Chrome for Android Update

 Hi, everyone! We've just released Chrome 150 (150.0.7871.63) for Android. It'll become available on Google Play over the next few days. 

This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.


Android releases contain the same security fixes as their corresponding Desktop releases (Windows & Mac: 150.0.7871.46/47, Linux: 150.0.7871.46) unless otherwise noted.

Krishna Govind

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 151 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 150.0.7871.46 (Linux) 150.0.7871.46/.47 Windows/Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 151.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 382 security fixes. Please see the Chrome Security Page for more information.
[N/A][506558270] Critical CVE-2026-13774: Use after free in Extensions. Reported by Google on 2026-04-26
[N/A][511766407] Critical CVE-2026-13775: Use after free in GPU. Reported by Google on 2026-05-10
[N/A][513012139] Critical CVE-2026-13776: Type Confusion in Dawn. Reported by Google on 2026-05-14
[N/A][513128566] Critical CVE-2026-13777: Insufficient validation of untrusted input in iOSWeb. Reported by Google on 2026-05-14
[N/A][513167952] Critical CVE-2026-13778: Use after free in WebUSB. Reported by Google on 2026-05-14
[N/A][513222854] Critical CVE-2026-13779: Use after free in Chromoting. Reported by Google on 2026-05-14
[N/A][514769383] Critical CVE-2026-13780: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-19
[N/A][516457532] Critical CVE-2026-13781: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-05-25
[N/A][516683433] Critical CVE-2026-13782: Use after free in Browser. Reported by Google on 2026-05-26
[N/A][516962178] Critical CVE-2026-13783: Use after free in Views. Reported by Google on 2026-05-27
[N/A][516962715] Critical CVE-2026-13784: Use after free in Views. Reported by Google on 2026-05-27
[N/A][517021684] Critical CVE-2026-13785: Use after free in Bluetooth. Reported by Google on 2026-05-27
[N/A][518007821] Critical CVE-2026-13786: Use after free in Ozone. Reported by Google on 2026-05-29
[N/A][522919313] Critical CVE-2026-13787: Use after free in Chromoting. Reported by Google on 2026-06-11
[N/A][523119897] Critical CVE-2026-13788: Use after free in Fullscreen. Reported by Google on 2026-06-12
[$36000][493847920] High CVE-2026-13789: Use after free in GPU. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-18
[$10000][457771782] High CVE-2026-13790: Side-channel information leakage in Scroll. Reported by Vsevolod Kokorin (Slonser) of Solidlab and Jorian Woltjer on 2025-11-04
[$10000][503850012] High CVE-2026-13791: Insufficient validation of untrusted input in Downloads. Reported by Ron Masas (Imperva) on 2026-04-17
[$4000][496012368] High CVE-2026-13792: Use after free in Touchbar. Reported by Weipeng Jiang (@Krace) of VRI on 2026-03-25
[$3000][510829679] High CVE-2026-13793: Insufficient policy enforcement in SVG. Reported by [email protected] on 2026-05-07
[$2500][513893425] High CVE-2026-13794: Insufficient validation of untrusted input in WebAppInstalls. Reported by Daniel Rodríguez on 2026-05-16
[$2000][476591032] High CVE-2026-13795: Insufficient policy enforcement in Chrome for iOS. Reported by maitai on 2026-01-17
[N/A][491894115] High CVE-2026-13796: Integer overflow in Chromecast. Reported by Google on 2026-03-11
[N/A][499025645] High CVE-2026-13797: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-02
[N/A][499048914] High CVE-2026-13798: Heap buffer overflow in Chromecast. Reported by Google on 2026-04-02
[N/A][499252371] High CVE-2026-13799: Use after free in QUIC. Reported by Google on 2026-04-03
[N/A][500108770] High CVE-2026-13800: Inappropriate implementation in Updater. Reported by Google on 2026-04-06
[N/A][500587568] High CVE-2026-13801: Integer overflow in Chromecast. Reported by Google on 2026-04-08
[N/A][501623322] High CVE-2026-13802: Use after free in Views. Reported by Google on 2026-04-11
[N/A][501669642] High CVE-2026-13803: Type Confusion in Chrome Tabs. Reported by Google on 2026-04-11
[N/A][501873032] High CVE-2026-13804: Use after free in Chromecast. Reported by Google on 2026-04-12
[N/A][502282040] High CVE-2026-13805: Use after free in GFX. Reported by Google on 2026-04-13
[N/A][503333798] High CVE-2026-13806: Insufficient validation of untrusted input in Accessibility. Reported by Google on 2026-04-16
[N/A][504194494] High CVE-2026-13807: Use after free in Import. Reported by Google on 2026-04-19
[N/A][504221510] High CVE-2026-13808: Insufficient data validation in Chrome for iOS. Reported by Google on 2026-04-19
[N/A][504222227] High CVE-2026-13809: Side-channel information leakage in Safe Browsing. eported by Google on 2026-04-19
[TBD][504600482] High CVE-2026-13810: Inappropriate implementation in Input. Reported by [email protected] on 2026-04-20
[N/A][506149253] High CVE-2026-13811: Use after free in IME. Reported by Google on 2026-04-24
[N/A][508293203] High CVE-2026-13812: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][508462149] High CVE-2026-13813: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-01
[N/A][511712766] High CVE-2026-13814: Use after free in Views. Reported by Google on 2026-05-10
[N/A][511722207] High CVE-2026-13815: Use after free in Blink. Reported by Google on 2026-05-10
[N/A][511735715] High CVE-2026-13816: Insufficient validation of untrusted input in File Input. Reported by Google on 2026-05-10
[N/A][511739631] High CVE-2026-13817: Insufficient validation of untrusted input in Glic. Reported by Google on 2026-05-10
[N/A][511823182] High CVE-2026-13818: Inappropriate implementation in Passwords. Reported by Google on 2026-05-10
[N/A][512962749] High CVE-2026-13819: Out of bounds read in ANGLE. Reported by Google on 2026-05-13
[N/A][512986879] High CVE-2026-13820: Out of bounds read in Skia. Reported by Google on 2026-05-13
[N/A][513142445] High CVE-2026-13821: Use after free in Canvas. Reported by Google on 2026-05-14
[N/A][513148038] High CVE-2026-13822: Inappropriate implementation in Extensions. Reported by Google on 2026-05-14
[N/A][513163011] High CVE-2026-13823: Use after free in Glic. Reported by Google on 2026-05-14
[N/A][513177497] High CVE-2026-13824: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-14
[N/A][513209610] High CVE-2026-13825: Uninitialized Use in Dawn. Reported by Google on 2026-05-14
[N/A][513237800] High CVE-2026-13826: Inappropriate implementation in Autofill. Reported by Google on 2026-05-14
[N/A][513371963] High CVE-2026-13827: Use after free in Updater. Reported by Google on 2026-05-15
[N/A][513399832] High CVE-2026-13828: Inappropriate implementation in Enterprise. Reported by Google on 2026-05-15
[N/A][513490996] High CVE-2026-13829: Insufficient validation of untrusted input in Settings. Reported by Google on 2026-05-15
[N/A][513727494] High CVE-2026-13830: Use after free in Chromoting. Reported by Google on 2026-05-16
[N/A][513781328] High CVE-2026-13831: Use after free in GPU. Reported by Google on 2026-05-16
