Softpedia >Mac >Internet Utilities >Portable Chromium >  Changelog

Portable Chromium Changelog

What's new in Portable Chromium 81.0.4044.129

May 6, 2020
  • This update includes 2 security fixes.

New in Portable Chromium 81.0.4044.122 (Apr 28, 2020)

  • A list of changes is available in the log
  • This update includes 8 security fix.
  • Chromium Updater Extension v0.1.1.5 is included in the .dmg file
  • This update has no Flash plugin
  • 64 bit only. OS X 10.10 or later

New in Portable Chromium 81.0.4044.92 (Apr 9, 2020)

  • A list of changes is available in the log
  • This update includes 32 security fixes.
  • Chromium Updater Extension v0.1.1.5 is included in the .dmg file
  • This update has no Flash plugin
  • 64 bit only. OS X 10.10 or late

New in Portable Chromium 73.0.3683.75 (Mar 19, 2019)

  • This update includes 60 security fixes.

New in Portable Chromium 72.0.3626.96 (Feb 14, 2019)

  • This update includes a security fix from an external researcher.

New in Portable Chromium 72.0.3626.81 (Jan 31, 2019)

  • This update includes 58 security fixes.

New in Portable Chromium 71.0.3578.80 (Dec 13, 2018)

  • Security fixes

New in Portable Chromium 70.0.3538.110 (Nov 20, 2018)

  • This update includes 1 security fix.

New in Portable Chromium 70.0.3538.102 (Nov 11, 2018)

  • This update includes 3 security fixes

New in Portable Chromium 70.0.3538.67 (Oct 19, 2018)

  • This update includes 23 security fix and improvements.

New in Portable Chromium 69.0.3497.100 (Sep 18, 2018)

  • This update includes 1 security fix.

New in Portable Chromium 69.0.3497.92 (Sep 13, 2018)

  • This update includes 2 security fixes.

New in Portable Chromium 69.0.3497.81 (Sep 11, 2018)

  • Contains a number of fixes and improvements — a list of changes is available in the log
  • This update includes 40 security fixes.

New in Portable Chromium 68.0.3440.75 (Sep 11, 2018)

  • This update includes 42 security fixes.
  • HTTP Sites Marked as "Not Secure", the “Not secure” warning will show on all HTTP pages.

New in Portable Chromium 67.0.3396.87 (Sep 11, 2018)

  • This update includes 1 security fix contributed by external researchers.

New in Portable Chromium 67.0.3396.79 (Sep 11, 2018)

  • This update includes 1 security fix.

New in Portable Chromium 67.0.3396.62 (May 31, 2018)

  • Chromium Updater Extension v0.1.1.5 is included in the .dmg file
  • Site Isolation Trial:
  • We're continuing to roll out Site Isolation to a larger percentage of the stable population in Chrome 67. Site Isolation improves Chrome's security and helps mitigate the risks posed by Spectre. To diagnose whether an issue is caused by Site Isolation, use chrome://flags#site-isolation-trial-opt-out as described here. Please report any trial-specific issues to help us fix them before Site Isolation is launched more broadly.
  • Security Fixes:
  • [835639] High CVE-2018-6123: Use after free in Blink. Reported by Looben Yang on 2018-04-22
  • [840320] High CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-07
  • [818592] High CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico, Inc on 2018-03-05
  • [844457] High CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric of Google Project Zero on 2018-05-18
  • [842990] High CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang on 2018-05-15
  • [841105] High CVE-2018-6128: uXSS in Chrome on iOS. Reported by Tomasz Bojarski on 2018-05-09
  • [838672] High CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-05-01
  • [838402] High CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich of Google Project Zero on 2018-04-30
  • [826434] High CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-27
  • [839960] Medium CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane on 2018-05-04
  • [817247] Medium CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-28
  • [797465] Medium CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-12-23
  • [823353] Medium CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane on 2018-03-19
  • [831943] Medium CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong on 2018-04-12
  • [835589] Medium CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith (spinda.net) on 2018-04-21
  • [810220] Medium CVE-2018-6138: Overly permissive policy in Extensions. Reported by François Lajeunesse-Robert on 2018-02-08
  • [805224] Medium CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-24
  • [798222] Medium CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu on 2018-01-01
  • [796107] Medium CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang(@dnpushme) & Wanglu of Qihoo360 Qex Team on 2017-12-19
  • [837939] Medium CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han of Naver Corporation on 2018-04-28
  • [843022] Medium CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-05-15
  • [828049] Low CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk on 2018-04-02
  • [805924] Low CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa on 2018-01-25
  • [818133] Low CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin (Yandex) on 2018-03-02
  • [847542] Various fixes from internal audits, fuzzing and other initiatives
  • A list of changes is available in the log at:
  • https://chromium.googlesource.com/chromium/src/+log/66.0.3359.181..67.0.3396.62?pretty=fuller&n=10000

New in Portable Chromium 66.0.3359.170 (May 13, 2018)

  • [833721] High CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting(@zhouat1) of Qihoo 360 Vulcan Team on 2018-04-17
  • [841841] Various fixes from internal audits, fuzzing and other initiatives
  • [$TBD][835887] Critical: Chain leading to sandbox escape. Reported by Anonymous on 2018-04-23:
  • [836858] High CVE-2018-6121: Privilege Escalation in extensions.
  • [836141] High CVE-2018-6122: Type confusion in V8.

