Tag Archives: ChromeOS

Stable Channel Update for ChromeOS / ChromeOS Flex

 Hello All,


The Stable channel is being updated to 116.0.5845.120 (Platform version: 15509.63.0) for most ChromeOS devices and will be rolled out over the next few days.

If you find new issues, please let us know one of the following ways:

Interested in switching channels? Find out how.

See release notes.

Security Fixes and Rewards:

VRP Reported Security Fixes:

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

[$TBD] [1464456] Medium CVE-2023-4369 XSS on ChromeOS, abusable by extensions. Reported by Derin Eryilmaz.

[$TBD] [1443214] Low CVE-TBD Extension abuse in ChromeOS. Reported by Allen Ding



3rd Party Reported Security Fixes:


[NA]  [NA] High Fixes CVE-2023-20593 on impacted AMD platforms

[NA]  [NA] High Fixes CVE-2023-4211 on impacted Arm platforms

[NA]  [NA] High Fixes CVE-2023-4128 in Linux Kernel

[NA]  [NA] High Fixes CVE-2023-4147 in Linux Kernel

[NA]  [NA] High Fixes CVE-2023-3390 in Linux Kernel

[NA]  [NA] High Fixes CVE-2023-32804 in Arm Mali Driver Development Kit


Chrome Browser Security Fixes:


[$30000][1448548] High CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L. on 2023-05-24

[$5000][1458303] High CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI on 2023-06-27

[$3000][1454817] High CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem) on 2023-06-14

[$2000][1465833] High CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI on 2023-07-18

[$NA][1452076] High CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-06-07

[$NA][1458046] High CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research on 2023-06-27

[$NA][1464215] High CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero on 2023-07-12

[$NA][1468943] High CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero on 2023-07-31

[$5000][1449929] Medium CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy) on 2023-05-30

[$3000][1458911] Medium CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii on 2023-06-28

[$3000][1466415] Medium CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI on 2023-07-20

[$2000][1443722] Medium CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01 on 2023-05-09

[$2000][1462723] Medium CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong on 2023-07-07

[$2000][1465230] Medium CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita on 2023-07-17

[$1000][1316379] Medium CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab on 2022-04-14

[$1000][1367085] Medium CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz on 2022-09-23

[$1000][1406922] Medium CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane on 2023-01-13

[$1000][1431043] Medium CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh on 2023-04-06

[$1000][1450784] Medium CVE-2023-4366: Use after free in Extensions. Reported by asnine on 2023-06-02

[$500][1467743] Medium CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26

[$500][1467751] Medium CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong on 2023-07-26



Android Runtime Container Security Fixes:

[NA]  [NA] High Fixes CVE-2023-21264 on impacted platforms

[NA]  [NA] High Fixes CVE-2020-29374 on impacted platforms



We would like to thank the security researchers that report vulnerabilities to us via bughunters.google.com to keep ChromeOS and the entire open source ecosystem secure.


Google ChromeOS

Beta Channel Update for ChromeOS / ChromeOS Flex

The Beta channel is being updated to OS version: 15572.16.0 Browser version: 117.0.5938.22 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

Matt Nelson,
Google ChromeOS

Long Term Support Channel Update for ChromeOS

A new LTC-114 version, 114.0.5735.331 (Platform Version: 15437.67.0), is being rolled out for most ChromeOS devices. 


If you have devices in the LTC channel, they will be updated to this version. The LTS channel remains on LTS-108 until September 19th, 2023. 

Release notes for LTC-114 can be found here 
Want to know more about Long-term Support? Click here

This update contains multiple Security fixes, including:



High Fixes for CVE-2023-4211 on impacted platforms





Giuliana Pritchard
Google ChromeOS

Long Term Support Channel Update for ChromeOS

LTS-108 is being updated in the LTS channel to 108.0.5359.240 (Platform Version: 15183.103.0) for most ChromeOS devices. Want to know more about Long Term Support? Click here.


This update contains multiple Security fixes, including:



1464113 High CVE-2023-4074 Use after free in Blink Task Scheduling
1450899 High CVE-2023-3732 Out of bounds memory access in Mojo
1459124 High CVE-2023-4076 Use after free in WebRTC




Giuliana Pritchard 

Google Chrome OS

Dev Channel Update for ChromeOS / ChromeOS Flex

The Dev channel is being updated to OS version: 15572.10.0 Browser version: 117.0.5938.13 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

Matt Nelson,
Google ChromeOS

Dev Channel Update for ChromeOS / ChromeOS Flex

The Dev channel is being updated to OS version: 15572.4.0 Browser version: 117.0.5938.4 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

Matt Nelson,
Google ChromeOS

Stable Channel Update for ChromeOS / ChromeOS Flex

ChromeOS M115 Stable

The Stable channel is being updated to OS version: 15474.84.0 Browser version: 115.0.5790.182 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

You can find the release notes here.


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

[NA][NA] High Fixes for CVE-2023-4211 on impacted platforms

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


Daniel Gagnon,
Google ChromeOS

Long Term Support Channel Update for ChromeOS

 A new LTC-114 version, 114.0.5735.329 (Platform Version: 15437.66.0), is being rolled out for most ChromeOS devices. 


If you have devices in the LTC channel, they will be updated to this version. The LTS channel remains on LTS-108 until September 19th, 2023. 

Release notes for LTC-114 can be found here 
Want to know more about Long-term Support? Click here

This update contains multiple Security fixes, including:



1453465 High CVE-2023-3730 Use after free in Tab Groups
1464113 High CVE-2023-4074 Use after free in Blink Task Scheduling
1457757 High CVE-2023-4075 Use after free in Cast
1458819 High CVE-2023-4071 Heap buffer overflow in Visuals
1466183 High CVE-2023-4068 Type Confusion in V8
High CVE-2023-20593 High Fixes for CVE-2023-20593 on impacted platforms




Giuliana Pritchard 
Google Chrome OS

Long Term Support Channel Update for ChromeOS

LTS-108 is updated in the LTS channel to 108.0.5359.239 (Platform Version: 15183.102.0) for most ChromeOS devices. Want to know more about Long Term Support? Click here.


This update contains multiple Security fixes, including:



1447568 High CVE-2023-3421 Use after free in Media
1458819 High CVE-2023-4071 Heap buffer overflow in visuals
1450397 High CVE-2023-3422 Use after free in Guest View
1450114 High CVE-2023-3216 Type Confusion in V8
1417325 Medium CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing
1405574 Medium CVE-2023-0703 Type Confusion in DevTools




Giuliana Pritchard 

Google Chrome OS

Long Term Support Channel Update for ChromeOS

LTS-108 is updated in the LTS channel to 108.0.5359.239 (Platform Version: 15183.102.0) for most ChromeOS devices. Want to know more about Long Term Support? Click here.


This update contains multiple Security fixes, including:



1447568 High CVE-2023-3421 Use after free in Media
1458819 High CVE-2023-4071 Heap buffer overflow in visuals
1450397 High CVE-2023-3422 Use after free in Guest View
1450114 High CVE-2023-3216 Type Confusion in V8
1417325 Medium CVE-2023-1814 Insufficient validation of untrusted input in Safe Browsing
1405574 Medium CVE-2023-0703 Type Confusion in DevTools




Giuliana Pritchard 

Google Chrome OS