[N/A][513822378] High CVE-2026-13832: Use after free in Headless. Reported by Google on 2026-05-16
[N/A][513920082] High CVE-2026-13833: Uninitialized Use in ANGLE. Reported by Google on 2026-05-17
[N/A][513925114] High CVE-2026-13834: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-17
[N/A][514338102] High CVE-2026-13835: Inappropriate implementation in XML. Reported by Google on 2026-05-18
[N/A][514420555] High CVE-2026-13836: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[N/A][514429130] High CVE-2026-13837: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[N/A][514445398] High CVE-2026-13838: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[N/A][514449396] High CVE-2026-13839: Inappropriate implementation in CSS. Reported by Google on 2026-05-18
[TBD][514609778] High CVE-2026-13840: Insufficient policy enforcement in Canvas. Reported by Binglin Song on 2026-05-19
[N/A][515467789] High CVE-2026-13841: Integer overflow in Skia. Reported by Google on 2026-05-21
[TBD][516836297] High CVE-2026-13842: Incorrect security UI in Chrome for iOS. Reported by Azza Tegar Naufal Ataullah on 2026-05-26
[N/A][516869032] High CVE-2026-13843: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-26
[N/A][516926115] High CVE-2026-13844: Use after free in Updater. Reported by Google on 2026-05-27
[N/A][516936863] High CVE-2026-13845: Use after free in DOM. Reported by Google on 2026-05-27
[N/A][516999424] High CVE-2026-13846: Use after free in USB. Reported by Google on 2026-05-27
[N/A][517073397] High CVE-2026-13847: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-27
[N/A][517345069] High CVE-2026-13848: Use after free in Forms. Reported by Google on 2026-05-28
[N/A][517351411] High CVE-2026-13849: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-05-28
[N/A][517610676] High CVE-2026-13850: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-28
[N/A][519692255] High CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-06-03
[N/A][522560124] High CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-06-11
[N/A][523224019] High CVE-2026-13853: Use after free in Journeys. Reported by Google on 2026-06-12
[N/A][523690961] High CVE-2026-13854: Use after free in Ozone. Reported by Google on 2026-06-13
[N/A][524395469] High CVE-2026-13855: Use after free in Ozone. Reported by Google on 2026-06-16
[$8000][508092634] Medium CVE-2026-13856: Insufficient validation of untrusted input in Speech. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-30
[$5000][479203484] Medium CVE-2026-13857: Inappropriate implementation in Geometry. Reported by Luan Herrera (@lbherrera_) on 2026-01-27
[$3000][507090179] Medium CVE-2026-13858: Out of bounds read in FFmpeg. Reported by Wongi Lee (@_qwerty_po) of Theori with Xint Code, Jungwoo Lee (@physicube) on 2026-04-27
[$2000][484756087] Medium CVE-2026-13859: Inappropriate implementation in ANGLE. Reported by Jason Villaluna on 2026-02-15
[$1000][417052041] Medium CVE-2026-13860: Incorrect security UI in Autofill. Reported by Khalil Zhani on 2025-05-12
[N/A][495456765] Medium CVE-2026-13861: Use after free in Core. Reported by Google on 2026-03-23
[N/A][495897416] Medium CVE-2026-13862: Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys). Reported by Google on 2026-03-24
[N/A][496012495] Medium CVE-2026-13863: Insufficient validation of untrusted input in CustomTabs. Reported by Google on 2026-03-25
[N/A][496399913] Medium CVE-2026-13864: Insufficient policy enforcement in WebHID. Reported by Google on 2026-03-26
[N/A][497090912] Medium CVE-2026-13865: Insufficient validation of untrusted input in Enterprise. Reported by Google on 2026-03-28
[N/A][497207698] Medium CVE-2026-13866: Insufficient validation of untrusted input in Input. Reported by Google on 2026-03-28
[N/A][497345177] Medium CVE-2026-13867: Inappropriate implementation in Geolocation. Reported by Google on 2026-03-29
[N/A][497453475] Medium CVE-2026-13868: Inappropriate implementation in Network. Reported by Google on 2026-03-29
[N/A][497610642] Medium CVE-2026-13869: Use after free in Device. Reported by Google on 2026-03-30
[N/A][497634837] Medium CVE-2026-13870: Use after free in WebView. Reported by Google on 2026-03-30
[N/A][497961376] Medium CVE-2026-13871: Insufficient data validation in GuestView. Reported by Google on 2026-03-30
[N/A][497977983] Medium CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-31
[N/A][498085466] Medium CVE-2026-13873: Out of bounds memory access in Layout. Reported by Google on 2026-03-31
[N/A][498411773] Medium CVE-2026-13874: Inappropriate implementation in DataTransfer. Reported by Google on 2026-04-01
[N/A][498721671] Medium CVE-2026-13875: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-01
[N/A][498722200] Medium CVE-2026-13876: Inappropriate implementation in Network. Reported by Google on 2026-04-01
[N/A][498820206] Medium CVE-2026-13877: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-02
[N/A][499007266] Medium CVE-2026-13878: Use after free in Bluetooth. Reported by Google on 2026-04-02
[N/A][499022239] Medium CVE-2026-13879: Use after free in Bluetooth. Reported by Google on 2026-04-02
[N/A][499025880] Medium CVE-2026-13880: Use after free in USB. Reported by Google on 2026-04-02
[N/A][499100491] Medium CVE-2026-13881: Insufficient data validation in WebAppInstalls. Reported by Google on 2026-04-03
[N/A][499162550] Medium CVE-2026-13882: Inappropriate implementation in USB. Reported by Google on 2026-04-03
[N/A][500030250] Medium CVE-2026-13883: Type Confusion in ANGLE. Reported by Google on 2026-04-06
[N/A][500077014] Medium CVE-2026-13884: Heap buffer overflow in Chromecast. Reported by Google on 2026-04-06
[N/A][500474409] Medium CVE-2026-13885: Use after free in Skia. Reported by Google on 2026-04-07
[N/A][500475136] Medium CVE-2026-13886: Policy bypass in Isolated Web Apps. Reported by Google on 2026-04-07
[N/A][500508524] Medium CVE-2026-13887: Insufficient policy enforcement in NFC. Reported by Google on 2026-04-08
[N/A][500566906] Medium CVE-2026-13888: Use after free in Extensions. Reported by Google on 2026-04-08
[N/A][500588580] Medium CVE-2026-13889: Insufficient validation of untrusted input in WebAuthentication. Reported by Google on 2026-04-08
[N/A][500601345] Medium CVE-2026-13890: Out of bounds read in Chromecast. Reported by Google on 2026-04-08
[N/A][501631475] Medium CVE-2026-13891: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-04-11
[N/A][501674841] Medium CVE-2026-13892: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-11
[N/A][501729582] Medium CVE-2026-13893: Insufficient validation of untrusted input in WebUI. Reported by Google on 2026-04-11
[N/A][501741117] Medium CVE-2026-13894: Insufficient policy enforcement in Network. Reported by Google on 2026-04-11
[N/A][501770542] Medium CVE-2026-13895: Inappropriate implementation in Autofill. Reported by Google on 2026-04-12
[N/A][501820076] Medium CVE-2026-13896: Insufficient policy enforcement in Glic. Reported by Google on 2026-04-12