New in Portable Chromium 66.0.3359.117 (Apr 19, 2018)

  • Site Isolation Trial:
  • Chrome 66 will include a small percentage trial of Site Isolation, to prepare for a broader upcoming launch. Site Isolation improves Chrome's security and helps mitigate the risks posed by Spectre.
  • To diagnose whether an issue is caused by Site Isolation, use chrome://flags#site-isolation-trial-opt-out as described here. Please report any trial-specific issues to help us fix them before Site Isolation is launched more broadly.
  • Security Fixes and Rewards:
  • Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
  • Chrome 66 will not trust website certificates issued by Symantec's legacy PKI before June 1st 2016, continuing the phased distrust outlined in our previous announcements.
  • This update includes 62 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
  • [826626] Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
  • [827492] Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
  • [813876] High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
  • [822091] High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
  • [808838] High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
  • [820913] High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
  • [771933] High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
  • [819869] High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
  • [780435] Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
  • [633030] Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
  • [637098] Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
  • [776418] Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
  • [806162] Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
  • [798892] Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
  • [808825] Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
  • [811117] Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
  • [813540] Medium CVE-2018-6101: Insufficient protection of remote debugging protocol in DevTools . Reported by Rob Wu on 2018-02-19
  • [813814] Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
  • [816033] Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
  • [820068] Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
  • [803571] Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
  • [805729] Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
  • [808316] Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
  • [816769] Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
  • [710190] Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
  • [777737] Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
  • [780694] Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
  • [798096] Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
  • [805900] Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
  • [811691] Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
  • [819809] Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
  • [822266] Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
  • [822465] Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
  • [822424] Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
  • [833889] Various fixes from internal audits, fuzzing and other initiatives

New in Portable Chromium 65.0.3325.181 (Mar 22, 2018)

  • A list of all changes in this release can be found in the log available at:
  • https://chromium.googlesource.com/chromium/src/+log/65.0.3325.162..65.0.3325.181?pretty=fuller&n=10000

New in Portable Chromium 65.0.3325.146 (Mar 12, 2018)

  • Security Fixes:
  • High CVE-2018-6058: Use after free in Flash.
  • High CVE-2018-6059: Use after free in Flash.
  • High CVE-2018-6060: Use after free in Blink.
  • High CVE-2018-6061: Race condition in V8.
  • High CVE-2018-6062: Heap buffer overflow in Skia.
  • High CVE-2018-6057: Incorrect permissions on shared memory.
  • High CVE-2018-6063: Incorrect permissions on shared memory.
  • High CVE-2018-6064: Type confusion in V8.
  • High CVE-2018-6065: Integer overflow in V8.
  • Medium CVE-2018-6066: Same Origin Bypass via canvas.
  • Medium CVE-2018-6067: Buffer overflow in Skia.
  • Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab.
  • Medium CVE-2018-6069: Stack buffer overflow in Skia.
  • Medium CVE-2018-6070: CSP bypass through extensions.
  • Medium CVE-2018-6071: Heap bufffer overflow in Skia.
  • Medium CVE-2018-6072: Integer overflow in PDFium.
  • Medium CVE-2018-6073: Heap bufffer overflow in WebGL.
  • Medium CVE-2018-6074: Mark-of-the-Web bypass.
  • Medium CVE-2018-6075: Overly permissive cross origin downloads.
  • Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
  • Medium CVE-2018-6077: Timing attack using SVG filters.
  • Medium CVE-2018-6078: URL Spoof in OmniBox.
  • Medium CVE-2018-6079: Information disclosure via texture data in WebGL.
  • Medium CVE-2018-6080: Information disclosure in IPC call.
  • Low CVE-2018-6081: XSS in interstitials.
  • Low CVE-2018-6082: Circumvention of port blocking.
  • Low CVE-2018-6083: Incorrect processing of AppManifests.
  • Various fixes from internal audits, fuzzing and other initiatives

New in Portable Chromium 63.0.3239.108 (Dec 15, 2017)

  • Security fixes:
  • [788453] High CVE-2017-15429: UXSS in V8. Reported by Anonymous on 2017-11-24.
  • [794792] Various fixes from internal audits, fuzzing and other initiatives

New in Portable Chromium 62.0.3202.94 (Dec 12, 2017)

  • A list of changes is available in the log at https://chromium.googlesource.com/chromium/src/+log/62.0.3202.89..63.0.3239.84?pretty=fuller&n=10000.
  • This update includes 37 security fixes: https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type:bug-security+os=Android,ios,linux,mac,windows,all+label:Release-0-M63.
  • This update has no Flash plugin

New in Portable Chromium 62.0.3202.62 (Oct 18, 2017)

  • High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07
  • High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26
  • High CVE-2017-5126: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-08-30
  • High CVE-2017-5127: Use after free in PDFium. Reported by Luật Nguyễn (@l4wio) of KeenLab, Tencent on 2017-09-14
  • High CVE-2017-5128: Heap overflow in WebGL. Reported by Omair on 2017-09-14
  • High CVE-2017-5129: Use after free in WebAudio. Reported by Omair on 2017-09-15
  • High CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan (@007gauravdewan) of Adobe Systems India Pvt. Ltd. on 2017-05-05
  • High CVE-2017-5130: Heap overflow in libxml2. Reported by Pranjal Jumde (@pjumde) on 2017-05-14
  • Medium CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous on 2017-07-16
  • Medium CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic of Cisco Talos on 2017-09-05
  • Medium CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-08-03
  • Medium CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu (@shhnjk) on 2017-08-16
  • Medium CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah of Fortinet's FortiGuard Labs on 2017-08-17
  • Medium CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr of Tencent's Xuanwu Lab on 2017-07-06
  • Medium CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang (@gnehsoah) on 2017-07-28
  • Low CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio (whitehathackers.com.br) on 2016-03-28
  • Low CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu (@general_nfs) on 2017-04-22
  • Low CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin on 2017-06-13
  • Low CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam @sudosammy on 2017-07-18
  • Low CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by johberlvi@ on 2017-08-28
  • Various fixes from internal audits, fuzzing and other initiatives

New in Portable Chromium 60.0.3112.113 (Aug 28, 2017)

  • A list of changes is available in the log at https://chromium.googlesource.com/chromium/src/+log/60.0.3112.101..60.0.3112.113?pretty=fuller&n=10000.

