The Extended Stable channel has been updated to 148.0.7778.254 for Windows and Mac which will roll out over the coming days/weeks.
Author Archives:
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 74 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information
[N/A][516501794] Critical CVE-2026-11628: Use after free in Ozone. Reported by Google on 2026-05-25
[N/A][516674532] Critical CVE-2026-11629: Use after free in Ozone. Reported by Google on 2026-05-26
[N/A][516677924] Critical CVE-2026-11630: Use after free in File Input. Reported by Google on 2026-05-26
[N/A][516691130] Critical CVE-2026-11631: Use after free in Aura. Reported by Google on 2026-05-26
[N/A][516707881] Critical CVE-2026-11632: Use after free in TabStrip. Reported by Google on 2026-05-26
[N/A][516963272] Critical CVE-2026-11633: Use after free in Bluetooth. Reported by Google on 2026-05-27
[N/A][516975148] Critical CVE-2026-11634: Use after free in Gamepad. Reported by Google on 2026-05-27
[N/A][516987814] Critical CVE-2026-11635: Use after free in Bluetooth. Reported by Google on 2026-05-27
[N/A][517023053] Critical CVE-2026-11636: Use after free in Autofill. Reported by Google on 2026-05-27
[N/A][517040438] Critical CVE-2026-11637: Use after free in Views. Reported by Google on 2026-05-27
[N/A][517047197] Critical CVE-2026-11638: Use after free in Printing. Reported by Google on 2026-05-27
[N/A][517227707] Critical CVE-2026-11639: Use after free in Compositing. Reported by Google on 2026-05-27
[N/A][517339758] Critical CVE-2026-11640: Integer overflow in libyuv. Reported by Google on 2026-05-28
[N/A][517418936] Critical CVE-2026-11641: Use after free in Bluetooth. Reported by Google on 2026-05-28
[N/A][517678820] Critical CVE-2026-11642: Use after free in Web Apps. Reported by Google on 2026-05-29
[N/A][518006379] Critical CVE-2026-11643: Use after free in Proxy. Reported by Google on 2026-05-29
[N/A][518043597] Critical CVE-2026-11644: Use after free in Views. Reported by Google on 2026-05-30
[$55000][506689381] High CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3 on 2026-04-27
[$500][517168239] High CVE-2026-11646: Use after free in ViewTransitions. Reported by Quac Tran on 2026-05-27
[N/A][502156940] High CVE-2026-11647: Use after free in Printing. Reported by Google on 2026-04-13
[N/A][506684534] High CVE-2026-11648: Use after free in FullScreen. Reported by Mihnea Nicolau on 2026-04-27
[N/A][511270083] High CVE-2026-11649: Use after free in V8. Reported by Google on 2026-05-08
[N/A][511279942] High CVE-2026-11650: Use after free in V8. Reported by Google on 2026-05-08
[N/A][511736002] High CVE-2026-11651: Use after free in Network. Reported by Google on 2026-05-10
[N/A][513156160] High CVE-2026-11652: Use after free in Extensions. Reported by Google on 2026-05-14
[N/A][513321171] High CVE-2026-11653: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-14
[N/A][513362710] High CVE-2026-11654: Use after free in CameraCapture. Reported by Google on 2026-05-15
[N/A][513396305] High CVE-2026-11655: Integer overflow in Media. Reported by Google on 2026-05-15
[N/A][513424000] High CVE-2026-11656: Use after free in ServiceWorker. Reported by Google on 2026-05-15
[N/A][513465272] High CVE-2026-11657: Use after free in Payments. Reported by Google on 2026-05-15
[N/A][513564337] High CVE-2026-11658: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-15
[N/A][513702971] High CVE-2026-11659: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-16
[N/A][513731890] High CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-16
[N/A][513748868] High CVE-2026-11661: Use after free in Views. Reported by Google on 2026-05-16
[N/A][513773313] High CVE-2026-11662: Type Confusion in Bindings. Reported by Google on 2026-05-16
[N/A][513820666] High CVE-2026-11663: Use after free in Skia. Reported by Google on 2026-05-16
[N/A][513830374] High CVE-2026-11664: Use after free in Payments. Reported by Google on 2026-05-16
[N/A][513948465] High CVE-2026-11665: Out of bounds read in Dawn. Reported by Google on 2026-05-17
[N/A][514009323] High CVE-2026-11666: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-17
[N/A][514671098] High CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google on 2026-05-19