[N/A][501877896] Medium CVE-2026-13897: Insufficient policy enforcement in Chromecast. Reported by Google on 2026-04-12
[N/A][501925480] Medium CVE-2026-13898: Use after free in Cast Receiver. Reported by Google on 2026-04-12
[N/A][502109002] Medium CVE-2026-13899: Use after free in HTML. Reported by Google on 2026-04-13
[N/A][502374993] Medium CVE-2026-13900: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-14
[N/A][503585173] Medium CVE-2026-13901: Insufficient validation of untrusted input in Serial. Reported by Google on 2026-04-17
[N/A][503725717] Medium CVE-2026-13902: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-17
[N/A][503912196] Medium CVE-2026-13903: Insufficient policy enforcement in Bluetooth. Reported by Google on 2026-04-18
[N/A][504185807] Medium CVE-2026-13904: Incorrect security UI in Safe Browsing. Reported by Google on 2026-04-19
[N/A][504192688] Medium CVE-2026-13905: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-04-19
[N/A][504613867] Medium CVE-2026-13906: Out of bounds read in Codecs. Reported by Google on 2026-04-20
[N/A][505156685] Medium CVE-2026-13907: Inappropriate implementation in iOSWeb. Reported by Google on 2026-04-22
[N/A][505242189] Medium CVE-2026-13908: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-04-22
[N/A][505933538] Medium CVE-2026-13909: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-24
[N/A][507231605] Medium CVE-2026-13910: Insufficient policy enforcement in WebXR. Reported by Google on 2026-04-28
[N/A][507239830] Medium CVE-2026-13911: Insufficient data validation in Spellcheck. Reported by Google on 2026-04-28
[N/A][508259433] Medium CVE-2026-13912: Incorrect security UI in Safe Browsing. Reported by Google on 2026-04-30
[N/A][508260619] Medium CVE-2026-13913: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-30
[N/A][508273690] Medium CVE-2026-13914: Inappropriate implementation in Passwords. Reported by Google on 2026-04-30
[N/A][508275293] Medium CVE-2026-13915: Use after free in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][508283108] Medium CVE-2026-13916: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][508286935] Medium CVE-2026-13917: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-30
[N/A][509712284] Medium CVE-2026-13918: Use after free in Chrome for iOS. Reported by Google on 2026-05-05
[N/A][511249430] Medium CVE-2026-13919: Insufficient data validation in Extensions. Reported by Google on 2026-05-08
[N/A][511722559] Medium CVE-2026-13920: Insufficient validation of untrusted input in Media. Reported by Google on 2026-05-10
[N/A][511738175] Medium CVE-2026-13921: Insufficient validation of untrusted input in DeviceBoundSessionCredentials. Reported by Google on 2026-05-10
[N/A][511748106] Medium CVE-2026-13922: Side-channel information leakage in Paint. Reported by Google on 2026-05-10
[N/A][511772034] Medium CVE-2026-13923: Uninitialized Use in GPU. Reported by Google on 2026-05-10
[N/A][511784747] Medium CVE-2026-13924: Insufficient validation of untrusted input in WebView. Reported by Google on 2026-05-10
[N/A][511802911] Medium CVE-2026-13925: Inappropriate implementation in Downloads. Reported by Google on 2026-05-10
[N/A][511814550] Medium CVE-2026-13926: Insufficient validation of untrusted input in Network. Reported by Google on 2026-05-10
[N/A][511826446] Medium CVE-2026-13927: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-10
[N/A][512162479] Medium CVE-2026-13928: Insufficient validation of untrusted input in Enterprise. Reported by Google on 2026-05-11
[TBD][512249559] Medium CVE-2026-13929: Insufficient validation of untrusted input in DevTools. Reported by LegioSec on 2026-05-12
[N/A][512937764] Medium CVE-2026-13930: Insufficient policy enforcement in Actor. Reported by Google on 2026-05-13
[N/A][512997441] Medium CVE-2026-13931: Inappropriate implementation in Media. Reported by Google on 2026-05-13
[N/A][513001690] Medium CVE-2026-13932: Inappropriate implementation in Sharing. Reported by Google on 2026-05-14
[N/A][513002625] Medium CVE-2026-13933: Insufficient policy enforcement in Passwords. Reported by Google on 2026-05-14
[N/A][513006636] Medium CVE-2026-13934: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-14
[N/A][513009005] Medium CVE-2026-13935: Side-channel information leakage in ComputePressure. Reported by Google on 2026-05-14
[N/A][513044658] Medium CVE-2026-13936: Inappropriate implementation in Passwords. Reported by Google on 2026-05-14
[N/A][513046494] Medium CVE-2026-13937: Insufficient policy enforcement in Passwords. Reported by Google on 2026-05-14
[N/A][513143921] Medium CVE-2026-13938: Integer overflow in Fonts. Reported by Google on 2026-05-14
[N/A][513149760] Medium CVE-2026-13939: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-05-14
[N/A][513158425] Medium CVE-2026-13940: Uninitialized Use in Cast. Reported by Google on 2026-05-14
[N/A][513183855] Medium CVE-2026-13941: Inappropriate implementation in SiteSettings. Reported by Google on 2026-05-14
[N/A][513186670] Medium CVE-2026-13942: Insufficient validation of untrusted input in Video Capture. Reported by Google on 2026-05-14
[N/A][513204116] Medium CVE-2026-13943: Uninitialized Use in CSS. Reported by Google on 2026-05-14
[N/A][513224212] Medium CVE-2026-13944: Inappropriate implementation in DataTransfer. Reported by Google on 2026-05-14
[N/A][513226551] Medium CVE-2026-13945: Insufficient policy enforcement in Extensions. Reported by Google on 2026-05-14
[N/A][513274039] Medium CVE-2026-13946: Inappropriate implementation in ScriptInjections. Reported by Google on 2026-05-14
[N/A][513280648] Medium CVE-2026-13947: Uninitialized Use in XR. Reported by Google on 2026-05-14
[N/A][513286820] Medium CVE-2026-13948: Insufficient policy enforcement in Extensions. Reported by Google on 2026-05-14
[N/A][513311569] Medium CVE-2026-13949: Insufficient policy enforcement in Payments. Reported by Google on 2026-05-14
[N/A][513360781] Medium CVE-2026-13950: Uninitialized Use in GPU. Reported by Google on 2026-05-15
[N/A][513394321] Medium CVE-2026-13951: Policy bypass in USB. Reported by Google on 2026-05-15
[N/A][513401808] Medium CVE-2026-13952: Inappropriate implementation in PerformanceAPIs. Reported by Google on 2026-05-15
[N/A][513459192] Medium CVE-2026-13953: Inappropriate implementation in SplitView. Reported by Google on 2026-05-15
[N/A][513504934] Medium CVE-2026-13954: Insufficient policy enforcement in XML. Reported by Google on 2026-05-15
[N/A][513508305] Medium CVE-2026-13955: Insufficient validation of untrusted input in CustomTabs. Reported by Google on 2026-05-15
[N/A][513515168] Medium CVE-2026-13956: Incorrect security UI in PageInfo. Reported by Google on 2026-05-15
[N/A][513553557] Medium CVE-2026-13957: Incorrect security UI in Extensions. Reported by Google on 2026-05-15
[N/A][513567306] Medium CVE-2026-13958: Uninitialized Use in Codecs. Reported by Google on 2026-05-15
[N/A][513609249] Medium CVE-2026-13959: Insufficient validation of untrusted input in Blink. Reported by Google on 2026-05-15
