google Chrome 39.0.2171.95
- Change log not available for this version.

Google Chrome 39.0.2171.71
- Contains an update for Adobe Flash
- A number of other fixes

Google Chrome 39.0.2171.65
- 64-bit support for Mac (now requires a 64-bit processor)
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance

Google Chrome 38.0.2125.122
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.111
- Change log not available for this version.

Google Chrome 38.0.2125.104
- Contains an update for Adobe Flash as well as a number of other fixes

Google Chrome 38.0.2125.101
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
- Out-of-bounds read in PDFium.
- Use-after-free in Events.
- Use-after-free in Rendering.
- Use-after-free in DOM.
- Type confusion in Session Management.
- Use-after-free in Web Workers.
- Information Leak in V8.
- Permissions bypass in Windows Sandbox.
- Information Leak in XSS Auditor.
- Out-of-bounds read in PDFium.
- Release Assert in V8 bindings.

Google Chrome 37.0.2062.124
- RSA signature malleability in NSS

Google Chrome 37.0.2062.122
- Compatibility with OS X 10.9.5 for new installations

Google Chrome 37.0.2062.120
- This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
- Use-after-free in rendering. Credit to miaubiz.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 37.0.2062.102
- Change log not available for this version.

Google Chrome 37.0.2062.94
- A combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox
- Use-after-free in SVG
- Use-after-free in DOM
- Extension permission dialog spoofing
- Use-after-free in bindings
- Issue related to extension debugging
- Uninitialized memory read in WebGL
- Uninitialized memory read in Web Audio

Google Chrome 36.0.1985.143
- Use-after-free in web sockets.
- Information disclosure in SPDY.
- Various fixes from internal audits, fuzzing and other initiatives.

Google Chrome 36.0.1985.125
- Rich Notifications Improvements
- An Updated Incognito / Guest NTP design
- The addition of a Browser crash recovery bubble
- Chrome App Launcher for Linux
- Lots of under the hood changes for stability and performance
- Includes 26 security fixes
- Same-Origin-Policy bypass in SVG

Google Chrome 35.0.1916.153
- Use-after-free in filesystem API
- Out-of-bounds read in SPDY
- Buffer overflow in clipboard
- Heap overflow in media

Google Chrome 35.0.1916.114
- More developer control over touch input
- New JavaScript features
- Unprefixed Shadow DOM
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- This update includes 23 security fixes

Google Chrome 34.0.1847.137
- Use-after-free in WebSockets.
- Integer overflow in DOM ranges.
- Use-after-free in editing.

Google Chrome 34.0.1847.131
- This release fixes a number of crashes and other bugs.
- Contains a Flash Player update, to version 13.0.0.214

Google Chrome 34.0.1847.131
- Bug and crash fixes.
- Flash Player update, to version 13.0.0.206.

Google Chrome 34.0.1847.116
- Responsive Images and Unprefixed Web Audio
- Import supervised users onto new computers
- A number of new apps/extension APIs
- A different look for Win8 Metro mode
- Lots of under the hood changes for stability and performance

Google Chrome 33.0.1750.152
- Code execution outside sandbox. Credit to VUPEN.
- Use-after-free in Blink bindings
- Windows clipboard vulnerability
- Code execution outside sandbox. Credit to Anonymous.
- Memory corruption in V8
- Directory traversal issue

Google Chrome 33.0.1750.149
- Use-after-free in speech.
- UXSS in events.
- Use-after-free in web database.
- Potential sandbox escape due to a use-after-free in web sockets.
- Multiple vulnerabilities in V8 fixed in version 3.23.17.18.

Google Chrome 33.0.1750.146
- Use-after-free in svg images.
- Use-after-free in speech recognition. .
- Heap buffer overflow in software rendering.
- Chrome allows requests in flash header request. As usual, our ongoing internal security work responsible for a wide range of fixes:
- Various fixes from internal audits, fuzzing and other initiatives.
- Multiple vulnerabilities in V8 fixed in version 3.24.35.10.

Google Chrome 33.0.1750.117
- Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
- Use-after-free related to web contents. Credit to Khalil Zhani.
- Bad cast in SVG. Credit to TheShow3511.
- Use-after-free in layout. Credit to cloudfuzzer.
- Information leak in XSS auditor. Credit to NeexEmil.
- Information leak in XSS auditor. Credit to NeexEmil.
- Use-after-free in layout. Credit to cloudfuzzer.
- Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.
- Information leak in drag and drop. Credit to bishopjeffreys.
- Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.

Google Chrome 32.0.1700.107
- Change log not available for this version

Google Chrome 32.0.1700.102
- Mouse Pointer disappears after exiting full-screen mode.
- Drag and drop files into Chrome may not work properly.
- Quicktime Plugin crashes in Chrome.
- Chrome becomes unresponsive.
- Trackpad users may not be able to scroll horizontally.
- Scrolling does not work in combo box.
- Chrome does not work with all CSS minifiers such as whitespace around a media query's `and` keyword.
- 14 security fixes.

