Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 128 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.


Chrome 128.0.6613.84 (Linux) 128.0.6613.84/.85( Windows, Mac) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 126.

Chrome 128.0.6613.84( Windows, Mac) has been pushed to extended stable channel as well

 Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 38 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$36000][358296941] High CVE-2024-7964: Use after free in Passwords. Reported by Anonymous on 2024-08-08

[$11000][356196918] High CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog on 2024-07-30

[$10000][355465305] High CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100) on 2024-07-25

[$7000][355731798] High CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security on 2024-07-27

[$1000][349253666] High CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive) on 2024-06-25

[TBD][351865302] High CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team on 2024-07-09

[TBD][360700873] High CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024-08-19

[$11000][345960102] Medium CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm) on 2024-06-10

[$7000][345518608] Medium CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax on 2024-06-06

[$3000][339141099] Medium CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed) on 2024-05-07

[$3000][347588491] Medium CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita on 2024-06-16

[$2000][339654392] Medium CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz on 2024-05-10

[$1000][324770940] Medium CVE-2024-7977: Insufficient data validation in Installer. Reported by Kim Dong-uk (@justlikebono) on 2024-02-11

[$1000][40060358] Medium CVE-2024-7978: Insufficient policy enforcement in Data Transfer. Reported by NDevTK on 2022-07-21

[TBD][356064205] Medium CVE-2024-7979: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-29

[TBD][356328460] Medium CVE-2024-7980: Insufficient data validation in Installer. Reported by VulnNoob on 2024-07-30

[$1000][40067456] Low CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita on 2023-07-14

[$500][350256139] Low CVE-2024-8033: Inappropriate implementation in WebApp Installs. Reported by Lijo A.T on 2024-06-30

[$500][353858776] Low CVE-2024-8034: Inappropriate implementation in Custom Tabs. Reported by Bharat (mrnoob) on 2024-07-18

[TBD][40059470] Low CVE-2024-8035: Inappropriate implementation in Extensions. Reported by Microsoft on 2022-04-26


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2024-7971 exists in the wild.


As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [361165957] Various fixes from internal audits, fuzzing and other initiatives


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.


Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Prudhvikumar Bommana
Google Chrome

Announcing v202408 of the Google Ad Manager API

We're pleased to announce that v202408 of the Google Ad Manager API is available starting today, August 21, 2024. This release brings support for setting contextual targeting with ContentLabelTargeting and VerticalTargeting. It also adds AdsTxtService for reading MCM supply chain diagnostics.

In reporting, the VIDEO_PLACEMENT_NAME dimension has been replaced by the VIDEO_PLCMT_NAME dimension which reflects the updated IAB definition.

For the full list of changes, check the release notes. Contact us on the Ad Manager API forum with any API-related questions.

- Chris Seeley, Ad Manager API Team

Fluent Bit WriteAPI Connector: Lowering the barrier to streaming data

Automating ingestion processes is crucial for modern businesses that handle vast amounts of data daily. In today's fast-paced digital landscape, the ability to seamlessly collect, process, and analyze data can make the difference between staying ahead of the competition and falling behind. To simplify ingestion, tools such as Fluent Bit enable customers to route data between pluggable sources and sinks without needing to write a single line of code. Instead, data routing is managed via a config file. The Fluent Bit WriteAPI Connector is a pluggable sink built on top of the BigQuery Storage Write API that enables organizations to rapidly develop a data ingestion pipeline.


What are the BigQuery Storage Write API and Fluent Bit?

The BigQuery Storage Write API is a high-performance data-ingestion API for BigQuery. It leverages both batching and streaming methods to ingest records into BigQuery in real-time. The WriteAPI offers features such as ability to scale and provides exactly-once delivery to guarantee that data is not duplicated. Using the Write API directly typically requires technical expertise, as users must navigate one of the client SDKs. This can create a high barrier to entry for some customers to stream data into BigQuery.

Fluent Bit is a widely-used open-source observability agent known for its lightweight design, speed, and flexibility. It operates by collecting logs, traces and metrics through various inputs such as local or network files, filtering and buffering them, and then routing them to designated outputs. Fluent Bit's high-performance parsing capabilities allow for data to be processed according to user specifications. The output component is a configurable plugin that directs data to different destinations, such as various tables in BigQuery. There can be multiple WriteAPI outputs and each output can be independently configured to use a specific write mode, enabling seamless data streaming into BigQuery based on tag/match pairs.


Why Use the Fluent Bit WriteAPI Connector?

Our solution to the technical challenges posed by using the WriteAPI is the Fluent Bit WriteAPI Connector. This connector automates the data ingestion process, eliminating the need for customers to write any code. The entire pipeline is managed through a single configuration file, making it easy to use. The flow of data is depicted in the diagram below.