[N/A][513714023] Medium CVE-2026-13960: Inappropriate implementation in Passwords. Reported by Google on 2026-05-16
[N/A][513719481] Medium CVE-2026-13961: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16
[N/A][513721370] Medium CVE-2026-13962: Insufficient data validation in PDF. Reported by Google on 2026-05-16
[N/A][513727626] Medium CVE-2026-13963: Inappropriate implementation in DevTools. Reported by Google on 2026-05-16
[N/A][513735096] Medium CVE-2026-13964: Insufficient policy enforcement in WebView. Reported by Google on 2026-05-16
[N/A][513737952] Medium CVE-2026-13965: Use after free in Oilpan. Reported by Google on 2026-05-16
[N/A][513741393] Medium CVE-2026-13966: Inappropriate implementation in History. Reported by Google on 2026-05-16
[N/A][513751951] Medium CVE-2026-13967: Type Confusion in V8. Reported by Google on 2026-05-16
[N/A][513762145] Medium CVE-2026-13968: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16
[N/A][513762962] Medium CVE-2026-13969: Uninitialized Use in UI. Reported by Google on 2026-05-16
[N/A][513779283] Medium CVE-2026-13970: Uninitialized Use in Media. Reported by Google on 2026-05-16
[N/A][513780208] Medium CVE-2026-13971: Uninitialized Use in Skia. Reported by Google on 2026-05-16
[N/A][513792140] Medium CVE-2026-13972: Inappropriate implementation in Paint. Reported by Google on 2026-05-16
[N/A][513832989] Medium CVE-2026-13973: Inappropriate implementation in UI. Reported by Google on 2026-05-16
[N/A][513850475] Medium CVE-2026-13974: Integer overflow in Safe Browsing. Reported by Google on 2026-05-16
[N/A][513857658] Medium CVE-2026-13975: Out of bounds read in ANGLE. Reported by Google on 2026-05-16
[N/A][513858286] Medium CVE-2026-13976: Heap buffer overflow in Storage. Reported by Google on 2026-05-16
[N/A][513859894] Medium CVE-2026-13977: Inappropriate implementation in HTMLParser. Reported by Google on 2026-05-16
[N/A][513866949] Medium CVE-2026-13978: Insufficient policy enforcement in PageInfo. Reported by Google on 2026-05-16
[N/A][513988889] Medium CVE-2026-13979: Inappropriate implementation in Paint. Reported by Google on 2026-05-17
[N/A][513989973] Medium CVE-2026-13980: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][513990408] Medium CVE-2026-13981: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][514006829] Medium CVE-2026-13982: Incorrect security UI in Passwords. Reported by Google on 2026-05-17
[N/A][514009910] Medium CVE-2026-13983: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][514010404] Medium CVE-2026-13984: Incorrect security UI in TabStrip. Reported by Google on 2026-05-17
[N/A][514013849] Medium CVE-2026-13985: Inappropriate implementation in MediaCapture. Reported by Google on 2026-05-17
[N/A][514020959] Medium CVE-2026-13986: Inappropriate implementation in Media UI. Reported by Google on 2026-05-17
[N/A][514039122] Medium CVE-2026-13987: Incorrect security UI in Mobile. Reported by Google on 2026-05-17
[N/A][514040614] Medium CVE-2026-13988: Inappropriate implementation in Paint. Reported by Google on 2026-05-17
[N/A][514056221] Medium CVE-2026-13989: Insufficient policy enforcement in PageInfo. Reported by Google on 2026-05-17
[N/A][514058439] Medium CVE-2026-13990: Insufficient validation of untrusted input in DataTransfer. Reported by Google on 2026-05-17
[N/A][514061117] Medium CVE-2026-13991: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][514063409] Medium CVE-2026-13992: Inappropriate implementation in UI. Reported by Google on 2026-05-17
[N/A][514064139] Medium CVE-2026-13993: Incorrect security UI in WebAppInstalls. Reported by Google on 2026-05-17
[N/A][514067416] Medium CVE-2026-13994: Inappropriate implementation in Credential Management. Reported by Google on 2026-05-17
[N/A][514067524] Medium CVE-2026-13995: Insufficient validation of untrusted input in Autofill. Reported by Google on 2026-05-17
[N/A][514068972] Medium CVE-2026-13996: Incorrect security UI in Permissions. Reported by Google on 2026-05-17
[N/A][514069689] Medium CVE-2026-13997: Incorrect security UI in Extensions. Reported by Google on 2026-05-17
[N/A][514070501] Medium CVE-2026-13998: Incorrect security UI in File Input. Reported by Google on 2026-05-17
[N/A][514071697] Medium CVE-2026-13999: Inappropriate implementation in Extensions. Reported by Google on 2026-05-17
[N/A][514461552] Medium CVE-2026-14000: Inappropriate implementation in XML. Reported by Google on 2026-05-19
[N/A][514481943] Medium CVE-2026-14001: Inappropriate implementation in Network. Reported by Google on 2026-05-19
[N/A][514489361] Medium CVE-2026-14002: Inappropriate implementation in Geolocation. Reported by Google on 2026-05-19
[N/A][514503077] Medium CVE-2026-14003: Insufficient policy enforcement in Extensions. Reported by Google on 2026-05-19
[N/A][514538751] Medium CVE-2026-14004: Inappropriate implementation in CSS. Reported by Google on 2026-05-19
[N/A][514740273] Medium CVE-2026-14005: Use after free in Omnibox. Reported by Google on 2026-05-19
[N/A][515423596] Medium CVE-2026-14006: Use after free in Navigation. Reported by Google on 2026-05-21
[N/A][516425999] Medium CVE-2026-14007: Insufficient policy enforcement in PermissionsPolicy. Reported by Google on 2026-05-25
[N/A][516781007] Medium CVE-2026-14008: Uninitialized Use in WebXR. Reported by Google on 2026-05-26
[N/A][516819850] Medium CVE-2026-14009: Insufficient data validation in Passwords. Reported by Google on 2026-05-26
[N/A][516924151] Medium CVE-2026-14010: Uninitialized Use in Codecs. Reported by Google on 2026-05-27
[N/A][516944556] Medium CVE-2026-14011: Out of bounds read in SurfaceCapture. Reported by Google on 2026-05-27
[N/A][517110749] Medium CVE-2026-14012: Side-channel information leakage in CSS. Reported by Google on 2026-05-27
[N/A][517114175] Medium CVE-2026-14013: Inappropriate implementation in SVG. Reported by Google on 2026-05-27
[N/A][517155893] Medium CVE-2026-14014: Inappropriate implementation in Paint. Reported by Google on 2026-05-27
[N/A][517207235] Medium CVE-2026-14015: Inappropriate implementation in WebRTC. Reported by Google on 2026-05-27
[N/A][517234388] Medium CVE-2026-14016: Insufficient policy enforcement in SVG. Reported by Google on 2026-05-27
[N/A][517241992] Medium CVE-2026-14017: Inappropriate implementation in Navigation. Reported by Google on 2026-05-27
[N/A][517350251] Medium CVE-2026-14018: Use after free in Updater. Reported by Google on 2026-05-28
[N/A][517455455] Medium CVE-2026-14019: Inappropriate implementation in Passwords. Reported by Google on 2026-05-28
[N/A][517598518] Medium CVE-2026-14020: Insufficient validation of untrusted input in WebXR. Reported by Google on 2026-05-28
[N/A][517731924] Medium CVE-2026-14021: Insufficient validation of untrusted input in StorageAccessAPI. Reported by Google on 2026-05-29
[N/A][517791835] Medium CVE-2026-14022: Insufficient validation of untrusted input in Network. Reported by Google on 2026-05-29
[N/A][518063436] Medium CVE-2026-14023: Insufficient validation of untrusted input in SanitizerAPI. Reported by Google on 2026-05-30
