Stable Channel Update for Desktop

The Stable channel has been updated to 127.0.6533.72/73 for Windows, Mac and 127.0.6533.72 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log.


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 24 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$11000][349198731] High CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group on 2024-06-25

[$8000][349342289] High CVE-2024-6989: Use after free in Loader. Reported by Anonymous on 2024-06-25

[TBD][346618785] High CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz on 2024-06-12

[TBD][349653220] High CVE-2024-6992: Out of bounds memory access in ANGLE. Reported by Xiantong Hou of Wuheng Lab and Pisanbao on 2024-06-27

[TBD][349903568] High CVE-2024-6993: Inappropriate implementation in Canvas. Reported by Anonymous on 2024-06-30

[$8000][339686368] Medium CVE-2024-6994: Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2024-05-10

[$6000][343938078] Medium CVE-2024-6995: Inappropriate implementation in Fullscreen. Reported by Alesandro Ortiz on 2024-06-01

[$5000][333708039] Medium CVE-2024-6996: Race in Frames. Reported by Louis Jannett (Ruhr University Bochum) on 2024-04-10

[$3000][325293263] Medium CVE-2024-6997: Use after free in Tabs. Reported by Sven Dysthe (@svn-dys) on 2024-02-15

[$2000][340098902] Medium CVE-2024-6998: Use after free in User Education. Reported by Sven Dysthe (@svn-dys) on 2024-05-13

[$2000][340893685] Medium CVE-2024-6999: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-15

[$500][339877158] Medium CVE-2024-7000: Use after free in CSS. Reported by Anonymous on 2024-05-11

[TBD][347509736] Medium CVE-2024-7001: Inappropriate implementation in HTML. Reported by Jake Archibald on 2024-06-17

[$2000][338233148] Low CVE-2024-7003: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-01

[TBD][40063014] Low CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous on 2023-02-10

[TBD][40068800] Low CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Reported by Umar Farooq  on 2023-08-04


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [354788491] Various fixes from internal audits, fuzzing and other initiatives


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.


Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Daniel Yip
Google Chrome

Reduce live-stream bandwidth consumption to a fraction of the traffic volume with eCDN for Google Meet

What’s changing 

In September 2023, we introduced ultra-low latency livestreaming and since then we’ve introduced several improvements for the overall experience. Today, we’re excited to introduce the latest enhancement for ultra-low latency live streaming: Enterprise Content Delivery Network (eCDN) support for Google Meet. 


When configured by admins, eCDN has the potential to reduce bandwidth consumption to a fraction of the traffic volume. This applies to all live streams, including those originating from outside of your own domain. This is achieved through peer-assisted media delivery — whereby live streamed content is automatically shared between nearby peers, reducing the need to retrieve content from Google servers and minimizing bottleneck. There is no additional software, hardware, or end user action required to use eCDN — it works automatically in the background.

With eCDN turned on, live streamed content is shared between peers (as seen on the right), reducing the need to retrieve content from Google servers (as seen on the left).



Who’s impacted

Admins and end users

Why it’s important

Live streaming is a key tool for presenting information to large audiences such as town-hall meetings, weekly broadcasts or other kinds of events with large audiences. As such, video quality of live streamed content is critical. Using eCDN can significantly reduce the strain on internet gateways while delivering a high-quality viewing experience with consistently low latency. Without eCDN, each viewer is sent their own individual feed. With eCDN turned on for a private network, the backend will send media to a significantly lower number of clients in that network. Those clients will then use the eCDN technology to take over and redistribute media to ensure that all viewers in that network receive the media they need, with high quality and preserved ultra-low latency. 

Getting started


  • End users: There is no end user action required — make sure you’re using Chrome 121 or later on a laptop or desktop computer to ensure the highest quality ultra-low latency live streaming experience.

Rollout pace

Note: eCDN is available for those customers who have received the ultra-low latency live streaming experience. For some customers, that update is rolling out at a slower rate and they may not receive these updates for several months.


#WeArePlay | 153 new stories from people creating apps and games in the U.S.

Posted by Robbie McLachlan, Developer Marketing

In 2022, #WeArePlay launched 153 stories about the people behind app and game companies across the United States. Since then, we've been on a virtual tour around the world with more stories from India, Europe, Japan and Australia. Today, we're heading back to the U.S. as we celebrate 153 brand new stories, 3 more per state, and spotlight more growing businesses on Google Play.