Fluent Bit Flow Diagram

Example Use Case

Say we wish to monitor a log file containing JSON data, and we would like to ingest this data into a BigQuery table that has a single column titled “Text” of type String. A line from the log file looks like this:

{"Text": "Hello, World"}

Setup Process

    1. Setting Up Fluent Bit: The first step is to install and configure Fluent Bit. Once installed, Fluent Bit must be configured to collect data from your desired sources. This involves defining inputs, such as log files or system metrics, that Fluent Bit will monitor. This is explained below.
    2. Cloning the Google Git Repository: Next, clone the Google Git Repository that contains the Fluent Bit WriteAPI Connector. This repository includes all the necessary files to set up the connector, along with an example configuration file to help you get started. Let’s say the git repo is cloned at /usr/local/fluentbit-bigquery-writeapi-sink. Edit the file in the git repo named plugins.conf to provide the full path to the writeapi plugin. For example, the contents of the file can now look like this: 
    [PLUGINS]
      Path    /usr/local/fluentbit-bigquery-writeapi-sink/out_writeapi.so 
    3. Setting Up BigQuery Tables: Ensure that your BigQuery tables are set up and ready to receive data. This might involve creating new tables or configuring existing ones to match the data schema you intend to use. For example, create the BigQuery table with a schema containing the column Text of type STRING. Let’s say the table is created at myProject.myDataset.myTable.
Destination table schema
click to enlarge

    4. Prepare the input file: We will be reading data from a log file at /usr/local/logfile.log. Let’s start with an empty log file. Create the log file as follows: 
    touch /usr/local/logfile.log
    5. Configuring the Plugin: The most critical step is setting up the configuration file for the Fluent Bit WriteAPI Connector. This singular file controls the entire data pipeline, from input collection to data filtering and routing. The configuration file is straightforward and highly intuitive. It allows you to define various parameters, such as input sources, data filters, and output destinations. Create a configuration file in, say /usr/local, and call it demo.conf. See details on how to format a configuration file. It looks like this:
      Sample Config File

This routes the data from /usr/local/logfile.log to the BigQuery table at myProject.myDataset.myTable. There are additional configurable fields that control the stream, such as chunking, asynchronous response queue, and also the type of stream. These fields let you control how your data is streamed.

To run the pipeline, use the command:

fluent-bit -c /usr/local/demo.conf

As the log file is updated new lines will automatically appear in the BigQuery table. For example, to populate the log file you can run the following command:

echo "{\"Text\": \"Hello, world\"}" >> /usr/local/logfile.log

Note that the default flush interval in Fluent Bit is 1 minute, so it might take a minute before the log file is flushed. The BigQuery table will now be updated as follows:

Populated BigQuery table
click to enlarge

Key Features

The connector supports a wide variety of features including multi-instancing, dynamic scaling, exactly-once delivery, and automatic retry.

    1. Multi-Instancing

    • The multi-instancing feature of the Fluent Bit WriteAPI Connector is designed to offer flexibility in routing data. Specifically, users can configure the connector to handle multiple data inputs and outputs in various combinations. This feature also supports more complex configurations, such as multiple inputs feeding into multiple outputs, allowing data to be aggregated or distributed as needed. An input connector is labeled with a tag field. In our example, this has value log1. Data is routed to an output connector based on the value of its match field. In our example, this also has value log1, meaning there is a 1-to-1 correspondence between the input and output connector. The match field is a regex so it can be used to connect with multiple inputs. For example, if this was set to * then data from all inputs would flow to this output.

    2. Dynamic Scaling

    • Handling large volumes of data efficiently is crucial for modern pipelines. The dynamic scaling feature addresses the issue of potential overloads in the Write API. As data is streamed into BigQuery, there may be times when the API queue becomes full—by default, it can hold up to 1000 pending responses. When this limit is reached, no new data can be appended until some of the pending responses are processed, which can create back pressure in the system. To manage this, the connector automatically scales up its capacity by creating an additional network connection when it detects that the number of pending responses has reached the threshold.

    3. Exactly-Once

    • The "exactly-once" feature ensures that each piece of data is sent and recorded in BigQuery exactly once. This feature ensures no data is duplicated. If the connector encounters an intermittent issue while sending a specific piece of data, it will synchronously retry sending it until it is successful. This ensures data is delivered correctly.

    4. Retry Functionality

    • The retry functionality allows the connector to handle temporary failures gracefully. The retry mechanism is configurable, meaning users can set how many times the system should attempt to resend the data before giving up. By default, the connector will retry sending failed data up to four times. In the default stream mode, if a row of data fails to send, it is retried while other rows continue to be processed. However, in the "exactly once" mode, the retry process is synchronous, meaning the system will wait for the failed row to be successfully sent before moving on to subsequent rows.