[N/A][518245882] Medium CVE-2026-14024: Use after free in Ozone. Reported by Google on 2026-05-30
[$2000][506482786] Low CVE-2026-14025: Use after free in Views. Reported by asjidkalam on 2026-04-26
[$1000][507263861] Low CVE-2026-14026: Incorrect security UI in SplitView. Reported by [email protected] on 2026-04-28
[TBD][361375787] Low CVE-2026-14027: Use after free in SignIn. Reported by Sven Dysthe (@svn-dys) on 2024-08-21
[TBD][401816601] Low CVE-2026-14028: Incorrect security UI in Chrome for iOS. Reported by Ameen Basha M K on 2025-03-09
[TBD][488762971] Low CVE-2026-14030: Incorrect security UI in SplitView. Reported by Khalil Zhani on 2026-03-01
[N/A][495459838] Low CVE-2026-14031: Incorrect security UI in File Input. Reported by Google on 2026-03-23
[N/A][495783474] Low CVE-2026-14032: Use after free in Bluetooth. Reported by Google on 2026-03-24
[N/A][495848160] Low CVE-2026-14033: Insufficient policy enforcement in Media. Reported by Google on 2026-03-24
[N/A][496368832] Low CVE-2026-14034: Inappropriate implementation in WebXR. Reported by Google on 2026-03-26
[N/A][496371586] Low CVE-2026-14035: Insufficient policy enforcement in Bluetooth. Reported by Google on 2026-03-26
[N/A][496411061] Low CVE-2026-14036: Insufficient policy enforcement in Bluetooth. Reported by Google on 2026-03-26
[N/A][496522611] Low CVE-2026-14037: Insufficient policy enforcement in GPU. Reported by Google on 2026-03-26
[N/A][497241148] Low CVE-2026-14038: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-03-28
[N/A][497358012] Low CVE-2026-14039: Insufficient policy enforcement in GetUserMedia. Reported by Google on 2026-03-29
[N/A][497488593] Low CVE-2026-14040: Use after free in BrowserTag. Reported by Google on 2026-03-29
[N/A][497544822] Low CVE-2026-14041: Insufficient policy enforcement in Serial. Reported by Google on 2026-03-29
[N/A][497558336] Low CVE-2026-14042: Inappropriate implementation in Isolated Web Apps. Reported by Google on 2026-03-29
[N/A][497632232] Low CVE-2026-14043: Use after free in GetUserMedia. Reported by Google on 2026-03-30
[N/A][497670996] Low CVE-2026-14044: Use after free in ANGLE. Reported by Google on 2026-03-30
[N/A][497723649] Low CVE-2026-14045: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-30
[N/A][497959724] Low CVE-2026-14046: Inappropriate implementation in CustomTabs. Reported by Google on 2026-03-30
[N/A][498864176] Low CVE-2026-14047: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-02
[N/A][499189601] Low CVE-2026-14048: Use after free in Chromecast. Reported by Google on 2026-04-03
[N/A][501659888] Low CVE-2026-14049: Inappropriate implementation in GPU. Reported by Google on 2026-04-11
[N/A][501708647] Low CVE-2026-14050: Insufficient policy enforcement in Passwords. Reported by Google on 2026-04-11
[N/A][501747804] Low CVE-2026-14051: Uninitialized Use in GamepadAPI. Reported by Google on 2026-04-11
[N/A][501810874] Low CVE-2026-14052: Insufficient policy enforcement in FileSystem. Reported by Google on 2026-04-12
[N/A][501836539] Low CVE-2026-14053: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-12
[N/A][501851312] Low CVE-2026-14054: Insufficient policy enforcement in Network. Reported by Google on 2026-04-12
[N/A][501857663] Low CVE-2026-14055: Insufficient validation of untrusted input in Device Trust. Reported by Google on 2026-04-12
[N/A][501888426] Low CVE-2026-14056: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-12
[N/A][502212647] Low CVE-2026-14057: Insufficient policy enforcement in FedCM. Reported by Google on 2026-04-13
[N/A][502354038] Low CVE-2026-14058: Policy bypass in Parser. Reported by Google on 2026-04-14
[N/A][502363986] Low CVE-2026-14059: Insufficient policy enforcement in Related-Website-Sets. Reported by Google on 2026-04-14
[N/A][502372527] Low CVE-2026-14060: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-14
[N/A][502434484] Low CVE-2026-14061: Inappropriate implementation in Dawn. Reported by Google on 2026-04-14
[N/A][502448128] Low CVE-2026-14062: Inappropriate implementation in Views. Reported by Google on 2026-04-14
[N/A][502473563] Low CVE-2026-14063: Out of bounds memory access in Chromecast. Reported by Google on 2026-04-14
[N/A][502714977] Low CVE-2026-14064: Use after free in PageInfo. Reported by Google on 2026-04-15
[N/A][503617508] Low CVE-2026-14065: Insufficient validation of untrusted input in PageInfo. Reported by Google on 2026-04-17
[N/A][503779807] Low CVE-2026-14066: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-17
[N/A][504069465] Low CVE-2026-14067: Use after free in Chrome for iOS. Reported by Google on 2026-04-18
[N/A][504210171] Low CVE-2026-14068: Inappropriate implementation in Omnibox. Reported by Google on 2026-04-19
[N/A][505136542] Low CVE-2026-14069: Integer overflow in WebNN. Reported by Google on 2026-04-21
[N/A][505137978] Low CVE-2026-14070: Uninitialized Use in WebNN. Reported by Google on 2026-04-21
[N/A][506143724] Low CVE-2026-14071: Side-channel information leakage in WebAudio. Reported by Google on 2026-04-24
[N/A][507099867] Low CVE-2026-14072: Incorrect security UI in SplitView. Reported by FARISSAL B on 2026-04-28
[N/A][507237563] Low CVE-2026-14073: Insufficient policy enforcement in WebXR. Reported by Google on 2026-04-28
[N/A][511743480] Low CVE-2026-14074: Side-channel information leakage in WebAuthentication. Reported by Google on 2026-05-10
[N/A][511808800] Low CVE-2026-14075: Policy bypass in Chrome for iOS. Reported by Google on 2026-05-10
[N/A][511815165] Low CVE-2026-14076: Policy bypass in Network. Reported by Google on 2026-05-10
[TBD][511869411] Low CVE-2026-14077: Incorrect security UI in Select. Reported by pwn.ai on 2026-05-11
[N/A][512953564] Low CVE-2026-14078: Policy bypass in WebRTC. Reported by Google on 2026-05-13
[N/A][512971938] Low CVE-2026-14079: Policy bypass in Network. Reported by Google on 2026-05-13
[N/A][512997517] Low CVE-2026-14080: Insufficient validation of untrusted input in TabSwitcher. Reported by Google on 2026-05-13
[N/A][513030698] Low CVE-2026-14081: Insufficient policy enforcement in DevTools. Reported by Google on 2026-05-14
[N/A][513049578] Low CVE-2026-14082: Race in Storage. Reported by Google on 2026-05-14
[N/A][513128322] Low CVE-2026-14083: Insufficient validation of untrusted input in HTML. Reported by Google on 2026-05-14
[N/A][513138148] Low CVE-2026-14084: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-05-14
[N/A][513155863] Low CVE-2026-14085: Side-channel information leakage in CSS. Reported by Google on 2026-05-14
[N/A][513169718] Low CVE-2026-14086: Insufficient policy enforcement in HID. Reported by Google on 2026-05-14
[N/A][513177237] Low CVE-2026-14087: Insufficient validation of untrusted input in WebNN. Reported by Google on 2026-05-14
[N/A][513178869] Low CVE-2026-14088: Uninitialized Use in Canvas. Reported by Google on 2026-05-14
[N/A][513188254] Low CVE-2026-14089: Insufficient validation of untrusted input in PopupBlocker. Reported by Google on 2026-05-14
[N/A][513194241] Low CVE-2026-14090: Out of bounds read in CameraCapture. Reported by Google on 2026-05-14