[N/A][515419790] High CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google on 2026-05-21
[N/A][515429352] High CVE-2026-11669: Integer overflow in Media. Reported by Google on 2026-05-21
[N/A][515469283] High CVE-2026-11670: Use after free in PDF. Reported by Google on 2026-05-21
[N/A][516608438] High CVE-2026-11671: Use after free in Navigation. Reported by Google on 2026-05-26
[N/A][516794471] High CVE-2026-11672: Out of bounds write in GPU. Reported by Google on 2026-05-26
[N/A][516902973] High CVE-2026-11673: Use after free in InterestGroups. Reported by Google on 2026-05-26
[N/A][516910450] High CVE-2026-11674: Use after free in Guest View. Reported by Google on 2026-05-27
[N/A][516915337] High CVE-2026-11675: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-05-27
[N/A][516949298] High CVE-2026-11676: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27
[N/A][516979551] High CVE-2026-11677: Race in Network. Reported by Google on 2026-05-27
[N/A][516986556] High CVE-2026-11678: Integer overflow in libyuv. Reported by Google on 2026-05-27
[N/A][516997135] High CVE-2026-11679: Use after free in Codecs. Reported by Google on 2026-05-27
[N/A][517004487] High CVE-2026-11680: Use after free in Media. Reported by Google on 2026-05-27
[N/A][517050585] High CVE-2026-11681: Use after free in Ozone. Reported by Google on 2026-05-27
[N/A][517103584] High CVE-2026-11682: Insufficient validation of untrusted input in Views. Reported by Google on 2026-05-27
[N/A][517129549] High CVE-2026-11683: Use after free in WebCodecs. Reported by Google on 2026-05-27
[N/A][517130229] High CVE-2026-11684: Insufficient policy enforcement in Network. Reported by Google on 2026-05-27
[N/A][517183713] High CVE-2026-11685: Insufficient data validation in MediaCapture. Reported by Google on 2026-05-27
[N/A][517247333] High CVE-2026-11686: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27
[N/A][517303276] High CVE-2026-11687: Use after free in Dawn. Reported by Google on 2026-05-28
[N/A][517309206] High CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google on 2026-05-28
[N/A][517486004] High CVE-2026-11689: Insufficient validation of untrusted input in Passwords. Reported by Google on 2026-05-28
[N/A][517533654] High CVE-2026-11690: Out of bounds read and write in Media. Reported by Google on 2026-05-28
[N/A][517585486] High CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-28
[N/A][517607902] High CVE-2026-11692: Use after free in Read Anything. Reported by Google on 2026-05-28
[N/A][517644287] High CVE-2026-11693: Inappropriate implementation in Plugins. Reported by Google on 2026-05-28
[N/A][517705966] High CVE-2026-11694: Use after free in ServiceWorker. Reported by Google on 2026-05-29
[N/A][517762104] High CVE-2026-11695: Inappropriate implementation in Passwords. Reported by Google on 2026-05-29
[N/A][517993381] High CVE-2026-11696: Uninitialized Use in Video. Reported by Google on 2026-05-29
[N/A][518105731] High CVE-2026-11697: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-30
[N/A][518235412] High CVE-2026-11698: Use after free in Bluetooth. Reported by Google on 2026-05-30
[N/A][518237527] High CVE-2026-11699: Use after free in Bluetooth. Reported by Google on 2026-05-30
[N/A][511732085] Medium CVE-2026-11700: Use after free in Tracing. Reported by Google on 2026-05-10
[N/A][516413817] Medium CVE-2026-11701: Insufficient validation of untrusted input in Guest View. Reported by Google on 2026-05-25
Google is aware that an exploit for CVE-2026-11645 exists in the wild.
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Daniel Yip
Google Chrome
Source: Google Chrome Releases
Introducing the Workspace Policy API mutate endpoints for DLP
- Admins define rules for sensitive content across Drive, Gmail, Chat, and Chrome.
- DLP scans content for DLP rule violations that trigger DLP incidents.
- DLP enforces the rules you defined and violations trigger actions, such as alerts.
- Admins are alerted for DLP rule violations.
![]() |
| Summary of capabilities supported by mutate endpoints for DLP |
Getting started
- Admins: You must be a super admin to use the Policy API. See our developer documentation to learn more about the Policy API. You can also use GAM, an open source tool for managing Workspace, which now supports the Policy API.