Here are just a few of my favorites:

Bernard’s app uses virtual reality to recreate ancient cities

Bernard, founder of Yorescape
Bloomington, Indiana

Bernard went to visit Plastico di Roma Imperiale in the 70s - a model of imperial Rome in the time of Constantine the Great - and was spellbound. This visit was the seed of what was to become his app Yorescape, an app that uses virtual reality to let users explore ancient ruins. With 3D reconstructions and expert audio guides, Yorescape simulates world heritage sites with a little help from virtual reality. People can explore ancient ruins and take a unique journey through time, presenting historical sites as they exist today alongside their ancient counterparts. Yorescape showcases heritage sites from Egypt, Lebanon, Greece, Italy, and Mexico. One day, he hopes to cover sites in all four corners of the earth.


Pinkey’s app uses AI to revolutionize maternal healthcare for all moms

Pinkey, founder of Myri Health
Norman, Oklahoma

Pinkey was disappointed with the aftercare she received post-delivery when she gave birth to her first child. As a pharmacist, personal trainer, and pre-and postnatal corrective exercise specialist, she knew she had plenty of knowledge to share. This experience led Pinkey to create Myri Health, an AI-driven platform that transforms pregnancy and postpartum support. She plans to launch in countries with higher maternal mortality rates improving the healthcare of mothers everywhere and will integrate the app with Google Health Connect for fully cohesive care.


Bria’s game lets players serve Japanese-themed characters in a bubble tea shop

Bria, founder of Boba Story
Los Angeles, California

Bria worked for some big names in the tech world but wanted to start her own company based on what brings her joy. Bubble tea was something she always associated with good times with friends, and wanted to encapsulate that same feeling in Boba Story. In her game, players restore an old boba shop by designing the decor and a drinks menu, they then serve the Japanese anime-inspired characters bubble tea. A garden with beekeeping where players can harvest honey has recently been added as well as a host of new boba flavors.


Alina and Samara’s game uses micro workouts to help you stay active

Alina and Samara, co-founders of Fitment: Cozy Fitness Game
Hopkins, Minnesota

Whilst working 80 hours a week during the pandemic, Alina found that she had no time to exercise but still managed to play video games and scroll through social media. This inspired her to create a fun and easy game for people to stay active. After posting a job online, she teamed up with Samara, a gaming programming teacher, and they built their game, Fitment. The game makes exercise more accessible through gamified micro workouts that are engaging and fun. The team is now working on rolling out social features to make the platform more interactive, enabling friends to get fit together.


Discover more #WeArePlay stories from the US and stories from across the globe.



How useful did you find this blog post?

Google Drive inventory reporting is now available in open beta

What’s changing 

Google Drive inventory reporting is now available in open beta, providing admins with enhanced visibility into the state of their data assets. By exporting this data into BigQuery, admins can gain a holistic view of how their data is classified, who can access it, and how it’s being used. Analyzing this data at scale helps admins address the challenge of understanding the full scope of their data assets, especially as it pertains to sensitive information and compliance with data policies.



Who’s impacted

Admins


Why it’s important

Compared to using APIs, Drive inventory reporting is a more efficient alternative to piecing together a full representation of Drive items from audit events and various other surfaces. The comprehensive view of the file corpus—including classifications, sizes, and locations—allows administrators to identify security risks, such as unauthorized access or oversharing. It also aids in ensuring compliance with regulatory requirements, like those for data retention and destruction. 


Getting started


  • Admins: Eligible Admins can enable this feature in the Admin console by going to Reporting > Data Integrations and enabling Drive Inventory Export. Visit the Help Center to learn more about Drive inventory reporting. Admins interested in providing feedback to the product team during the open beta can fill out this form.
  • End users: There is no end user impact or action required.


Rollout pace

  • This feature is available now for all eligible users.

Availability

Available for Google Workspace:

  • Enterprise Standard and Plus
  • Education Standard and Plus
  • Enterprise Essentials Plus
  • Frontline Standard

Resources


Google Workspace Updates Weekly Recap – July 19, 2024

2 New updates

Unless otherwise indicated, the features below are available to all Google Workspace customers, and are fully launched or in the process of rolling out. Rollouts should take no more than 15 business days to complete if launching to both Rapid and Scheduled Release at the same time. If not, each stage of rollout should take no more than 15 business days to complete.


All new appointments need to be booked through appointment schedules in Google Calendar 
Earlier this year, we announced that the appointment slots feature will be replaced by appointment schedules in Google Calendar. Starting this week, only appointment schedules can be created. In a couple of weeks, the appointment slots booking pages will no longer be available. At that time, all new appointments will need to be booked through appointment schedules. | Appointment schedules are available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, the Teaching and Learning Upgrade, Nonprofits, Google Workspace Individual customers and Google One Premium users. | Visit the Help Center for detailed information about appointment schedules. 