New in Portable Chromium 59.0.3071.86 (Jun 6, 2017)

  • Settings has updated to Material Design with a slick new look with the same ease of use and functionality.
  • Security Fixes:
  • [722756] High CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
  • [715582] High CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
  • [709417] High CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
  • [716474] High CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
  • [700040] High CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
  • [678776] Medium CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
  • [722639] Medium CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
  • [719199] Medium CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
  • [716311] Medium CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
  • [711020] Medium CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
  • [713686] Medium CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
  • [708819] Medium CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
  • [672008] Medium CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
  • [721579] Low CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
  • [714849] Low CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
  • [692378] Low CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15
  • [729639] Various fixes from internal audits, fuzzing and other initiatives

New in Portable Chromium 58.0.3029.96 (May 3, 2017)

  • This update includes 1 security fix contributed by external researchers:
  • [$500][679306] High CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke

New in Portable Chromium 58.0.3029.81 (Apr 20, 2017)

  • SECURITY FIXES:
  • High CVE-2017-5057: Type confusion in PDFium.
  • High CVE-2017-5058: Heap use after free in Print Preview.
  • N/A684684 High CVE-2017-5059: Type confusion in Blink.
  • Medium CVE-2017-5060: URL spoofing in Omnibox. g
  • Medium CVE-2017-5061: URL spoofing in Omnibox.
  • Medium CVE-2017-5062: Use after free in Chrome Apps.
  • Medium CVE-2017-5063: Heap overflow in Skia.
  • Medium CVE-2017-5064: Use after free in Blink.
  • Medium CVE-2017-5065: Incorrect UI in Blink.
  • Medium CVE-2017-5066: Incorrect signature handing in Networking.
  • Medium CVE-2017-5067: URL spoofing in Omnibox.
  • Low CVE-2017-5069: Cross-origin bypass in Blink.
  • [713205] Various fixes from internal audits, fuzzing and other initiatives

New in Portable Chromium 57.0.2987.133 (Mar 30, 2017)

  • Security Fixes:
  • Critical CVE-2017-5055: Use after free in printing.
  • High CVE-2017-5054: Heap buffer overflow in V8.
  • High CVE-2017-5052: Bad cast in Blink.
  • High CVE-2017-5056: Use after free in Blink.
  • High CVE-2017-5053: Out of bounds memory access in V8.

New in Portable Chromium 57.0.2987.110 (Mar 17, 2017)

  • Fixed issues:
  • e7b8ec9 Publish DEPS for Chromium 57.0.2987.110
  • 8e36e1c DevTools: Don't trigger panel switcher shortcut if alt key is held 8c34e10 [Merge m57] RenderTextMac: Fix crash when passed an invalid font
  • a000f5d Incrementing VERSION to 57.0.2987.108
  • faad12b [scheduler] Move DatabaseAccess tasks to loading tq
  • e2702c4 v8bindings: Reverts crrev.com/2606723002 with minimum changes
  • dbe0fee [Merge to M57]Chrome OS: Fix the crash in MultiProfileBrowserStatusMonitor::RemoveV1AppFromShelf()
  • 1fe64ff Merge remote-tracking branch 'refs/remotes/branch-heads/2987' into drover_2987_8Nt33H
  • 01ae29ee base: Make TimeDurationFormat* report failures
  • 93a3cca Avoid rotation anchor during transitional fullscreen states
  • 24b232e Revert "Make Crashpad start asynchronous, and move back to chrome_elf" 7026b26 Revert restartInput change off the M57 release branch
  • fcd6e5a Do not attempt to retry failed EarlGrey test cases
  • 588d041 Disable Form-Not-Secure warning when |autofill_client_| is null

New in Portable Chromium 57.0.2987.98 (Mar 11, 2017)

  • Security fixes:
  • [682194] High CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka
  • [682020] High CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang
  • [668724] High CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - Project Srishti
  • [676623] High CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek
  • [678461] High CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB
  • [688425] High CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado
  • [691371] High CVE-2017-5036: Use after free in PDFium. Credit to Anonymous
  • [679640] High CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com)
  • [679649] High CVE-2017-5039: Use after free in PDFium. Credit to jinmo123
  • [691323] Medium CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han
  • [642490] Medium CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel
  • [669086] Medium CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum
  • [671932] Medium CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy
  • [695476] Medium CVE-2017-5038: Use after free in GuestView. Credit to Anonymous
  • [683523] Medium CVE-2017-5043: Use after free in GuestView. Credit to Anonymous
  • [688987] Medium CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah of Fortinet's FortiGuard Labs
  • [667079] Medium CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil (vampire)
  • [680409] Medium CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa
  • [699618] Various fixes from internal audits, fuzzing and other initiatives

New in Portable Chromium 56.0.2924.76 (Jan 27, 2017)

  • SECURITY FIXES:
  • [671102] High CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski
  • [673170] High CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski
  • [668552] High CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski
  • [663476] High CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski
  • [662859] High CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani
  • [667504] High CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford
  • [681843] High CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy (Tresorit)
  • [677716] Medium CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
  • [675332] Medium CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip
  • [673971] Medium CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou
  • [666714] Medium CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar
  • [673163] Medium CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang (@gnehsoah)
  • [676975] Medium CVE-2017-5017: Uninitialised memory access in webm video. Credit to danberm
  • [668665] Medium CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu
  • [668653] Medium CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu
  • ][663726] Low CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu
  • [663620] Low CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to 李普君 of 无声信息技术PKAV Team
  • [651443] Low CVE-2017-5023: Type confusion in metrics. Credit to the UK's National Cyber Security Centre (NCSC)
  • [643951] Low CVE-2017-5024: Heap overflow in FFmpeg. Credit to Paul Mehta
  • [643950] Low CVE-2017-5025: Heap overflow in FFmpeg. Credit to Paul Mehta
  • [634108] Low CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
  • [685349] Various fixes from internal audits, fuzzing and other initiative

New in Portable Chromium 55.0.2883.95 (Dec 14, 2016)