[N/A][513208773] Low CVE-2026-14091: Use after free in DevTools. Reported by Google on 2026-05-14
[N/A][513212892] Low CVE-2026-14092: Insufficient policy enforcement in Privacy. Reported by Google on 2026-05-14
[N/A][513240099] Low CVE-2026-14093: Use after free in Cast. Reported by Google on 2026-05-14
[N/A][513264273] Low CVE-2026-14094: Use after free in Installer. Reported by Google on 2026-05-14
[N/A][513271007] Low CVE-2026-14095: Insufficient validation of untrusted input in Browser. Reported by Google on 2026-05-14
[N/A][513310821] Low CVE-2026-14096: Object lifecycle issue in Input. Reported by Google on 2026-05-14
[N/A][513333529] Low CVE-2026-14097: Inappropriate implementation in WebAppInstalls. Reported by Google on 2026-05-14
[N/A][513375767] Low CVE-2026-14098: Inappropriate implementation in CSS. Reported by Google on 2026-05-15
[N/A][513382161] Low CVE-2026-14099: Use after free in Chrome for iOS. Reported by Google on 2026-05-15
[N/A][513383891] Low CVE-2026-14100: Insufficient data validation in NetworkCache. Reported by Google on 2026-05-15
[N/A][513454805] Low CVE-2026-14101: Insufficient policy enforcement in Sandbox. Reported by Google on 2026-05-15
[N/A][513455047] Low CVE-2026-14102: Use after free in Passwords. Reported by Google on 2026-05-15
[N/A][513465245] Low CVE-2026-14103: Use after free in SSL. Reported by Google on 2026-05-15
[N/A][513484193] Low CVE-2026-14104: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-15
[N/A][513528117] Low CVE-2026-14105: Insufficient policy enforcement in Speech. Reported by Google on 2026-05-15
[N/A][513532778] Low CVE-2026-14106: Insufficient validation of untrusted input in Text. Reported by Google on 2026-05-15
[N/A][513544566] Low CVE-2026-14107: Use after free in Scheduling. Reported by Google on 2026-05-15
[N/A][513689974] Low CVE-2026-14108: Use after free in PDFium. Reported by Google on 2026-05-15
[N/A][513694957] Low CVE-2026-14109: Insufficient policy enforcement in Mojo. Reported by Google on 2026-05-16
[N/A][513698452] Low CVE-2026-14110: Inappropriate implementation in DarkMode. Reported by Google on 2026-05-16
[N/A][513710926] Low CVE-2026-14111: Use after free in WebProtect. Reported by Google on 2026-05-16
[N/A][513713946] Low CVE-2026-14112: Inappropriate implementation in Enterprise. Reported by Google on 2026-05-16
[N/A][513737335] Low CVE-2026-14113: Use after free in Updater. Reported by Google on 2026-05-16
[N/A][513743129] Low CVE-2026-14114: Inappropriate implementation in WebAppInstalls. Reported by Google on 2026-05-16
[N/A][513745699] Low CVE-2026-14115: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-05-16
[N/A][513747800] Low CVE-2026-14116: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16
[N/A][513751020] Low CVE-2026-14117: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16
[N/A][513772764] Low CVE-2026-14118: Insufficient data validation in DevTools. Reported by Google on 2026-05-16
[N/A][513775483] Low CVE-2026-14119: Type Confusion in Bluetooth. Reported by Google on 2026-05-16
[N/A][513777411] Low CVE-2026-14120: Inappropriate implementation in DevTools. Reported by Google on 2026-05-16
[N/A][513789382] Low CVE-2026-14121: Use after free in Chromoting. Reported by Google on 2026-05-16
[N/A][513824891] Low CVE-2026-14122: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-16
[N/A][513856644] Low CVE-2026-14123: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-05-16
[N/A][513867710] Low CVE-2026-14124: Inappropriate implementation in CredentialProvider. Reported by Google on 2026-05-16
[N/A][513918431] Low CVE-2026-14125: Uninitialized Use in ANGLE. Reported by Google on 2026-05-17
[N/A][513992796] Low CVE-2026-14126: Incorrect security UI in UI. Reported by Google on 2026-05-17
[N/A][514009654] Low CVE-2026-14127: Inappropriate implementation in Printing. Reported by Google on 2026-05-17
[N/A][514015836] Low CVE-2026-14128: Insufficient data validation in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][514018024] Low CVE-2026-14129: Incorrect security UI in PreviewTab. Reported by Google on 2026-05-17
[N/A][514019522] Low CVE-2026-14130: Incorrect security UI in Omnibox. Reported by Google on 2026-05-17
[N/A][514020982] Low CVE-2026-14131: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-17
[N/A][514039492] Low CVE-2026-14132: Inappropriate implementation in WebXR. Reported by Google on 2026-05-17
[N/A][514039947] Low CVE-2026-14133: Race in History Embeddings. Reported by Google on 2026-05-17
[N/A][514055973] Low CVE-2026-14134: Inappropriate implementation in Autofill. Reported by Google on 2026-05-17
[N/A][514058566] Low CVE-2026-14135: Insufficient validation of untrusted input in Network. Reported by Google on 2026-05-17
[N/A][514068611] Low CVE-2026-14136: Incorrect security UI in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][514070067] Low CVE-2026-14137: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-05-17
[N/A][514071775] Low CVE-2026-14138: Inappropriate implementation in WebAppInstalls. Reported by Google on 2026-05-17
[N/A][514072495] Low CVE-2026-14139: Inappropriate implementation in TabStrip. Reported by Google on 2026-05-17
[N/A][514072607] Low CVE-2026-14140: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-17
[N/A][514072867] Low CVE-2026-14141: Incorrect security UI in Document Picture-in-Picture. Reported by Google on 2026-05-17
[N/A][514073460] Low CVE-2026-14142: Inappropriate implementation in Extensions. Reported by Google on 2026-05-17
[N/A][514075028] Low CVE-2026-14143: Incorrect security UI in Passwords. Reported by Google on 2026-05-17
[N/A][514079793] Low CVE-2026-14144: Incorrect security UI in Views. Reported by Google on 2026-05-17
[N/A][514485825] Low CVE-2026-14145: Inappropriate implementation in CSS. Reported by Google on 2026-05-19
[N/A][514550047] Low CVE-2026-14146: Inappropriate implementation in CSS. Reported by Google on 2026-05-19
[N/A][514632767] Low CVE-2026-14147: Inappropriate implementation in CSS. Reported by Google on 2026-05-19
[N/A][515426873] Low CVE-2026-14148: Type Confusion in CSS. Reported by Google on 2026-05-21
[N/A][515427046] Low CVE-2026-14149: Use after free in Audio. Reported by Google on 2026-05-21
[N/A][517376041] Low CVE-2026-14150: Insufficient validation of untrusted input in Speech. Reported by Google on 2026-05-28
[N/A][517381770] Low CVE-2026-14151: Inappropriate implementation in AI. Reported by Google on 2026-05-28
[N/A][517534944] Low CVE-2026-14152: Out of bounds write in ANGLE. Reported by Google on 2026-05-28
[N/A][517684077] Low CVE-2026-14153: Inappropriate implementation in Glic. Reported by Google on 2026-05-29
[N/A][517741170] Low CVE-2026-14154: Inappropriate implementation in DevTools. Reported by Google on 2026-05-29
[N/A][518246925] Low CVE-2026-14155: Insufficient policy enforcement in StorageAccessAPI. Reported by Google on 2026-05-30
[N/A][518247789] Low CVE-2026-14156: Policy bypass in StorageAccessAPI. Reported by Google on 2026-05-30