Available in beta: migrate sensitive files to Google Drive with client-side encryption 
We are making it easier to programmatically import sensitive files to Google Drive with client-side encryption by providing code samples on Github. Eligible admins can apply for beta access to this Drive API feature using this form. | Available to Google Workspace Enterprise Plus; Education Standard and Education Plus.


Previous announcements

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Google Classroom now supports exporting grades and importing rosters and grade settings with PowerSchool SIS 
Google Classroom teachers can now export and import select information via the new integration with PowerSchool SIS. | Learn more about the integration with Classroom and PowerSchool SIS. 

Teachers will soon be able to create a new class in Google Classroom using Student Information System (SIS) data 
In the coming weeks, we will be introducing a new feature that allows teachers to set up a Google Classroom class using information directly imported from an SIS, including co-teachers, student rosters and class lists, grading categories and grading periods. Please note this feature is only available with our current SIS partners. | Learn more about creating new classes in Classroom using SIS data. 

Google Workspace extensions for Gmail, Google Drive and Google Docs are now available in open beta for Gemini (gemini.google.com) 
We’re pleased to announce Google Workspace extensions for Gmail, Google Drive and Google Docs are available for Gemini (gemini.google.com). When enabled, Gemini will be able to cross reference these apps as data sources to better inform its responses. | Learn more about the beta for Gemini (gemini.google.com). 

Import and export Markdown in Google Docs 
We’re introducing highly-requested features that enhance Docs' interoperability with other Markdown supporting tools. | Learn more about markdown in Docs

Clearer re-enrollment for Google Meet hardware devices 
We're updating the way Google Meet hardware devices are re-enrolled to provide a more intuitive experience for administrators. | Learn more about re-enrollment for Meet hardware devices. 

Available in beta: Policy Visualization across Google Docs, Sheets, Slides and Drive 
Users who are interacting with policy-protected content, such as those with data loss prevention (DLP) rules or trust rules, will now be proactively informed about what actions are prevented by those policies. | Learn more about policy visualization.


Completed rollouts

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).  

Enable guardians to preview assigned classwork within Google Classroom

What’s changing 

Currently, a teacher or school administrator can invite a guardian, typically a parent, to receive email summaries about their student’s work in class. These email summaries include a rundown of missing work, upcoming work and class activities, such as recently posted announcements or assignments in Google Classroom. 

Going forward, guardian email summaries will now include links that let guardians preview their student's Classwork pages, including assigned work and attachments provided by the teacher. With this update, guardians can stay up-to-date with what their students are learning. Guardians will not be able to see their student’s grades or submissions, class communication, or other students’ work. Guardians can easily access this page directly from the Classroom email summaries or from the link shared by teachers. 

Enable guardians to preview assigned classwork within Google Classroom


Who’s impacted 

Admins and end users 


Why it matters 

This feature keeps guardians informed about their student’s assignments in class. 


Additional details 

Teachers with the Google Workspace Education Plus edition who already send guardian email summaries will notice those emails automatically start including guardian previewing links. No action is needed to get started. 


Getting started 

  • Admins: Admins can turn Guardian Access ON or OFF for their domain and determine whether only admins, or admins and verified teachers, can control guardians accounts and per-class access. If admins choose the latter, verified teachers are able to add or remove guardian accounts for students in their class and determine whether each class will be available for guardian access. Visit the Help Center to learn more about managing guardians in your domain
  • End users: In classes where you have guardian summaries turned ON, guardians can now preview your classwork page and any classwork assigned to their student(s). You can turn this setting OFF at any time in your Class Settings page.
  • Guardians: You have guardian preview capabilities to your student’s Classwork page through direct links in the email summary. Visit the Help Cenet to learn more about guardian email summaries

Rollout pace 

Availability 

Available for Google Workspace: 
  • Education Plus 

Resources 

Chrome Dev for Desktop Update

The Dev channel has been updated to 128.0.6601.2 for Windows, Mac and Linux.

A partial list of changes is available in the Git log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Prudhvi Bommana
Google Chrome

The Fourth Beta of Android 15

Posted by Matthew McCullough – VP of Product Management, Android Developer


Today we're bringing you Beta 4, the last scheduled update in our Android 15 beta program, so make sure your apps are ready and you've given us any critical feedback before non-beta users start getting Android 15.

What's in Beta 4?