  • A list of changes is available in the log.
  • This update includes security fixes and improvements.
  • This update has no Flash plugin
  • 64 bit only. OS X 10.9 or later

New in Portable Chromium 55.0.2883.87 (Dec 12, 2016)

  • A list of changes is available in the log.
  • This update includes security fixes and improvements.
  • This update has no Flash plugin

New in Portable Chromium 55.0.2883.75 (Dec 3, 2016)

  • 36 security fixes and improvements:
  • High CVE-2016-9651: Private property access in V8. Credit to Guang Gong of Alpha Team Of Qihoo 360
  • High CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
  • High CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
  • High CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu (robwu.nl)
  • High CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
  • High CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
  • High CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go of STEALIEN
  • High CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
  • High CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB
  • High CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
  • High CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
  • High CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
  • Medium CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR
  • Medium CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
  • Medium CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
  • Medium CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu (robwu.nl)
  • Medium CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi (@qab)
  • Medium CVE-2016-5219: Use after free in V8. Credit to Rob Wu (robwu.nl)
  • Medium CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker of ForAllSecure
  • Medium CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu (robwu.nl)
  • Medium CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr of Tencent's Xuanwu Lab
  • Low CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek
  • Low CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee [$N/A][639750] Low CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu (@shhnjk)
  • Low CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme (@Scott_Helme, scotthelme.co.uk)
  • Low CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak
  • CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives

New in Portable Chromium 54.0.2840.98 (Nov 11, 2016)

  • This update includes 4 security fixes:
  • High CVE-2016-5199: Heap corruption in FFmpeg. Credit to Paul Mehta
  • High CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han
  • Medium CVE-2016-5201: Info leak in extensions. Credit to Rob Wu
  • We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
  • CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives

New in Portable Chromium 54.0.2840.71 (Oct 22, 2016)

  • Build from 54.0.2840.71 source code.
  • This update has no Flash plugin.

New in Portable Chromium 53.0.2785.143 (Sep 30, 2016)

  • This update contains security fixes:
  • CVE-2016-5177: Use after free in V8.
  • CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 53.0.2785.113 (Sep 14, 2016)

  • This update contains security fixes.
  • This release contains an update to Adobe Flash Player (23.0.0.162).
  • A list of changes is available in the log available at https://chromium.googlesource.com/chromium/src/+log/53.0.2785.101..53.0.2785.113?pretty=fuller&n=10000.
  • Security Fixes:
  • High CVE-2016-5170: Use after free in Blink. Credit to Anonymous
  • High CVE-2016-5171: Use after free in Blink. Credit to Anonymous
  • Medium CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han
  • Medium CVE-2016-5173: Extension resource access. Credit to Anonymous
  • Medium CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev (@L1kvID) Yandex Security Team
  • CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 53.0.2785.101 (Sep 8, 2016)

  • This update contains a number of fixes and improvements.

New in Portable Chromium 53.0.2785.89 (Sep 2, 2016)

  • Security Fixes:
  • High CVE-2016-5147: Universal XSS in Blink.
  • High CVE-2016-5148: Universal XSS in Blink.
  • High CVE-2016-5149: Script injection in extensions.
  • High CVE-2016-5150: Use after free in Blink.
  • High CVE-2016-5151: Use after free in PDFium.
  • High CVE-2016-5152: Heap overflow in PDFium.
  • High CVE-2016-5153: Use after destruction in Blink.
  • High CVE-2016-5154: Heap overflow in PDFium.
  • High CVE-2016-5155: Address bar spoofing.
  • High CVE-2016-5156: Use after free in event bindings.
  • High CVE-2016-5157: Heap overflow in PDFium.
  • High CVE-2016-5158: Heap overflow in PDFium.
  • High CVE-2016-5159: Heap overflow in PDFium.
  • Medium CVE-2016-5161: Type confusion in Blink.
  • Medium CVE-2016-5162: Extensions web accessible resources bypass.
  • Medium CVE-2016-5163: Address bar spoofing.
  • Medium CVE-2016-5164: Universal XSS using DevTools.
  • Medium CVE-2016-5165: Script injection in DevTools.
  • Medium CVE-2016-5166: SMB Relay Attack via Save Page As.
  • Low CVE-2016-5160: Extensions web accessible resources bypass.
  • CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 52.0.2743.116 (Aug 9, 2016)

  • This update includes 10 security fixes.
  • A full list of changes is available in the log available at https://chromium.googlesource.com/chromium/src/+log/52.0.2743.82..52.0.2743.116pretty=fuller&n=10000.

New in Portable Chromium 52.0.2743.82 (Jul 22, 2016)

  • This release contains an update to Adobe Flash Player (22.0.0.209)
  • Security fixes:
  • [610600] High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie
  • [622183] High CVE-2016-1707: URL spoofing on iOS. Credit to xisigr of Tencent's Xuanwu Lab
  • [613949] High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan
  • [614934] High CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin of Topsec Security Team
  • [616907] High CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski
  • [617495] High CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski
  • [618237] High CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer
  • [619166] High CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous
  • [620553] High CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin
  • [623319] High CVE-2016-5130: URL spoofing. Credit to Wadih Matar
  • [623378] High CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer
  • [607543] Medium CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly
  • [613626] Medium CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor
  • [593759] Medium CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone
  • [605451] Medium CVE-2016-5135: Content-Security-Policy bypass. Credit to kingxwy
  • [625393] Medium CVE-2016-5136: Use after free in extensions. Credit to Rob Wu
  • [625945] Medium CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu
  • [629852] CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 51.0.2704.103 (Jun 17, 2016)

  • This update includes 3 security fixes.
  • This release contains an update to Adobe Flash Player (22.0.0.192)

New in Portable Chromium 51.0.2704.63 (May 26, 2016)

