Author Archives:

Extended Stable Updates for Desktop

The Extended Stable channel has been updated to 146.0.7680.201 for Windows and Mac which will roll out over the coming days/weeks.


A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista
Google Chrome

Chrome for Android Update

     Hi, everyone! We've just released Chrome 147 (147.0.7727.101) for Android. It'll become available on Google Play over the next few days. 

This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.


Android releases contain the same security fixes as their corresponding Desktop releases (Windows & Mac: 147.0.7727.101/.102, Linux:  147.0.7727.101) unless otherwise noted.

Krishna Govind

Stable Channel Update for Desktop

The Stable channel has been updated to 147.0.7727.101/102 for Windows/Mac  and 147.0.7727.101 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 31 security fixes. Please see the Chrome Security Page for more information.




[$90000][490170083] Critical CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga on 2026-03-05


[$10000][493628982] Critical CVE-2026-6297: Use after free in Proxy. Reported by heapracer on 2026-03-17

[TBD][495700484] Critical CVE-2026-6298: Heap buffer overflow in Skia. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-24

[N/A][497053588] Critical CVE-2026-6299: Use after free in Prerender. Reported by Google on 2026-03-28

[TBD][497724498] Critical CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern) on 2026-03-30

[TBD][490251701] High CVE-2026-6359: Use after free in Video. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-06

[TBD][491994185] High CVE-2026-6300: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-12

[TBD][495273999] High CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c on 2026-03-23

[TBD][495477995] High CVE-2026-6302: Use after free in Video. Reported by Syn4pse on 2026-03-24

[N/A][496282147] High CVE-2026-6303: Use after free in Codecs. Reported by Google on 2026-03-25

[N/A][496393742] High CVE-2026-6304: Use after free in Graphite. Reported by Google on 2026-03-26

[TBD][496618639] High CVE-2026-6305: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-26

[TBD][496907110] High CVE-2026-6306: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-27

[TBD][497404188] High CVE-2026-6307: Type Confusion in Turbofan. Reported by Project WhatForLunch (@pjwhatforlunch) on 2026-03-29

[N/A][497412658] High CVE-2026-6308: Out of bounds read in Media. Reported by Google on 2026-03-29

[N/A][497846428] High CVE-2026-6309: Use after free in Viz. Reported by Google on 2026-03-30

[TBD][497880137] High CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam on 2026-03-31

[N/A][497969820] High CVE-2026-6310: Use after free in Dawn. Reported by Google on 2026-03-31

[N/A][498201025] High CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google on 2026-03-31

[N/A][498269651] High CVE-2026-6312: Insufficient policy enforcement in Passwords. Reported by Google on 2026-03-31

[N/A][498765210] High CVE-2026-6313: Insufficient policy enforcement in CORS. Reported by Google on 2026-04-02

[N/A][498782145] High CVE-2026-6314: Out of bounds write in GPU. Reported by Google on 2026-04-02

[N/A][499247910] High CVE-2026-6315: Use after free in Permissions. Reported by Google on 2026-04-03

[N/A][499384399] High CVE-2026-6316: Use after free in Forms. Reported by Google on 2026-04-03

[N/A][500036290] High CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google on 2026-04-06

[TBD][500066234] High CVE-2026-6362: Use after free in Codecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-07

[N/A][500091052] High CVE-2026-6317: Use after free in Cast. Reported by Google on 2026-04-06

[N/A][495751197] Medium CVE-2026-6363: Type Confusion in V8. Reported by Google on 2026-03-24

[TBD][495996858] Medium CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse on 2026-03-25

[TBD][499018889] Medium CVE-2026-6319: Use after free in Payments. Reported by pwn2addr on 2026-04-02

[N/A][502103414] Medium CVE-2026-6364: Out of bounds read in Skia. Reported by Google Threat Intelligence on 2026-04-13


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.


Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

Now available: The Gemini app for Mac

Today, we’re bringing the Gemini app to macOS as a native desktop experience, designed to live right where you work. It’s always just a keyboard shortcut away, allowing you to quickly get the help you need without losing your focus.

Here are a few ways you can use it right now:

  • Stay in your flow: Switching between windows can be clunky and slow. Now, you can bring up Gemini from anywhere on your Mac with a quick global shortcut (Option + Space) to get help instantly. Whether you’re drafting a market report and need to verify a date, working on a research paper and need to cite a source, or building a spreadsheet and need the right formula, you can get your answer and get right back to work.
  • Share your window for instant context: With our new native experience, you can share anything on your screen with Gemini to get help with exactly what you’re looking at. If you’re reviewing a complex chart, simply share your window and ask, "What are the three biggest takeaways here?" to get an instant summary without breaking your stride.
Starting today, the native macOS app is available to Gemini users on macOS versions 15 and up, globally.

Getting started

  • Admins: This feature is ON by default for all organizations with Gemini enabled. The Gemini app and related in-app tools are controlled by the Generative AI settings in the Workspace Admin console. The Gemini app for Mac is subject to these existing controls. Visit the Help Center for more information on turning the Gemini app on or off.
  • End users: To get the app, visit gemini.google/mac and select "Download for Mac." Once installed, sign in with your work or school Google Account.