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.


Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Daniel Yip

Google Chrome

Build reliable multi-agent applications with ADK Go 2.0. Discover our new graph-based workflow engine, built-in human-in-the-loop, and dynamic orchestration

The Agent Development Kit (ADK) for Go 2.0 has been released, introducing a first-class, graph-based workflow engine to help developers compose complex, multi-agent applications. This update adds built-in primitives for human-in-the-loop (HITL) orchestration, dynamic execution using plain Go code, and automated resilience features like exponential backoff retries. By unifying the execution model, both single-agent applications and intricate graphs now run on the same runtime, simplifying telemetry and state persistence.

Driving the Agent Quality Flywheel from Your Coding Agent

Building AI agents often leaves developers uncertain if prompt tweaks to fix single errors will accidentally cause widespread regressions in production. To bridge this gap, Google has introduced a new developer skill for coding agents that automates a five-stage evaluation flywheel: preparing data, running inference, grading with adaptive AutoRaters, analyzing failure clusters, and executing targeted optimizations. Running continuously against production traffic or on-demand via synthetic scenarios, this tool allows developers to describe testing goals in plain language while an independent evaluation service safely validates and counts actual performance improvements.

AI Overviews in Drive now available on mobile

In April, we announced the general availability for Drive AI Overviews in Drive on the web. We’re now bringing this feature to the Drive Android and iOS apps.

Instead of searching through endless files and opening dozens of tabs to find the information you need, you can now get instant answers right at the top of your search results. Gemini does the heavy lifting for you, scanning your documents to provide clear, reliable summaries.