- End users: This is an admin-only capability.
Rollout pace
- Rapid Release and Scheduled Release domains: Available now
Availability
- Available to all Google Workspace customers and Workspace Individual subscribers
Resources
- Google Cloud Identity Help: Policy API Overview
- Google Cloud Identity Help: REST Resource: policies
- Google Cloud Identity Help: Setting up the Policy API
- Google Cloud Identity Help: Listing and getting policies
- Google Cloud Identity Help: Creating, patching, and deleting policies
- Google Workspace Updates Blog: The Policy API is now generally available with support for auditing more security features
Source: Google Workspace Updates
Unlocking TPU performance: Deep kernel profiling with XProf
As machine learning workloads scale to unprecedented heights, developers are increasingly writing highly specialized Tensor Processing Unit (TPU) kernels using frameworks like Pallas, Mosaic, and Triton to maximize hardware performance.
However, customizing high-performance kernels has historically introduced a major engineering challenge: optimization blind spots. To legacy performance profilers, custom compilation paths appear as opaque execution paths. Developers are left with single, massive execution blocks in their trace captures, lacking granular visibility into what is actually occurring inside the chip's internal components. Did a vector processing instruction stall? Was matrix math idle due to data loading bottlenecks?
Traditional profiling relies heavily on compile-time static cost models to estimate kernel efficiency. While helpful for standard operations, these models cannot capture dynamic runtime realities like instruction execution stalls, memory subsystem congestion, or hardware scheduling conflicts.
To open this opaque execution path, we are excited to introduce the Kernel Profiling suite in XProf—a low-level hardware debugging suite engineered specifically for Pallas kernel authoring and optimization on Google TPUs. By combining static compilation tracking with dynamic, sub-microsecond hardware telemetry, XProf Kernel provides the deep transparency required to optimize high-scale ML workloads.
Deep visibility: HLO Graphs & MLIR Inspection
The first step in debugging any custom kernel is understanding how your high-level code is translated by the compiler. When compiling a JAX or PyTorch model, the compiler generates a High-Level Optimizer (HLO) graph. Previously, custom calls inside these graphs remained completely obscured.
XProf's updated Graph Viewer resolves this by exposing the internal compilation logic of these custom regions directly. To unlock this deep visibility, developers must pass the appropriate debug flags to the XLA compilation environment.
--xla_enable_custom_call_region_trace=true
--xla_xprof_register_llo_debug_info=true
Once these flags are active, any trace captured via XProf includes comprehensive compiler metadata. In the XProf Graph Viewer, clicking on a custom-call block reveals an interactive panel titled "Custom Call Text." This displays the raw, lowered MLIR (Multi-Level Intermediate Representation) code generated by the compiler.
By displaying the MLIR text side-by-side with high-level source-code representations, developers can immediately verify whether the compiler is correctly fusing operations and structuring memory tiles as intended.
Tracing Instrumented Low-Level Operations (LLO) Analysis
To provide cycle-level execution visibility, XProf exposes Low-Level Operations (LLO) bundle data directly inside the Trace Viewer. An LLO bundle represents the actual machine instructions issued to the TPU core's functional units during every clock cycle.
Through dynamic instrumentation, XProf inserts hardware markers exactly when a LLO bundle region executes. Within the Trace Viewer, this manifests as dedicated, time-aligned execution tracks representing the TPU bundle's slot utilization metrics from static analysis:
- MXU (Matrix Multiply Unit): Tracks active, busy cycles of high-throughput matrix-multiplication pipelines.
- Scalar and Vector ALUs: Displays the execution profile of mathematical operations, letting you spot pipeline imbalances.
- Vector Fills, Loads, Spills, and Stores: Exposes HBM-to-register data movement, critical for identifying bandwidth-throttling bottlenecks.
- XLU (Cross-Lane Unit): Monitors collective communications and data shuffling across physical TPU cores.
Runtime Performance Counter Sampling
While static analysis effectively verifies instruction counts or vector store logic, it remains detached from the dynamic realities of runtime execution. To bridge this gap, XProf introduces fine-grained, periodic performance counter sampling—available starting with TPU v7 (Ironwood). This capability empowers developers to move beyond static estimation and measure precisely how hardware blocks are utilized in real-time, providing the empirical ground truth needed to identify whether compute units are truly active or stalled by memory subsystems.
