Google Chrome Changelog

New in version 40.0.2214.10 Beta

November 21st, 2014
  • Contains many stability and developer improvements including:
  • Profile Lock, which introduces the ability to "child lock" signed-in profiles.
  • New Tabs Page Suggestions, which tries to determine which sites you'd like to visit depending on the the time and day.
  • New crash recovery UI.

New in version 39.0.2171.65 (November 19th, 2014)

  • Contains a number of fixes and improvements, including:
  • 64-bit support for Mac
  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance
  • Security Fixes and Rewards:
  • This update includes 42 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
  • [$500][389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.
  • [$1500][406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.
  • [$1000][413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
  • [$1000][414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
  • [$3000][414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
  • [$2000][418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.
  • [$2000][421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.
  • [$500][423030] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
  • [$7500][423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
  • [$5000][424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
  • [$500][425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
  • [$500][391001] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz.
  • [433500] CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives.

New in version 38.0.2125.122 (November 12th, 2014)

  • Contains an update for Adobe Flash as well as a number of other fixes.

New in version 38.0.2125.104 (October 15th, 2014)

  • This release contains an update for Adobe Flash as well as a number of other fixes.

New in version 39.0.2171.13 Beta (October 10th, 2014)

  • 64-bit support for Mac
  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance

New in version 38.0.2125.101 (October 8th, 2014)

  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance
  • Security Fixes:
  • [416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
  • [398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
  • [400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer.
  • [402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
  • [403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
  • [399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
  • [401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
  • [403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
  • [338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
  • [396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
  • [415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
  • [395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.
  • [420899] CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38).
  • Multiple vulnerabilities in V8 fixed at the tip of the 3.28 branch (currently 3.28.71.15).

New in version 37.0.2062.124 (September 25th, 2014)

  • [414124] RSA signature malleability in NSS (CVE-2014-1568).

New in version 37.0.2062.122 (September 19th, 2014)

  • This update brings compatibility with Mac OS X 10.9.5 for new installations.

New in version 37.0.2062.120 (September 10th, 2014)

  • This release contains an update for Adobe Flash and includes 4 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting:
  • [401362] High CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
  • [411014] CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives.