Tag Archives: Google Chrome

Stable Channel Update for Desktop



The Stable channel has been updated to 117.0.5938.132 for Windows, Mac and Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.



Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 10 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$NA][1486441] High CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group on 2023-09-25

[$TBD][1478889] High CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car] on 2023-09-05

[$2000][1475798] High CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita on 2023-08-25

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


Google is aware that an exploit for CVE-2023-5217 exists in the wild.


As usual, our ongoing internal security work was responsible for a wide range of fixes:
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


[1486724] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.


Srinivas Sista

Google Chrome

Long Term Support (LTS) channel for ChromeOS – Major update from 108 -> 114

The Long Term Support Candidate has been promoted to ChromeOS LTS 114 and is rolling out to most ChromeOS devices. The current version is 114.0.5735.334 (Platform Version: 15437.70.0).

If you are currently on the ChromeOS Long Term Support (LTS) channel (and not pinned to 108), your devices will automatically update from ChromeOS LTS 108 to ChromeOS LTS 114.

Release notes for LTC-114 can be found here 

This build contains additional security fixes including:

1479274 High CVE-2023-4863 Heap buffer overflow in WebP

1469754 High CVE-2023-4429 Use after free in Loader

1472492 High CVE-2023-4572 Use after free in MediaStream

1470477 High CVE-2023-4428 Out of bounds memory access in CSS



Giuliana Pritchard 

Google ChromeOS

Chrome Stable for iOS Update

Hi everyone! We've just released Chrome Stable 117 (117.0.5938.117) for iOS; it'll become available on App Store in the next few hours.

This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.

Harry Souders
Google Chrome

Beta Channel Update for ChromeOS/ChromeOS Flex

 The Beta channel is being updated to OS version: 15604.24.0, Browser version: 118.0.5993.26 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways:

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome
  4. Interested in switching channels? Find out how.

Cole Brown,

Google ChromeOS

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to OS version: 15572.50.0 Browser version: 117.0.5938.115 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.


Security Fixes and Rewards

VRP Reported Security Fixes:

[$TBD] [1462551] High CVE-NA Security Bug in mwifiex firmware. Reported by Lovepink on 2023-06-06

3rd Party Security Fixes:

[NA]  [NA] High Fixes CVE-2023-4622 in Linux Kernel

[NA]  [NA] High Fixes CVE-2023-4208 in Linux Kernel

Chrome Browser Security Fixes:

[$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06

[$3000][1430867] Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06

[$3000][1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29

[$2000][1454515] Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14

[$1000][1446709] Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18

[$1000][1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09

[$500][1441228] Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29

[$6000][1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30

[$2000][1462104] Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639)  on 2023-07-04

[$TBD][1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06

[$TBD][1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09

Android Runtime Container Security Fixes:

No Android Runtime Container Security Fixes for this release


We would like to thank the security researchers that report vulnerabilities to us via bughunters.google.com to keep ChromeOS and the entire open source ecosystem secure.


Matt Nelson,
Google ChromeOS

Chrome Dev for Desktop Update

The Dev channel has been updated to 119.0.6020.3 for Windows, Mac and Linux.

A partial list of changes is available in the Git log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Prudhvi Bommana
Google Chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 117.0.5938.92 for Windows, Mac and Linuxwhich will roll out over the coming days/weeks. A full list of changes in this build is available in the log.


Interested in switching release channels?  Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Prudhvikumar Bommana
Google Chrome

Chrome Dev for Android Update

Hi everyone! We've just released Chrome Dev 119 (119.0.6019.3) for Android. It's now available on Google Play.

You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.

If you find a new issue, please let us know by filing a bug.

Erhu Akpobaro
Google Chrome

Long Term Support Channel Update for ChromeOS

 A new LTC-114 version, 114.0.5735.332 (Platform Version: 15437.68.0), was rolled out for most ChromeOS devices. 


If you have devices in the LTC channel, they will be updated to this version. The LTS channel remains on LTS-108 until September 26th, 2023. 

Release notes for LTC-114 can be found here 
Want to know more about Long-term Support? Click here

This update contains multiple Security fixes, including:



1470477 High CVE-2023-4428 Out of bounds memory access in CSS
1464215 High CVE-2023-4354 Heap buffer overflow in Skia
1470668 High CVE-2023-4427 Out of bounds memory access in V8
1458046  High CVE-2023-4353 Heap buffer overflow in ANGLE
1450376 Medium CVE-2023-3734 Inappropriate implementation in Picture In Picture.
1458911 Medium CVE-2023-4357 Insufficient validation of untrusted input in XML
1450203 Medium CVE-2023-3733 Inappropriate implementation in WebApp Installs
High CVE-2023-3390 A use-after-free vulnerability in the Linux kernel's netfilter subsystem





Giuliana Pritchard
Google ChromeOS

Beta Channel Update for ChromeOS/ChromeOS Flex

The Beta channel is being updated to OS version: 15604.16.0, Browser version: 118.0.5993.18 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways:

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome
  4. Interested in switching channels? Find out how.

Cole Brown,

Google ChromeOS