  • Security Fixes and Rewards:
  • [590118] High CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski.
  • [597532] High CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [598165] High CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski.
  • [600182] High CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [604901] High CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu.
  • [602970] Medium CVE-2016-1677: Type confusion in V8. Credit to Guang Gong of Qihoo 360.
  • [595259] High CVE-2016-1678: Heap overflow in V8. Credit to Christoph Diehl.
  • [606390] High CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu.
  • [589848] High CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen of OUSPG.
  • [613160] High CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic of Cisco Talos.
  • [579801] Medium CVE-2016-1682: CSP bypass for ServiceWorker. Credit to kingstonmailbox.
  • [583156] Medium CVE-2016-1683: Out-of-bounds access in libxslt. Credit to Nicolas Gregoire.
  • [583171] Medium CVE-2016-1684: Integer overflow in libxslt. Credit to Nicolas Gregoire.
  • [601362] Medium CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
  • [603518] Medium CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu of Tencent's Xuanwu LAB.
  • [603748] Medium CVE-2016-1687: Information leak in extensions. Credit to Rob Wu.
  • [604897] Medium CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko.
  • [606185] Medium CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen of OUSPG.
  • [608100] Medium CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu.
  • [597926] Low CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen of OUSPG.
  • [598077] Low CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich.
  • [598752] Low CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to jackwillzac.
  • [603682] Low CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester.
  • [614767] CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 50.0.2661.102 (May 12, 2016)

  • This release contains an update to Adobe Flash Player (21.0.0.242)
  • Security fixes:
  • [605766] High CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski.
  • [605910] High CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski.
  • [606115] High CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han.
  • [578882] Medium CVE-2016-1670: Race condition in loader. Credit to anonymous.
  • [586657] Medium CVE-2016-1671: Directory traversal using the file scheme on Android. Credit to Jann Horn.

New in Portable Chromium 50.0.2661.86 (Apr 22, 2016)

  • Add CHECK for null WebState in CRWWebController.
  • Fix MediaNotificationInfo.equals().
  • Bump the min-supported OS version in the installer.
  • Updating XTBs based on .GRDs from branch 2661.
  • Fix Range.getClientRects() to include full grapheme clusters.
  • Merge M50: "Fix audio glitch issue introduced by security fix for format changes."
  • Merge to 2661 "[DevTools] Introduce a setting for console autocomplete from history."
  • Add more tracing to a test to make it easier to track down failures.
  • Call CheckTrialGroup only under lock.
  • Remove FrameView::isPainting() and use lifecycle state instead.
  • Removing the check for SM_TABLETPC for determining whether a device is operating as a tablet.
  • Fix HistoryEntry corruption when commit isn't for provisional entry (try #2).
  • Check CSP before registering ServiceWorkers.
  • Fixes stable build by including stringprintf.h.
  • Revert "Check CSP before registering ServiceWorkers".
  • Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.
  • QUIC - Fix a type casting bug in quic stream sequencer buffer.
  • Fixed regression in WEBGL_draw_buffers support.
  • Merge to 2661 "[DevTools] Support broken UMA metric from M49 frontend."
  • Fix a bug that mime type isn't passed when checking Codec capabilities.
  • Temporarily disable float empty-phase optimization.
  • Updating XTBs based on .GRDs from branch 2661.
  • Make sure binding security checks don't pass if the frame is remote.
  • Avoid using MediaCodecList from Renderer process.
  • Revert "Treat percent-height div inside auto-height cells as auto".
  • Revert "cc: Stop locking the raster scale factor at 1 after any change."

New in Portable Chromium 50.0.2661.75 (Apr 20, 2016)

  • This release contains a number of fixes and improvements
  • This release contains an update to Adobe Flash Player (21.0.0.216)
  • Security fixes and rewards:
  • [590275] High CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous.
  • [589792] High CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han.
  • [591785] Medium CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. Credit to kdot working with HP's Zero Day Initiative.
  • [589512] Medium CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen of OUSPG.
  • [582008] Medium CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu.
  • [570750] Medium CVE-2016-1656: Android downloaded file path restriction bypass. Credit to Dzmitry Lukyanenko.
  • [567445] Medium CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera.
  • [573317] Low CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso (@asanso) of Adobe.
  • The ongoing internal security work was responsible for a wide range of fixes:
  • [602697] CVE-2015-1659: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 49.0.2623.112 (Apr 8, 2016)

  • This release contains security fixes
  • This release contains an update to Adobe Flash Player (21.0.0.213)

New in Portable Chromium 49.0.2623.110 (Mar 28, 2016)

  • This release contains security fixes.

New in Portable Chromium 49.0.2623.108 (Mar 26, 2016)

  • This release contains security fixes
  • This release contains an update to Adobe Flash Player (21.0.0.197)
  • Security Fixes and Rewards:
  • Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
  • This update includes 5 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chromium security page for more information.
  • [$7500][594574] High CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu from Tencent KeenLab.
  • [$5500][590284] High CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous.
  • [$5000][590455] High CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous.
  • [595836] High CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt working with HP’s Zero Day Initiative / Pwn2Own.
  • As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [597518] CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33).

New in Portable Chromium 49.0.2623.87 (Mar 9, 2016)

  • Security fixes:
  • [589838] High CVE-2016-1643: Type confusion in Blink. Credit to cloudfuzzer.
  • [590620] High CVE-2016-1644: Use-after-free in Blink. Credit to Atte Kettunen of OUSPG.
  • [587227] High CVE-2016-1645: Out-of-bounds write in PDFium. Credit to anonymous working with HP's Zero Day Initiative.

New in Portable Chromium 49.0.2623.75 (Mar 3, 2016)

  • New icon.
  • A list of changes is available in the log at https://chromium.googlesource.com/chromium/src/+log/48.0.2564.116..49.0.2623.75?pretty=fuller&n=10000.
  • This release contains multiple security fixes detailed at https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type:bug-security+label:Release-0-M48&sort=id+-security_severity+-secseverity+-owner+-modified&colspec=ID+Pri+Status+Summary+Modified+OS+M+Security_severity+Security_impact+Owner+Reporter&cells=tiles.