Google Chrome 32.0.1700.76
- Tab indicators for sound, webcam and casting
- Automatically blocking malware files
- A number of new apps/extension APIs
- Lots of under-the-hood changes for stability and performance
- Flash Player has been updated to 12.0.0.41, which is included w/ this release
- Eleven security fixes

Google Chrome 31.0.1650.63
- Session fixation in sync related to 302 redirects
- Use-after-free in editing
- Address bar spoofing related to modal dialogs
- Various fixes from internal audits, fuzzing and other initiatives
- Buffer overflow in v8
- Out of bounds write in v8
- Out of bounds read in v8

Google Chrome 31.0.1650.57
- Multiple memory corruption issues


Google Chrome 30.0.1599.69
- Tabs freeze up fix
- Lag in some games/GPU issues with certain monitors fix

Google Chrome 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Races in Web Audio
- Out of bounds read in Window.prototype object
- Address bar spoofing related to the "204 No Content" status code
- Use after free in inline-block rendering
- Use-after-free in Web Audio
- Use-after-free in XSLT
- Use-after-free in PPAPI
- Use-after-free in XML document parsing
- Use after free in the Windows color chooser dialog
- Address bar spoofing via a malformed scheme
- Address bar spoofing related to the "204 No Content" status code
- Out of bounds read in Web Audio
- Use-after-free in DOM
- Memory corruption in V8
- Out of bounds read in URL parsing
- Use-after-free in resource loader
- Use-after-free in template element
- Various fixes from internal audits, fuzzing and other initiatives (Chrome 30)
- Use-after-free in ICU

Google Chrome 29.0.1547.76
- Flash Player does not work in Metro mode fix
- Unable to submit client certificates over TLS 1.2 from Windows
- Canvas loses ability to render, is blank even if page reloaded
- Other stability improvements

Google Chrome 29.0.1547.65
- This version contains a Flash update, as well as fixes an issue with Sync

Google Chrome 29.0.1547.62
- Fixed an issue with printing from Google Docs applications

Google Chrome 29.0.1547.57
- Improved Omnibox suggestions based on the recency sites you have visited
- Ability to reset your profile back to its original state
- Many new apps and extensions APIs
- Lots of stability and performance improvements
- Incomplete path sanitization in file handling
- Information leak via overly broad permissions on shared memory files
- Integer overflow in ANGLE
- Use after free in XSLT
- Use after free in media element
- Use after free in document parsing
- Various fixes from internal audits, fuzzing and other initiatives (Chrome 29)

Google Chrome 28.0.1500.95
- Origin bypass in frame handling
- Type confusion in V8
- Use-after-free in MutationObserver
- Use-after-free in DOM
- Use-after-free in input handling
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 28.0.1500.71
- Includes a fix to an issue that was blocking Chrome from loading content

Google Chrome 27.0.1453.116
- Clickjacking in the Flash plug-in
- Multiple flash movies on one page not playing fix
- Arc rendering bug in canvas fix
- Select box with Multiple option fires Onchange event on scroll fix

Google Chrome 27.0.1453.110
- Memory corruption in dev tools API
- Use-after-free in input handling
- Use-after-free in image handling
- Use-after-free in HTML5 Audio
- Cross-origin namespace pollution
- Use-after-free with workers accessing database APIs
- Use-after-free with SVG
- Memory corruption in Skia GPU handling
- Memory corruption in SSL socket handling
- Bad free in PDF viewer
- Various fixes from internal audits, fuzzing and other initiatives

Google Chrome 27.0.1453.93
- Web pages load 5% faster on average
- chrome.syncFileSystem API
- Improved ranking of predictions, improved spell correction, and numerous fundamental improvements for Omnibox predictions
- Use-after-free in SVG
- Out-of-bounds read in v8
- Bad cast in clipboard handling
- Use-after-free in media loader
- Use-after-free in Pepper resource handling
- Use-after-free in widget handling
- Use-after-free in speech handling
- Use-after-free in style resolution
- Memory safety issues in Web Audio
- Use-after-free in media loader
- Use-after-free race condition with workers
- Possible data extraction with XSS Auditor
- Possible XSS with drag+drop or copy+paste
- Various fixes from internal audits, fuzzing and other initiatives
- This build also contains a new Adobe Flash

Google Chrome 26.0.1410.65
- WebGL bug fix

Google Chrome 26.0.1410.43
- "Ask Google for suggestions" spell checking feature improvements (e.g. grammar and homonym checking)
- Desktop shortcuts for multiple users (profiles) on Windows
- Asynchronous DNS resolver on Mac and Linux

Google Chrome 25.0.1364.172
- This release contains stability improvements, and a new version of Adobe Flash

Google Chrome 25.0.1364.160
- Type confusion in WebKit

Google Chrome 25.0.1364.155
- This release fixes a crash when typing in the Omnibox