This is our second Platform Stability release; the developer APIs and all app-facing behaviors are final for you to review and integrate into your apps, and apps targeting Android 15 can be made available in Google Play. Beta 4 includes our latest fixes and optimizations, giving you everything you need to complete your testing. Head over to our Android 15 summary page for a list of the features and behavior changes we've been covering in this series of blog posts, or read on for some of the top changes to be aware of.

Timeline of Android 15 release schedule

Removed PNG-based emoji font

Android 15 removes the legacy PNG-based emoji font file (NotoColorEmojiLegacy.ttf) meaning that some Android 15 devices such as Pixel will only have the vector-based file. Beginning with Android 13, the emoji font file used by the system emoji renderer changed from a PNG-based file to a vector based file. We kept the old font file around in Android 13 and 14 for compatibility reasons, so that applications with their own font renderers could continue to use the old font until they were able to upgrade.

You can choose to adapt your app in a number of ways:

    • Use platform text rendering. You can render text to a bitmap-backed Canvas and use that to get a raw image if necessary.

Get your apps, libraries, tools, and game engines ready!

If you develop an SDK, library, tool, or game engine, it's important to prepare any necessary updates now to prevent your downstream app and game developers from being blocked by compatibility issues and allow them to target the latest SDK features. Please let your developers know if updates are needed to fully support Android 15.

Testing your app involves installing your production app using Google Play or other means onto a device or emulator running Android 15 Beta 4. Work through all your app's flows and look for functional or UI issues. Review the behavior changes to focus your testing. Each release of Android contains platform changes that improve privacy, security, and overall user experience, and these changes can affect your apps. Here are several changes to focus on that apply even if you don't yet target Android 15:

    • Support for 16KB page sizes - Beginning with Android 15, Android supports devices that are configured to use a page size of 16 KB. If your app or library uses the NDK, either directly or indirectly through an SDK, then you will likely need to rebuild your app for it to work on these devices.
    • Private space support - Private space is a new feature in Android 15 that lets users create a separate space on their device where they can keep sensitive apps away from prying eyes, under an additional layer of authentication.

Remember to thoroughly exercise libraries and SDKs that your app is using during your compatibility testing. You may need to update to current SDK versions or reach out to the developer for help if you encounter any issues.

Once you’ve published the Android 15-compatible version of your app, you can start the process to update your app's targetSdkVersion. Review the behavior changes that apply when your app targets Android 15 and use the compatibility framework to help quickly detect issues.

Take advantage of new platform features!

Go beyond getting your app ready and take advantage of new features that can make your app stand out on Android 15 devices:

    • The font file for Chinese, Japanese, and Korean (CJK) languages, NotoSansCJK, is now a variable font opening up new possibilities for creative typography.
    • The ApplicationStartInfo API helps provide insight into app startup including startup state, time spent in launch phases, how your app was started when your Application class was instantiated, and more.
    • With partial screen sharing users can share or record just an app window rather than the entire device screen.
    • Generated previews allow your app widget providers to generate RemoteViews which contain live-content and accurate device theming to use as the picker preview, instead of a generic static resource.

Get started with Android 15

Today's beta release has everything you need to try out Android 15 features, test your apps, and give us feedback. Now that we’re in the beta phase, you can check here to get information about enrolling your device; Enrolling supported Pixel devices will deliver this and future Android Beta updates over-the-air. These OTAs will begin this evening PDT. If you don’t have a supported device, you can use the 64-bit system images with the Android Emulator in Android Studio. If you're already in the Android 14 QPR beta program on a supported device, you'll automatically get updated to Android 15 Beta 4.

For the best development experience with Android 15, we recommend that you use the latest version of Android Studio Koala. Once you’re set up, here are some of the things you should do:

    • Try the new features and APIs - your feedback is critical during the early part of the developer preview and beta program. Report issues in our tracker on the feedback page.
    • Test your current app for compatibility - learn whether your app is affected by changes in Android 15; install your app onto a device or emulator running Android 15 and extensively test it.
    • Update your app with the Android SDK Upgrade Assistant - The latest Android Studio Koala Feature Drop release now covers android 15 API changes and walks you through the steps to upgrade your targetSdkVersion with the Android SDK Upgrade Assistant.

Android SDK Upgrade Assistant in Android Studio Koala Feature Drop
Android SDK Upgrade Assistant in Android Studio Koala Feature Drop

We’ll update the beta system images and SDK regularly throughout the remainder of the Android 15 release cycle. Read more here.

For complete information, visit the Android 15 developer site.


All trademarks, logos and brand names are the property of their respective owners.