New in Portable Chromium 48.0.2564.116 (Feb 19, 2016)

  • This release contains security fixes:
  • [583431] Critical CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome.

New in Portable Chromium 48.0.2564.109 (Feb 10, 2016)

  • This release contains an update to Adobe Flash Player (20.0.0.306).
  • Security fixes:
  • [546677] High CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous.
  • [577105] High CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.
  • [509313] Medium CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn.
  • [571480] Medium CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous, working with HP's Zero Day Initiative.
  • [585517] CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 48.0.2564.97 (Jan 28, 2016)

  • This release contains an update to Adobe Flash Player (20.0.0.286).

New in Portable Chromium 47.0.2526.111 (Jan 14, 2016)

  • This release contains an update to Adobe Flash Player (20.0.0.267).

New in Portable Chromium 47.0.2526.106 (Dec 15, 2015)

  • CVE-2015-6792: Fixes from internal audits and fuzzing.

New in Portable Chromium 47.0.2526.80 (Dec 9, 2015)

  • This release contains an update to Adobe Flash Player (20.0.0.228) and security fixes.
  • This update includes 7 security fixes. Below, we highlight fixes that were contributed by external researchers:
  • [$5000][548273] High CVE-2015-6788: Type confusion in extensions. Credit to anonymous.
  • [$2000][557981] High CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer.
  • [$500][542054] Medium CVE-2015-6790: Escaping issue in saved pages. Credit to Inti De Ceukelaire.
  • As usual, our ongoing internal security work was responsible for a wide range of fixes:
  • [567513] CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23).

New in Portable Chromium 47.0.2526.73 (Dec 3, 2015)

  • This release contains a number of fixes and improvements.
  • [558589] Critical CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous.
  • [551044] High CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous.
  • [554908] High CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous.
  • [556724] High CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [534923] High CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski.
  • [541206] High CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [544991] High CVE-2015-6771: Out of bounds access in v8. Credit to anonymous.
  • [546545] High CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
  • [554946] High CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong of Qihoo 360 via pwn2own.
  • [491660] High CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer.
  • [549251] High CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous.
  • [529012] High CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen of OUSPG.
  • [457480] High CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Böck.
  • [544020] High CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu of Qihoo 360Vulcan Team.
  • [514891] Medium CVE-2015-6778: Out of bounds access in PDFium. Credit to Karl Skomski.
  • [528505] Medium CVE-2015-6779: Scheme bypass in PDFium. Credit to Ullrich Tiljasper.
  • [490492] Medium CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani.
  • [497302] Medium CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz.
  • [536652] Medium CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera.
  • [537205] Medium CVE-2015-6783: Signature validation issue in Android Crazy Linker. Credit to Michal Bednarski.
  • [503217] Low CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire.
  • [534542] Low CVE-2015-6785: Wildcard matching issue in CSP. Credit to [email protected].
  • [534570] Low CVE-2015-6786: Scheme bypass in CSP. Credit to [email protected].
  • [563930] CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23).

New in Portable Chromium 46.0.2490.86 (Nov 12, 2015)

  • This release contains an update to Adobe Flash Player (19.0.0.245)
  • Security fixes
  • 64 bit only
  • This FreeSMUG build hasn't "Check for Updates…" command

New in Portable Chromium 46.0.2490.80 (Oct 23, 2015)

  • This release contains a critical update to Adobe Flash Player (19.0.0.226)
  • 64 bit only
  • This FreeSMUG build hasn't "Check for Updates…" command

New in Portable Chromium 46.0.2490.71 (Oct 14, 2015)

  • This release contains a number of fixes and improvements
  • Pepper Flash player has been updated to 19.0.0.207
  • 64 bit only
  • This FreeSMUG build hasn't "Check for Updates…" command

New in Portable Chromium 45.0.2454.99 (Sep 22, 2015)

  • This release contains a critical update to Adobe Flash Player (19.0.0.185)

New in Portable Chromium 45.0.2454.93 (Sep 16, 2015)

  • This release contains a number of fixes and improvements

New in Portable Chromium 44.0.2403.155 (Aug 12, 2015)

  • This release contains a number of fixes.
  • Pepper Flash player has been updated to 18.0.0.232

New in Portable Chromium 43.0.2357.130 (Jun 23, 2015)

  • Pepper Flash player has been updated to 18.0.0.194.
  • This release contains a number of security fixes:
  • [464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous.
  • [494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski.
  • [497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous.
  • [461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.

New in Portable Chromium 43.0.2357.81 (Jun 10, 2015)

  • Pepper Flash player has been updated to 18.0.0.161

New in Portable Chromium 43.0.2357.81 (May 27, 2015)

  • Fixed an issue where sometimes a blank page would print.

New in Portable Chromium 43.0.2357.65 (May 20, 2015)

  • Important security fixes:
  • [474029] High CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous.
  • [464552] High CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous.
  • [444927] High CVE-2015-1254: Cross-origin bypass in Editing. Credit to [email protected].
  • [473253] High CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani.
  • [478549] High CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen of OUSPG.
  • [481015] High CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined working with HP's Zero Day Initiative
  • [468519] Medium CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz.
  • [450939] Medium CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer
  • [468167] Medium CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen of OUSPG
  • [474370] Medium CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani.
  • [466351] Medium CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen.
  • [476647] Medium CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz.
  • [479162] Low CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy.
  • [481015] Low CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L.
  • [489518] CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21).

New in Portable Chromium 42.0.2311.152 (May 14, 2015)

  • Pepper Flash player has been updated to 17.0.0.188.

New in Portable Chromium 42.0.2311.135 (Apr 29, 2015)

  • This update includes 5 security fixes.