Google Chrome 25.0.1364.152
- Change log not available for this version

Google Chrome 25.0.1364.99
- Improvements in managing and securing your extensions
- Better support for HTML5 time/date inputs
- Javascript speech API support
- Better WebGL error handling
- And lots of other features for developers

Google Chrome 24.0.1312.68
- This build contains the fix for Pepper Flash

Google Chrome 24.0.1312.57
- Fix renderer crashes when using certain IMEs
- Fix microphone input dropout with Pepper Flash
- Fix renderer exiting in certain cases when opening a new Window from Chrome Frame

Google Chrome 24.0.1312.56
- Fixed performance of mouse wheel scrolling
- Fixed visited links regression

Google Chrome 24.0.1312.52
- Use-after-free in SVG layout
- Same origin policy bypass with malformed URL
- Use-after-free in DOM handling
- Missing filename sanitization in hyphenation support
- Integer overflow in audio IPC handling
- Use-after-free when seeking video
- Integer overflow in PDF JavaScript
- Out-of-bounds read when seeking video
- Out-of-bounds stack access in v8
- Integer overflow in shared memory allocation
- Missing Mac sandbox for worker processes
- Use-after-free in PDF fields
- Out-of-bounds reads in PDF image handling
- Bad cast in PDF root handling
- Corruption of database metadata leading to incorrect file access
- Missing NUL termination in IPC
- Possible path traversal from extension process
- Use-after-free with printing
- Out-of-bounds read with printing
- Out-of-bounds read with glyph handling
- Browser crash with geolocation
- Crash in v8 garbage collection
- Crash in extension tab handling
- Tighten permissions on shared memory segments

Google Chrome 23.0.1271.101
- This build contains the fix to a bug with sound distortion with microphone input

Google Chrome 23.0.1271.97
- Some texts in a Website Settings popup are trimmed
- Some plugins stopped working
- Fixed a known crash

Google Chrome 23.0.1271.95
- Incorrect file path handling
- Use-after-free in media source handling

Google Chrome 23.0.1271.91
- No audio from Flash content when speaker configuration is set to Quadraphonic
- Snap renderer crash on Windows Server 2003

Google Chrome 23.0.1271.64
- Defend against wild writes in buggy graphics drivers

Google Chrome 22.0.1229.94
- SVG use-after-free and IPC arbitrary file write

Google Chrome 22.0.1229.92
- Contains a number of stability fixes, including an issue with multiple profiles on Mac OS X 10.8.2
- Crash in Skia text rendering
- Race condition in audio device handling
- OOB read in ICU regex
- Out-of-bounds read in compositor
- Plug-in crash monitoring was missing for Pepper plug-ins

Google Chrome 22.0.1229.79
- Mouse Lock API availability for Javascript
- Additional Windows 8 enhancements
- Continued polish for users of HiDPI/Retina screens

Google Chrome 21.0.1180.89
- Several Pepper Flash fixes
- Microphone issues with tinychat.com
- devtools regression with "save as" of edited source
- mini ninjas shaders fails
- page randomly turns red/green gradient boxes

Google Chrome 21.0.1180.82
- Duplex Printing defaults to Yes, which prints extra pages even for a 1 page print out
- Print preview takes forever on Win XP
- Anti-DDoS inversion of logic
- Pepper Flash: in file uploads, treats HTTP status != 200 as failure, breaking (e.g.) uploads to Amazon S3
- Projectmanager.com application causes Flash to hang
- Turn off TLS 1.1 in Chrome 21 Stable
- Setting and unsetting display:none obliterates current scroll position

Google Chrome 21.0.1180.79
- Fixes a security issue with Adobe Flash

Google Chrome 20.0.1132.57
- This build contains an update to Flash player version 8 (3.10.8.20)
- Use-after-free in counter handling
- Use-after-free in layout height tracking
- Bad object access with JavaScript in PDF

Google Chrome 20.0.1132.47
- This release disables some of Chrome’s GPU acceleration features on Mac hardware containing the Intel HD 4000 graphics chip (e.g. the new Macbook Airs), in order to prevent a resource leak which is causing a kernel panic on that hardware. This is a temporary change while we work on fixing the root cause of the issue.

Google Chrome 20.0.1132.43
- Leak of iframe fragment id
- Use-after-free in table section handling
- Use-after-free in counter layout
- Crash in texture handling
- Out-of-bounds read in SVG filter handling
- Autofill display problem
- Misc. lower severity OOB read issues in PDF
- Use-after-free in SVG resource handling
- Use-after-free in SVG painting
- Out-of-bounds read in texture conversion
- Use-after-free in Mac UI
- Integer overflows in PDF
- Use-after-free in first-letter handling
- Wild pointer in array value setting
- Use-after-free in SVG reference handling
- Uninitialized pointer in PDF image codec
- Buffer overflow in PDF JS API
- Integer overflow in Matroska container
- Wild read in XSL handling

Google Chrome 19.0.1084.56



Join our mailing list

Stay up to date with latest software releases, news, software discounts, deals and more