Here is how it helps you work smarter:

  • See the big picture: Get a quick summary of information pulled from multiple files without needing to open each one.
  • Ask naturally: There’s no need to use complicated search tricks. Just ask a question as you would to a colleague, like "What’s in our Spring 2026 catalog?"
  • Get the right answer: Gemini automatically understands what you’re looking for, whether it’s a quick fact, a project summary, or a list of specific documents, and adjusts its response to match.
  • Dig deeper with ease: If you need more information, you can go from a quick summary to a deeper conversation with Ask Gemini in just one click.
  • Control your AI Overviews scope: Use AI Overview search settings to choose which Google Workspace apps Gemini uses to find files and generate AI Overviews.

This feature will roll out in English and an additional 28 languages (the same as those supposed for Gemini in Drive side panel) over the next several weeks.

Getting started

Rollout pace

Availability

  • Business: Business Standard and Plus
  • Enterprise: Enterprise Standard and Plus
  • Consumer: Google AI Pro and Ultra
  • AI Add-ons: Google AI Pro for Education

Resources

Community feedback: How can corporations improve support for open source maintainers?

We know that AI is actively transforming the sustainability and socio-technical dynamics of OSS communities. Google Open Source is committed to partnering with open source communities and ecosystems to learn together how we should update our own models for engagement and support.

During an open meetup for GitHub Maintainer Month, I led a session to gather community feedback on how corporations can more effectively support open source maintainers.

Paying maintainers takes creativity

Many maintainers would appreciate consistent financial support. However, facilitating payments to individuals without established contractual relationships remains a complex challenge, particularly across diverse international jurisdictions. Fiscal hosts and programs such as Open Collective, GitHub Sponsors, and the LFX Mentorship Program can simplify components of this process, but they do not resolve the underlying issues of funding sustainability and predictability. While initiatives like the Open Source Endowment are working toward long-term funding sustainability, individual maintainers also had a few ideas:

  • Pay per meaningful contribution vs gameable metrics: Avoid payment models based on easily manipulated units like pull request counts or review volume. A proposed alternative is ‘pay per report,' encouraging maintainers to document their achievements and upcoming roadmaps.
  • Commitment-based purchasing: Corporate policies might make procurement simpler (or more complex) than sponsorships, so maintainers could benefit from offering structured support services alongside traditional sponsorship opportunities.
  • Fund conference attendance: In-person networking can be a boon for solo maintainers but it's often cost-prohibitive. For some corporations, travel sponsorship may be a simpler alternative to direct payments.
Challenge for Corporations and Fiscal Hosts: How can we assist maintainers in understanding any and all prerequisites and documentation necessary to participate in monetary programs? Advice from Maintainers: Consult a tax professional to understand the implications of various funding methods.

Manage and respect expectations

Beyond financial support, our discussion returned to the importance of respect and etiquette. Particularly, how can we manage expectations between heterogeneous creators, contributors and users - are maintainers clearly communicating their preferences, and are corporations actively respecting them? Some suggestions include:

  • Adherence to community norms: Maintainers should share their preferred communication channels, while contributors - both human and agentic - must ensure they review and follow them.
  • Consistency with documentation: Discrepancies between documented procedures and actual practices create friction for all participants. This standard should be upheld by both individual maintainers and corporate-managed projects.
  • Clarity of intent: Many maintainers would like to understand the motivation behind a contribution and reserve the right to ask questions.

To improve specific program experiences, maintainers suggested:

  • Consistent communication: Recipients of funding programs expect clearly communicated expectations regarding the timing and amount of disbursements.
  • Transparency and discoverability: Maintainers would appreciate easily discoverable records that track program participation, active agreements, and verify the status of Contributor License Agreements (CLAs).

Let's keep learning as a community

While we cannot make any promises, we want to continue to learn and challenge ourselves to consider novel ways to support OSS communities and maintainers. As a member of our community, we value your opinion. We've created a Google form to collect any thoughts you might have, as well as gauge interest in another open meeting. We plan to share any and all learnings back with the community.

Work with delegated Gmail accounts from mobile devices

Previously, users could only work with delegated Gmail accounts through the web interface. We are updating the Gmail app for iOS and Android to allow delegates to read, manage, and compose emails on behalf of a delegator directly from their mobile devices.

This update removes a significant barrier for employees who rely on mobile devices for their daily productivity. For example, an administrative assistant can seamlessly handle urgent communications for an executive while away from the office, without needing to find a desktop computer.

When using the Gmail mobile app, delegates can now:

  • Switch between their own inbox and delegated accounts.
  • View unread message counts for delegated inboxes from the account menu.
  • See emails intermingled across delegated accounts and their own account using the mobile “All inboxes” view.
  • Send messages that allow recipients to view the specific "sent by" information in the mobile experience. 
Administrators retain full control over delegation settings, including the ability to restrict delegation to specific organizational units. The mobile experience adheres to existing delegation policies and limits, such as supporting up to 1,000 unique delegates per account and 40 concurrent users. Delegators do not need to perform any additional setup to enable mobile access for their existing delegates.

Getting started

  • Admins: There is no admin control for this specific mobile feature; it follows existing delegation settings that you’ve configured for the web experience.
  • End users: To access a delegated account, ensure you have first been granted access via the Gmail web settings. Once granted, tap your profile picture in the Gmail app on Android or iOS and select the delegated account from the list. Visit the Help Center to learn more about delegating and collaborating on email.

Rollout pace

Availability

  • Available in early July to all Google Workspace customers, Workspace Individual subscribers, and users with personal Google accounts

Resources

Ask Gemini in Drive now available on mobile

In April, we announced the general availability of Ask Gemini in Drive on the web. We’re now bringing this feature to the Drive Android and iOS apps.

Ask Gemini in Drive offers you a dedicated, immersive workspace designed for deep focus. You can now engage in high-context, multi-turn conversations to efficiently explore and understand content across Drive, other Workspace apps, and the web.

Key features include:

  • Dedicated conversations: Engage in focused discussions about specific sets of files and folders. By grounding your questions in the relevant content, you get more precise, actionable answers.
  • Persistent conversation history: Easily pick up where you left off. Your past chats are saved, allowing you to quickly revisit previous insights about specific folders or projects without starting over.
  • Secure and compliant: Ask Gemini in Drive is built directly into the Drive architecture, it never copies or replicates your files. It honors your existing data protection and security controls, including access permissions, DLP policies, and IRM, ensuring Gemini only accesses content you are authorized to see.

This feature will roll out in English and an additional 28 languages over the next several weeks.

Getting started

Rollout pace

Availability

  • Business: Business Standard and Plus
  • Enterprise: Enterprise Standard and Plus
  • Consumer: Google AI Pro and Ultra
  • AI Add-ons: Google AI Pro for Education

Resources