Stable Channel Update for Desktop

The Stable channel has been updated to 121.0.6167.85 for Mac and Linux and 121.0.6167.85/.86 to Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 17 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$11000][1505080] High CVE-2024-0807: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2023-11-25

[$9000][1484394] High CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous on 2023-09-19

[$6000][1504936] High CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001) on 2023-11-24

[$2000][1496250] Medium CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim on 2023-10-26

[$1000][1463935] Medium CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea) on 2023-07-11

[$1000][1477151] Medium CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01 on 2023-08-30

[$1000][1505176] Medium CVE-2024-0806: Use after free in Passwords. Reported by 18楼梦想改造家 on 2023-11-25

[TBD][1514925] Medium CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip on 2024-01-01

[TBD][1515137] Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India)  on 2024-01-03

[N/A][1494490] Low CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero on 2023-10-21

[TBD][1497985] Low CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2023-10-31


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

  • [1520680] Various fixes from internal audits, fuzzing and other initiatives


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.




Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.



Daniel Yip
Google Chrome

Early Stable Update for Desktop

The Stable channel has been updated to 121.0.6167.85 for Windows and Mac as part of our early stable release to a small percentage of users. A full list of changes in this build is available in the log.


You can find more details about early Stable releases here.

Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Daniel Yip

Google Chrome

Google Summer of Code 2024 Mentor Organization Applications Now Open

We are excited to announce that open source projects and organizations can now apply to participate as mentor organizations in the 2024 Google Summer of Code (GSoC) program. Applications for organizations will close on February 6, 2024 at 18:00 UTC.

We are celebrating a big milestone as we head into our 20th year of Google Summer of Code this year! In 2024 we are adding a third project size option which you can read more about in our announcement blog post.

Does your open source project want to learn more about becoming a mentor organization? Visit the program site and read the mentor guide to learn what it means to be a mentor organization and how to prepare your community (hint: have plenty of excited, dedicated mentors and well thought out project ideas!).

We welcome all types of organizations and are very eager to involve first-time mentor orgs in GSoC. We encourage new organizations to get a referral from experienced organizations that think they would be a good fit to participate in GSoC.

The open source projects that participate in GSoC as mentor organizations span many fields including those doing interesting work in AI/ML, security, cloud, development tools, science, medicine, data, media, and more! Projects can range from being relatively new (about 2 years old) to well established projects that started over 20 years ago. We welcome open source projects big, small, and everything in between.

This year we are looking to bring more open source projects in the AI/ML field into GSoC 2024. If your project is in the artificial intelligence or machine learning fields please chat with your community and see if you would be interested in applying to GSoC 2024.

One thing to remember is that open source projects wishing to apply need to have a solid community; the goal of GSoC is to bring new contributors into established and welcoming communities. While you don’t have to have 50+ community members, the project also can’t have as few as three people.

You can apply to be a mentor organization for GSoC starting today on the program site. The deadline to apply is February 6, 2024 at 18:00 UTC. We will publicly announce the organizations chosen for GSoC 2024 on February 21st.

Please visit the program site for more information on how to apply and review the detailed timeline for important deadlines. We also encourage you to check out the Mentor Guide, our ‘Intro to Google Summer of Code’ video, and our short video on why open source projects are excited to be a part of the GSoC program.

Good luck to all open source mentor organization applicants!

By Stephanie Taylor, Program Manager – Google Open Source Programs Office

Manage reported Google Chat content from the new moderation tool in the Admin console

What’s changing

We’re introducing a centralized location for reviewing and taking action on reported Google Chat content in the Admin console under Apps > Google Workspace > Moderation, alongside the email quarantine tool for Gmail. Here can be found an overarching view of active and resolved reports, as well as additional information and context about reported messages, allowing for more informed decisions to be made.

Super admins will have access to the moderation tool and can also assign users the new “Moderate Chat content report” privilege. The new privilege can be assigned to users in your organization who are best suited to review Chat content, helping to reduce the burden on super admins.


Who’s impacted

Admins and designated moderators 


Why it’s important

Google Chat is key to accelerating productivity and collaboration — content reporting and moderation helps ensure that information exchanged across Chat is safe and appropriate.  When a report is submitted by users, the moderation tool can be used to:

  • See all reports associated with the message (including those resolved in the past).
    • Note that resolved reports will be removed from the Moderation tool after 180 days.
  • Review the edit history of a message and conversation transcript, including up to five messages posted before the reported message.
  • Conversation details provide information about the type of conversation (direct messages, group direct messages, or Spaces) with number of participants, space managers, guidelines, etc.


Using this information, combined with organization policies, admins and moderators can choose the best course of action, whether that be deleting a specific message or deleting an entire space before resolving the report. Additionally, moderators can add comments to the report for prosperity should the content require further auditing in the future.

The moderation tool can be accessed in the Admin console by selecting Apps > Google Workspace > Moderation.

Upon selecting a reported message, you’ll see a variety of information including conversation details and other reports for the message.

You can select “Show more” from the “Reported message” section to view up to five messages sent prior to the reported message.



Additional details

As part of this change, the moderation tool will also include a tab for managing quarantined Gmail messages. Visit our Help Center for more information regarding setting up email quarantine and the admin privileges required to manage quarantined messages. The Gmail tab is available to all Google Workspace customers.


Getting started



Rollout pace


Availability

  • Google Chat content reporting and moderation is available to Google Workspace Enterprise, Enterprise Plus, Education Standard and Education Plus customers

Resources

Chrome Beta for Desktop Update

The Beta channel has been updated to 121.0.6167.85 for Windows, Mac and Linux.

A partial list of changes is available in the Git log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Daniel Yip
Google Chrome