New in Portable Chromium 42.0.2311.90 (Apr 15, 2015)

  • A number of new apps, extension and Web Platform APIs (including the Push API!)
  • Lots of under the hood changes for stability and performance
  • Pepper Flash player has been updated to 17.0.0.169
  • Security Fixes and Rewards:
  • [456518] High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
  • [313939] Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
  • [461191] High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
  • [445808] High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
  • [463599] Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
  • [418402] Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems.
  • [460917] High CVE-2015-1242: Type confusion in V8. Credit to [email protected].
  • [455215] Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
  • [444957] Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
  • [437399] Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
  • [429838] Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
  • [380663] Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).
  • [476786] CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives.
  • Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14).

New in Portable Chromium 41.0.2272.118 (Apr 8, 2015)

  • This update includes 4 security fixes

New in Portable Chromium 41.0.2272.89 (Mar 11, 2015)

  • This release includes a number of security fixes.
  • Pepper Flash player has been updated to 17.0.0.134

New in Portable Chromium 41.0.2272.76 (Mar 5, 2015)

  • This release contains a number of fixes and improvements, including:
  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance

New in Portable Chromium 40.0.2214.115 (Feb 24, 2015)

  • This release includes a number of security fixes.

New in Portable Chromium 40.0.2214.111 (Feb 6, 2015)

  • Pepper Flash player has been updated to 16.0.0.305
  • This release includes a number of security fixes:
  • [447906] High CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian Motyl.
  • [453979] High CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous.
  • [453982] High CVE-2015-1211: Privilege escalation using service workers. Credit to anonymous.
  • [455225] CVE-2015-1212: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 40.0.2214.94 (Feb 2, 2015)

  • This release includes a number of fixes.

New in Portable Chromium 40.0.2214.93 (Jan 28, 2015)

  • This release includes a number of fixes.
  • Pepper Flash player has been updated to 16.0.0.296.
  • 64 bit only.

New in Portable Chromium 40.0.2214.91 (Jan 22, 2015)

  • This release includes a number of fixes.
  • Pepper Flash player has been updated to 16.0.0.287
  • 64-bit only
  • This FreeSMUG build hasn't "Check for Updates…" command

New in Portable Chromium 39.0.2171.99 (Jan 14, 2015)

  • This release includes a number of fixes.
  • Pepper Flash player has been updated to 16.0.0.257
  • 64-bit only
  • This FreeSMUG build hasn't "Check for Updates…" command

New in Portable Chromium 39.0.2171.95 (Jan 9, 2015)

  • This release includes a number of fixes
  • Pepper Flash player has been updated to 16.0.0.235
  • 64-bit only
  • This FreeSMUG build does not have the "Check for Updates…" command

New in Portable Chromium 38.0.2125.122 (Nov 13, 2014)

  • Changes:
  • This release includes a number of fixes.
  • Pepper Flash player has been updated to 15.0.0.223

New in Portable Chromium 38.0.2125.111 (Oct 28, 2014)

  • Contains a number of fixes

New in Portable Chromium 38.0.2125.104 (Oct 15, 2014)

  • This release includes a number of fixes.
  • Pepper Flash player has been updated to 15.0.0.189

New in Portable Chromium 38.0.2125.101 (Oct 8, 2014)

  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance
  • 159 security fixes

New in Portable Chromium 37.0.2062.124 (Sep 25, 2014)

  • This build contains a security change: [414124] RSA signature malleability in NSS (CVE-2014-1568).

New in Portable Chromium 37.0.2062.122 (Sep 19, 2014)

  • This update brings compatibility with Mac OS X 10.9.5 for new installations.

New in Portable Chromium 37.0.2062.120 (Sep 12, 2014)

  • This update includes 4 security fixes.
  • Pepper Flash player has been updated to 15.0.0.152

New in Portable Chromium 37.0.2062.94 (Sep 2, 2014)

  • DirectWrite support on Windows for improved font rendering
  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance
  • 50 security fixes

New in Portable Chromium 36.0.1985.143 (Aug 20, 2014)

  • This update includes 12 security fixes.
  • Pepper Flash player has been updated to 14.0.0.177

New in Portable Chromium 36.0.1985.125 (Jul 19, 2014)

  • Rich Notifications Improvements
  • An Updated Incognito / Guest NTP design
  • The addition of a Browser crash recovery bubble
  • Chrome App Launcher for Linux
  • Lots of under the hood changes for stability and performance
  • Pepper Flash player has been updated to 14.0.0.145
  • Security Fixes:
  • [380885] Medium CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider.
  • [393765] CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 35.0.1916.153 (Jun 11, 2014)

  • Pepper Flash player has been updated to 14.0.0.125
  • This update includes 4 security fixes:
  • [369525] High CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne.
  • [369539] High CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook.
  • [369621] Medium CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen of OUSPG.
  • [368980] CVE-2014-3157: Heap overflow in media.

New in Portable Chromium 35.0.1916.114 (May 27, 2014)

  • More developer control over touch input
  • New JavaScript features
  • Unprefixed Shadow DOM
  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance

New in Portable Chromium 34.0.1847.137 (May 21, 2014)

  • This update includes security fixes.
  • Pepper Flash player has been updated to 13.0.0.214

New in Portable Chromium 34.0.1847.131 (Apr 30, 2014)

  • This release fixes a number of crashes and other bugs.
  • Pepper Flash player has been updated to 13.0.0.206

New in Portable Chromium 34.0.1847.116 (Apr 11, 2014)

  • Responsive Images and Unprefixed Web Audio
  • Import supervised users onto new computers
  • A number of new apps/extension APIs
  • A different look for Win8 Metro mode
  • Lots of under the hood changes for stability and performance
  • Pepper Flash player has been updated to 13.0.0.182

New in Portable Chromium 33.0.1750.152 (Mar 28, 2014)

  • Pepper Flash updated to 12.0.0.77
  • Security fixes:
  • [352369] Code execution outside sandbox. Credit to VUPEN.
  • [352374] High CVE-2014-1713: Use-after-free in Blink bindings
  • [352395] High CVE-2014-1714: Windows clipboard vulnerability
  • [352420] Code execution outside sandbox. Credit to Anonymous.
  • [351787] High CVE-2014-1705: Memory corruption in V8
  • [352429] High CVE-2014-1715: Directory traversal issue
  • [344492] High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG.
  • [326854] High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani.
  • [337882] High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer.
  • [332023] Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr.
  • [348175] CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives.
  • [343964, 344186, 347909] CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10.
  • [344881] High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva.
  • [342618] High CVE-2014-1701: UXSS in events. Credit to aidanhs.
  • [333058] High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne.
  • [338354] High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets.
  • [328202, 349079, 345715] CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18.