    5. Error Handling

    • Error handling in the connector is designed to catch and manage issues that may arise during data transmission. The connector will continue processing incoming data even if earlier data had a failure. Any permanent issues that are encountered are logged to the console.

Conclusion

The ability to efficiently collect, process, and analyze data is a critical factor for business success. The Fluent Bit WriteAPI Connector stands out as a powerful solution that simplifies and automates the data ingestion process, bridging the gap between Fluent Bit's versatile data collection capabilities and Google BigQuery's robust analytics platform.

By eliminating the need for complex coding and manual data management, the Fluent Bit WriteAPI Connector lowers the barrier to entry for businesses of all sizes. Whether you're a small startup or a large enterprise, this tool allows you to effortlessly set up and manage your data pipelines with a single configuration file. Its features like multi-instancing, dynamic scaling, exactly-once delivery, and error handling ensure that your data is ingested accurately, reliably, and in real-time.

The straightforward setup process, combined with the flexibility and scalability of the connector, make it a valuable asset for any organization looking to harness the power of their data. By automating the ingestion process, businesses can focus on what truly matters: deriving actionable insights from their data to drive growth and innovation.

Less Is More: Principles for Simple Comments

This is another post in our Code Health series. A version of this post originally appeared in Google bathrooms worldwide as a Google Testing on the Toilet episode. You can download a printer-friendly version to display in your office.

By David Bendory

Simplicity is the ultimate sophistication. — Leonardo da Vinci

You’re staring at a wall of code resembling a Gordian knot of Klingon. What’s making it worse? A sea of code comments so long that you’d need a bathroom break just to read them all! Let’s fix that.

  • Adopt the mindset of someone unfamiliar with the project to ensure simplicity. One approach is to separate the process of writing your comments from reviewing them; proofreading your comments without code context in mind helps ensure they are clear and concise for future readers.

  • Use self-contained comments to clearly convey intent without relying on the surrounding code for context. If you need to read the code to understand the comment, you’ve got it backwards!

Not self-contained; requires reading the code

Suggested alternative

// Respond to flashing lights in // rearview mirror.

// Pull over for police and/or yield to

// emergency vehicles.

while flashing_lights_in_rearview_mirror() {

  move_to_slower_lane() || stop_on_shoulder();

}

  • Include only essential information in the comments and leverage external references to reduce cognitive load on the reader. For comments suggesting improvements, links to relevant bugs or docs keep comments concise while providing a path for follow-up. Note that linked docs may be inaccessible, so use judgment in deciding how much context to include directly in the comments.

Too much potential improvement in the comment

Suggested alternative

// The local bus offers good average- // case performance. Consider using // the subway which may be faster

// depending on factors like time of // day, weather, etc.

// TODO: Consider various factors to // present the best transit option.

// See issuetracker.fake/bus-vs-subway

commute_by_local_bus();

  • Avoid extensive implementation details in function-level comments. When implementations change, such details often result in outdated comments. Instead, describe the public API contract, focusing on what the function does.

Too much implementation detail

Suggested alternative

// For high-traffic intersections // prone to accidents, pass through // the intersection and make 3 right // turns, which is equivalent to // turning left.

// Perform a safe left turn at a

// high-traffic intersection.

// See discussion in

// dangerous-left-turns.fake/about.

fn safe_turn_left() {

  go_straight();

  for i in 0..3 {

    turn_right();

  }

}


ChromeOS M-127 Stable Release Update

The Stable channel is being updated to OS version: 15917.71.0 Browser version: 127.0.6533.132 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

Alon Bajayo,
Google ChromeOS

Refine emails faster with updates to Help me write in Gmail

What’s changing 

Building upon our popular Help me write feature in Gmail and the recent launch of the summarization feature in the Gmail mobile app, we’re excited to introduce two new Gemini in Gmail updates to help you draft emails even faster: 
  • A new option for Help me write that polishes emails drafts on web and mobile devices 
  • Help me write and Refine my draft shortcuts on Android and iOS devices 
When using Gemini to refine emails, users can choose from the following options: Formalize, Elaborate and Shorten. We recently added the Polish option to web and mobile, which can effortlessly refine your emails, saving you time. For example, if you enter rough notes into a draft, Gemini can turn the content into a completely formal draft, ready for you to review in one click. 
polish draft using Gemini in Gmail

On mobile, when an email draft is empty, the “Help me write” shortcut now appears in the body of the email and when selected, it will open the full Help me write experience. When 12+ words are present in an email draft, the ​​“Refine my draft” shortcut will be shown below the email content to indicate that there are options available to Polish, Formalize, Elaborate, or Shorten your draft, or Write a new draft. The menu can be triggered simply by swiping right on “Refine my draft”. 

refine my email draft on Gmail using Gemini

Getting started 

Rollout pace 

  • The option for Help me write to polish email drafts is available now on web, Android and iOS. 
  • The Help me write and Refine my draft shortcuts are available now on Android and iOS. 

Availability 

Available for Google Workspace customers with: 
  • Gemini Business and Enterprise add-on 
  • Gemini Education and Education Premium add-on 
  • Google One AI Premium 

Resources 

Tune in for our summer episode of #TheAndroidShow on August 27!

Posted by Anirudh Dewani – Director, Android Developer Relations

In just a few days, on Tuesday, August 27 at 10AM PT, we’ll be dropping our summer episode of #TheAndroidShow, on YouTube and on developer.android.com. In this quarterly show, we’ll be unpacking all of the goodies coming out of this month’s Made by Google event and what you as Android developers need to know!



With two new Wear OS 5 watches, we’ll show you how to get building for the wrist. And with the latest foldable from Google, the Pixel 9 Pro Fold, we’ll show how you can leverage out of the box APIs and multi-window experiences to make your apps adaptive for this new form factor.

Plus, Gemini Nano now has Multimodality, and we’ll be going behind-the-scenes to show you how teams at Google are using the latest model for on-device AI.

#TheAndroidShow is your conversation with the Android developer community, this time hosted by Huyen Tue Dao and John Zoeller. You'll hear the latest from the developers and engineers who build Android.

Don’t forget to tune in live on August 27 at 10AM PT, live on YouTube and on developer.android.com/events/show!

#WeArePlay | Meet the founders turning their passions into thriving businesses

Posted by Robbie McLachlan, Developer Marketing

Our celebration of app and game businesses continues with #WeArePlay stories from founders around the world. Today, we’re spotlighting the people who turned their passions into thriving businesses - from a passion for art and design from one game creator, to a passion for saving the environment from an app maker.

Brian, founder of SweatyChair
Sydney, Australia

During a gaming developer competition, Brian - alongside his wife and three other participants - built a challenging monster and bullet-dodging game called No Humanity within 48 hours, winning first place in the competition. From this, Brian founded his gaming company SweatyChair. No Humanity was improved and launched a week later and grew to over 9 million downloads. His passion for technology and art is how he champions a more active gaming experience, where players can create their own elements and play them in the game.


Prachi, founder and CEO of Cool The Globe
Pune, India

When Prachi travelled to Maharashtra, she saw first-hand how the effects of climate change impacted the locals. Her passion for protecting the environment led her to ask herself “What can I do about climate change?”. She vowed to reduce her carbon footprint and went on to create Cool The Globe, an app that helps people track daily actions to lower their emissions. Her dedication earned her the Young Changemaker Award in India. Next, she aims to add community dashboards for schools and organizations to follow their collective climate efforts.


François, Benoit and Julie Co-founders of Yuka App
Chatou, France

Benoit is passionate about providing nutritious food for his children, so he went on a mission to buy healthier food for his family. Whilst shopping, he found label-reading tiring and wished for a tool to check ingredients automatically. He shared his idea with his brother François and close friend Julie. Together, the trio saw a real need to combine their passions for nutrition and technology and spent a weekend hammering out their concept before presenting the idea in a food hackathon they went on to win. Their winning project laid the groundwork for their app Yuka, which scans product labels to reveal their ingredients and health impact.


Michelle, founder of Peanut App
London, UK

When the loneliness of early motherhood hit after her first child, Michelle sought community and answers from online forums. When the forums didn’t provide the safe space she was looking for, her passion for building community along with her 10 years of experience in social networking inspired her to create Peanut. The app helps moms to connect, make friends, and find support. With over 2.3 million downloads and a budding global community, the Peanut team recently revamped the main feed for greater personalization and introduced an ad-free option.

Discover more global #WeArePlay stories and share your favorites.



How useful did you find this blog post?

Introducing Student Groups in Google Classroom

What’s changing 

We’re excited to introduce a new feature in Google Classroom that enables teachers to create groups of students to make assigning differentiated content easier. This update will allow them to quickly assign classwork to pre-defined sets of students without having to tediously select individual students. 


Now, teachers can differentiate content across sub-sections of their class based on their students' needs. For example, teachers can create groups based on reading levels and as their class adapts, they can edit members of a group or delete groups within their class. 

Student groups in Classroom
Who’s impacted 

End users 


Why you’d use it 

Groups in Classroom will help teachers organize, manage and understand performance in their class. 


Additional details 

Group names and members are only visible to teachers or co-teachers, not students. 


Getting started 

Rollout pace 

Availability 

Available for Google Workspace: 
  • Education Plus and the Teaching & Learning Upgrade 

Resources