Rollout pace

Availability

  • Available to all Google Workspace business and education customers, Workspace Individual subscribers, and users with personal Google accounts

Resources

Boosting user privacy and business protection with updated Play policies

Posted by Bennet Manuel, Group Product Manager, App & Ecosystem Trust


We strive to make Google Play the safest and most trusted experience possible. Today, we’re announcing a new set of policy updates and an account transfer feature to boost user privacy and protect your business from fraud. By providing better features for users and easy-to-integrate tools for you, we’re making it simpler to build safer apps so you can focus on creating great experiences.

We’re also expanding our features to help you manage new contact and location policy changes, so you have a smoother, more predictable app review experience. By October, Play policy insights in Android Studio can help you proactively identify if your app should use these new features and guide you on the exact steps to take. Additionally, new pre-review checks in the Play Console will be available starting October 27 to flag potential contacts or location permissions policy issues so you can fix them before you submit your app for review.

Here is what is new and how you can prepare.

Contact Picker: A privacy-friendly way to access contacts



Android is introducing the Android Contact Picker as the new standard for accessing contact information (e.g., for invites, sharing, or one-time lookups). This picker lets users share only the specific contacts they want to, helping build trust and protect privacy. Alongside this tool, we are updating our policy to require that all applicable apps use the picker, or other privacy-focused alternatives like Sharesheet, as the primary way to access users’ contacts. READ_CONTACTS will be reserved for apps that can’t function without it.

What you’ll need to do

  • If your app asks for access to contacts for features like sharing or inviting, you should update your code to use the picker and remove the READ_CONTACTS permission entirely (if targeting Android 17 and above).
  • If your app requires full, ongoing access to a user’s contact list to function, you must justify this need by submitting a Play Developer Declaration in the Play Console. This form will be available before October.

Location button: More privacy-friendly way to access location



Android is introducing a new, streamlined location button to make requesting precise data easier for one-time actions, like finding a store or tagging a photo. This feature replaces complex permission dialogs with a single tap, helping users make clearer choices about how much information they share and for how long. We’re updating our policy to require apps to use this button for one-time precise location access unless they require persistent, always-on location access. This creates a faster, more predictable experience for your users and reduces the friction of traditional permission requests.

What you’ll need to do

  • Review your app's location usage to ensure you are requesting the minimum amount of location data needed for your app to work.
  • If your app targets Android 17 and above and uses precise location for discrete, temporary actions, implement the location button by adding the onlyForLocationButton flag in your manifest.
  • If your app requires persistent precise location to function, you will need to submit a Play Developer Declaration in Play Console to show why the new button or coarse location isn’t sufficient for your app’s core features. This form will be available before October.

Account Transfer: Protecting your business

You asked for a secure way to transfer app ownership during business changes, and we listened. We’re launching an official account transfer feature directly in Play Console that’s designed to help you easily transfer ownership during sales and mergers while also protecting your business from fraud. Starting May 27, account ownership changes must use this official feature. That means that unofficial transfers (like sharing login credentials or buying and selling accounts on third-party marketplaces) which leave your business vulnerable are not permitted.

What you’ll need to do

  • Initiate any future account owner changes through the "Users and permissions" page in Play Console.
  • Every transfer will include a mandatory 7-day security cool-down period. This gives your team time to spot and cancel any unauthorized attempts to take over your account. See Transferring ownership of a Play Console developer account for more guidance.

What’s next

We want to give you plenty of time to review these changes and update your apps. For more information, deadlines, and the full list of Google Play policy updates we’re announcing today, please visit the Policy Announcements page.

Thank you for your partnership in keeping Play safe for everyone.

New more expressive AI voiceovers in Google Vids, and 16 additional languages, powered by Gemini 3.1 Flash TTS

With the release of our new Gemini 3.1 Flash Text-To-Speech (TTS) model, AI voiceovers in Google Vids now include 30 new conversational voice options that better capture natural expression and realism. All 30 AI voiceover options are now supported in 24 different languages.

You can test these new voices in your next video project by adding emotional instructions like "Read this like you're excited," using bracket notation for pacing like "This [pause] is amazing!" or including sound effects like "[laugh] That was a great point."

Expanded languages
AI voiceovers is expanding support to 16 new languages: English (en-US, en-IN), Arabic, Bengali, Dutch, Hindi, Indonesian, Marathi, Polish, Romanian, Russian, Tamil, Telugu, Thai, Turkish, Ukrainian, and Vietnamese.

These languages join the previously supported languages: English, Spanish, Portuguese, Japanese, Korean, French, Italian, and German.

Conversational voice options available in Google Vids voiceovers

Getting started

Rollout pace

Availability

  • Available to all Google Workspace customers, Workspace Individual subscribers, and users with personal Google accounts

Resources

Subagents have arrived in Gemini CLI

Gemini CLI has introduced subagents, specialized expert agents that handle complex or high-volume tasks in isolated context windows to keep the primary session fast and focused. These agents can be customized via Markdown files, run in parallel to boost productivity, and are easily invoked using the @agent syntax for targeted delegation. This architecture prevents "context rot" by consolidating intricate multi-step executions into concise summaries for the main orchestrator.