Google Chrome Changelog

New in version 41.0.2272.16 Beta

January 23rd, 2015
  • Contains many improvements including:
  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance

New in version 40.0.2214.91 (January 22nd, 2015)

  • A number of fixes and improvements, including:
  • A new clock behind/ahead error message.
  • Security Fixes:
  • [430353] High CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning.
  • [435880] High CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne.
  • [434136] High CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer.
  • [422824] High CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning.
  • [444695] High CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler.
  • [435073] High CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler.
  • [442806] High CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer.
  • [442710] High CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer.
  • [443115] High CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer.
  • [429666] High CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen of OUSPG.
  • [427266] High CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin.
  • [427249] High CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer.
  • [402957] High CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani.
  • [428561] High CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl.
  • [419060] High CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen of OUSPG.
  • [416323] High CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen of OUSPG.
  • [399951] High CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada.
  • [433866] Medium CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz.
  • [428557] Medium CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen of OUSPG and Christoph Diehl.
  • [426762] Medium CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz.
  • [422492] Medium CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG.
  • [418881] Medium CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
  • [414310] Medium CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
  • [414109] Medium CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz.
  • [430566] Medium CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck.
  • [414026] Medium CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia.
  • [449894] CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch (currently 3.30.33.15).

New in version 39.0.2171.99 (January 14th, 2015)

  • Contains an update for Adobe Flash as well as a number of other fixes.

New in version 40.0.2214.10 Beta (November 21st, 2014)

  • Contains many stability and developer improvements including:
  • Profile Lock, which introduces the ability to "child lock" signed-in profiles.
  • New Tabs Page Suggestions, which tries to determine which sites you'd like to visit depending on the the time and day.
  • New crash recovery UI.

New in version 39.0.2171.65 (November 19th, 2014)

  • Contains a number of fixes and improvements, including:
  • 64-bit support for Mac
  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance
  • Security Fixes and Rewards:
  • This update includes 42 security fixes. Below, we highlight fixes that were either contributed by external researchers or particularly interesting. Please see the Chromium security page for more information.
  • [$500][389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.
  • [$1500][406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.
  • [$1000][413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
  • [$1000][414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
  • [$3000][414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
  • [$2000][418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.
  • [$2000][421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.
  • [$500][423030] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
  • [$7500][423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
  • [$5000][424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
  • [$500][425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
  • [$500][391001] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz.
  • [433500] CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives.

New in version 38.0.2125.122 (November 12th, 2014)

  • Contains an update for Adobe Flash as well as a number of other fixes.

New in version 38.0.2125.104 (October 15th, 2014)

  • This release contains an update for Adobe Flash as well as a number of other fixes.

New in version 39.0.2171.13 Beta (October 10th, 2014)

  • 64-bit support for Mac
  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance

New in version 38.0.2125.101 (October 8th, 2014)

  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance
  • Security Fixes:
  • [416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox.
  • [398384] High CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer.
  • [400476] High CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer.
  • [402407] High CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer.
  • [403276] High CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer.
  • [399655] High CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz.
  • [401115] High CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne.
  • [403409] Medium CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla.
  • [338538] Medium CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw.
  • [396544] Medium CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada.
  • [415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen of OUSPG.
  • [395411] Low CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne.
  • [420899] CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38).
  • Multiple vulnerabilities in V8 fixed at the tip of the 3.28 branch (currently 3.28.71.15).