Consider the optimization of a tiled matrix multiplication (Matmul) kernel. While a static trace might indicate a logically perfect sequence of operations, real-world performance often falters if the Matrix Multiply Unit (MXU) sits idle while awaiting data from High-Bandwidth Memory (HBM). To diagnose and resolve such bottlenecks, developers can utilize a structured three-step profiling workflow:
- Set up the Profiling Environment: Configure the TPU v7 (Ironwood) runtime by defining specific hardware counters—such as scalar issues or synchronization waits.
- Capture a Kernel Profile: Use the XProf request interface to capture fine-grained performance counters, which can then be visualized as a time-series within the Trace Viewer.
- Interpret the Data: Analyze the resulting counters to distinguish between a Memory-Bound Scenario (characterized by massive spikes in
sync_wait) and an Optimized Scenario. For instance, implementing triple buffering to overlap memory loads with MXU compute can reduce runtime from 125.5µs to 88µs—a ~30% performance gain validated by a drastic reduction in synchronization events.
By shifting from static code inspection to empirical runtime telemetry, hardware behavior explicitly validates optimization strategies, ensuring every cycle on the silicon is spent productively. For a hands-on example to check out these techniques, please explore our Pallas Matmul w/ Perf Counters demo.
Visualizing the "Utilization Gap"
This dynamic tracking exposes the significant gap left by traditional static analysis tools. A static tool analyzes instructions linearly, completely ignoring time. It might flag an MXU instruction block as "100% Utilized."
In contrast, XProf plots actual hardware execution over time. You might discover that a long-running Scalar ALU operation is stalling the entire execution pipeline, leaving the powerful MXU completely idle. By visualizing these temporal idle gaps, developers can adjust data shapes, memory alignments, and instruction sequencing to maximize compute density.
STATIC ESTIMATION:
[========== Block Execution: MXU Flagged 100% Utilized ==========]
XPROF REAL-WORLD TIMELINE:
├─ [Scalar ALU (Active)] ─┼─ [MXU (Active)] ─┼── [MXU (Idle / Memory Stall)] ──┤
│ Stalling pipeline... │ Compute phase │ Starved; waiting for HBM Load │
Overall Utilization from Performance Counters
Navigating profiling metrics can be daunting. Relying on metrics calculated via compile-time cost models often misrepresents performance when applied to custom compilation paths. To solve this, XProf establishes a clear Hierarchy of Trust:
┌───────────────────────────────┐
│ Absolute Ground Truth │
│ (HBM, Hardware Registers, │ (100% Trustworthy)
│ TPO Metrics, CSRs) │
└───────────────┬───────────────┘
▼
┌───────────────────────────────┐
│ Estimated Metrics │
│ (Program Optimal FLOPs, │ (Requires caution with
│ Goodput Efficiency) │ custom compiling paths)
└───────────────────────────────┘
- The Absolute Ground Truth (100% Trustworthy): Metrics derived directly from physical hardware registers (HBM utilization, TPO metrics, unprivileged hardware stats). When profiling custom kernels, these represent physical reality and should be your primary optimization anchors.
- Estimated Metrics (Use with Caution): Metrics like "Compared to program optimal FLOPS" or "Goodput efficiency" rely on XLA cost models. Because custom compilation paths bypass standard passes, these metrics can be highly skewed or outright non-functional.
For the unvarnished truth, XProf exposes the Perf Counters View, providing direct, tabular access to over 16,000 raw hardware counters read straight from the TPU silicon.
Understanding Trace Tracks: The height of a trace track does not represent a normalized 0-100% percentage. It represents the maximum raw counter value observed in that interval. For example, if a counter increments by 100 cycles over a 500-nanosecond trace window (roughly 1,000 clock cycles on a 2.0 GHz core), it indicates exactly 10% physical utilization of that unit.
To configure and profile the runtime performance counters sampling method, please follow the instructions from <openxla.org/xprof/kernel-profiling.html>.
Advanced Sampling: Event-Triggered Profiling
Previously, dynamic capturing was limited to Periodic Sampling Mode—polling counters based on a host-level timer, which hit a physical resolution floor of 1 microsecond.
CORE 0 CORE 1 CORE 2 CORE 3
┌──────────────┐ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ 28 Counters │ │ 28 Counters │ │ 28 Counters │ │ 28 Counters │
└──────────────┘ └──────────────┘ └──────────────┘ └──────────────┘
└─────────────────────────────────────────────────────────────────┘
4 x 28 Sparse Matrix
To capture lightning-fast hardware cycles, XProf now supports External Event-Triggered Mode. The dynamic sampler intercepts physical TPU trace instructions and boundary triggers (such as entering/exiting custom call scopes), allowing for sub-microsecond capture latency and precise attribution.
Developers can configure up to 28 hardware counters per core, distributed across up to four active SparseCores, creating a 4 x 28 profiling matrix that maximizes data variety while protecting workload performance.
Activating this is straightforward via standard JAX JIT profilers:
options = jax.profiler.ProfileOptions()
# Example request for externally triggered collection
options.advanced_configuration = {
"tpu_enable_periodic_counter_sampling" : True,
"tpu_tc_perf_counter_sampling_options" : (
'is_external_trigger:true scaling:0 counter_size_bits:1 indices:10 indices:11 indices:56 indices:57 indices:58'
),
}
# For periodic sampling, please use interval_us instead of is_external_trigger.
Getting Started
Ready to transition from guessing performance to measuring and optimizing the physical limits of your ML silicon? Explore these open-source resources to get started with XProf Kernel today:
- XProf GitHub Repository: github.com/openxla/xprof
- Official XProf Documentation: openxla.org/xprof
- JAX Profiling Guide: jax.readthedocs.io/en/latest/profiling.html
Source: Google Open Source Blog
Convert rubric files and images into Google Classroom rubrics with help from Gemini
Getting started
- Admins: This feature will be available by default if Gemini in Classroom is enabled. Visit the Help Center to learn more about managing access to Gemini in Classroom.
- End users: Visit the Help Center to learn more about creating and reusing rubrics for an assignment.
Rollout pace
- Rapid Release and Scheduled Release domains: Full rollout (1–3 days for feature visibility) starting on June 8, 2026
Availability
- Education: Education Fundamentals, Standard, and Plus
Resources
- Google Help: Create or reuse a rubric for an assignment
- Google Workspace Updates Blog: Educators can now convert rubrics in Google Classroom from Drive or local files with help from Gemini
- Keyword: Manage access to Gemini in Classroom
Source: Google Workspace Updates
Do better research with NotebookLM
NotebookLM’s latest upgrades deliver new agentic capabilities and more advanced reasoning to tackle complex research projects.
Source: The Official Google Blog
Request lightweight document alignment with approvals in Google Drive
![]() |
When checked, "Require all approvers to review the same content" resets pending approvals if the file content changes. This is the default behavior. |
![]() |
When unchecked, changes to the file content don't reset pending approvals. |
Getting started
- Admins: Approval requests are enabled by default and can be disabled at the domain, OU, and group level. There is no admin setting that controls alignment approvals specifically; users can access them if they have access to the broader approval request feature. Visit the Help Center to learn more about managing Drive approvals.
- End users: Alignment approvals will be off by default and can be enabled by the user. Visit the Help Center to learn more about getting approvals in Drive.
Rollout pace
- Rapid Release domains: Gradual rollout (up to 15 days for feature visibility) started on June 2, 2026
- Scheduled Release domains: Full rollout (1–3 days for feature visibility) starting on June 15, 2026
Availability
- Business: Business Standard and Plus
- Enterprise: Enterprise Starter, Standard, and Plus
- Education: Education Plus
- Other Editions: Enterprise Essentials and Enterprise Essentials Plus; Nonprofits
- Education Add-ons: Teaching and Learning
Resources
- Google Workspace Admin Help: Manage approvals
- Google Drive Help: Get approvals on files in Google Drive
- Google Workspace Developer Documentation: Manage approvals
Source: Google Workspace Updates
Our latest fraud and scams advisory
An overview from Google’s Trust & Safety teams on the most recent online scam trends.
Source: The Official Google Blog
4 ways to keep up with the FIFA World Cup 2026™
Google tools — like Maps, Gemini and AI Mode in Search — can help guide you from the first whistle to the final goal.
Source: The Official Google Blog
4 ways soccer fans can catch every moment of the tournament
Google tools — like Maps, Gemini and AI Mode in Search — can help guide you from the first whistle to the final goal.