New in Portable Chromium 33.0.1750.117 (Feb 24, 2014)

  • Pepper Flash updated to 12.0.0.70
  • This release contains security fixes:
  • [334897] High CVE-2013-6652: Issue with relative paths in Windows sandbox named pipe policy. Credit to tyranid.
  • [331790] High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani.
  • [333176] High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511.
  • [293534] High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer.
  • [331725] High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil.
  • [$1000][331060] Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil.
  • [322891] Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer.
  • [306959] Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris.
  • [332579] Low CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys.
  • [344876] Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers.

New in Portable Chromium 32.0.1700.107 (Feb 7, 2014)

  • This build contains security updates for Flash player.
  • Pepper Flash updated to 12.0.0.44

New in Portable Chromium 30.0.1599.101 (Oct 22, 2013)

  • Pepper Flash updated to 11.9.900.117
  • This release contains security fixes:
  • [292422] High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG.
  • [294456] High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer.
  • [297478] High CVE-2013-2927: Use after free in forms. Credit to cloudfuzzer.
  • [305790] CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives.

New in Portable Chromium 30.0.1599.69 (Oct 7, 2013)

  • This update fixes the top two user issues with the latest stable build:
  • Tabs freeze up (Issue: 303293)
  • Lag in some games/GPU issues with certain monitors (Issue: 262437)

New in Portable Chromium 30.0.1599.66 (Oct 4, 2013)

  • Easier searching by image
  • A number of new apps/extension APIs
  • Lots of under the hood changes for stability and performance

New in Portable Chromium 29.0.1547.76 (Sep 27, 2013)

  • [288935] Flash Player does not work in Metro mode
  • [278370] Unable to submit client certificates over TLS 1.2 from Windows
  • [278940] Canvas loses ability to render, is blank even if page reloaded
  • Other stability improvements

New in Portable Chromium 28.0.1500.71 (Jul 22, 2013)

  • This release contains security fixes.

New in Portable Chromium 27.0.1453.116 (Jun 21, 2013)

  • This release contains security fixes:
  • [249335] Medium CVE-2013-2866: Clickjacking in the Flash plug-in.
  • Multiple flash movies on one page not playing [Issue: 243290]
  • Arc rendering bug in canvas [Issue: 243996]
  • Select box with Multiple option fires Onchange event on scroll [Issue: 244406]
  • This build contains a new version of Adobe Flash (11.7.700.225).

New in Portable Chromium 27.0.1453.110 (Jun 10, 2013)

  • This release contains security fixes.

New in Portable Chromium 27.0.1453.93 (May 23, 2013)

  • Web pages load 5% faster on average
  • chrome.syncFileSystem API
  • Improved ranking of predictions, improved spell correction, and numerous fundamental improvements for Omnibox predictions.
  • This release contains a new version of Adobe Flash (11.7.700.203).

New in Portable Chromium 26.0.1410.65 (Apr 12, 2013)

  • This release fixes WebGL bug which got regressed in last stable build.

New in Portable Chromium 26.0.1410.63 (Apr 12, 2013)

  • This release contains stability improvements, and a new version of Adobe Flash (11.7.700.169).
  • Chrome 26 promoted to the Stable Channel contains number of new items including:
  • "Ask Google for suggestions" spell checking feature improvements (e.g. grammar and homonym checking)
  • Asynchronous DNS resolver on Mac and Linux.
  • Security fixes and rewards.

New in Portable Chromium 25.0.1364.172 (Mar 13, 2013)

  • This release contains stability improvements, and a new version of Adobe Flash (11.6.602.180).

New in Portable Chromium 25.0.1364.160 (Mar 9, 2013)

  • High CVE-2013-0912: Type confusion in WebKit.

New in Portable Chromium 25.0.1364.155 (Mar 7, 2013)

  • This release fixes a number of issues, including a crash when typing in the Omnibox.

New in Portable Chromium 25.0.1364.152 (Mar 4, 2013)

  • This release fixes a number of issues, including a crash when typing in the Omnibox.

New in Portable Chromium 25.0.1364.99 (Feb 23, 2013)

  • Improvements in managing and securing your extensions
  • Better support for HTML5 time/date inputs
  • JavaScript Web Speech API support
  • Better WebGL error handling
  • Lots of other features for developers
  • And Pepper Flash updated to 11.6.602.171

New in Portable Chromium 24.0.1312.57 (Feb 1, 2013)

  • This build contains the following fixes:
  • Mac: r177690 Fix renderer crashes when using certain IMEs. (Issue 152566)
  • Mac: r178517 Fix microphone input dropout with Pepper Flash. (Issue 168859)
  • Chrome Frame: r178591 Fix renderer exiting in certain cases when opening a new Window from Chrome Frame. (Issue 171877)

New in Portable Chromium 24.0.1312.56 (Jan 24, 2013)

  • Fixed performance of mouse wheel scrolling. [Issue: 160122]
  • Fixed visited links regression. [Issue: 160025]
  • Fixed windows installation when installed as admin. [Issue: 166473]

New in Portable Chromium 24.0.1312.52f (Jan 12, 2013)

  • Fixed self contained Flash version broken of previous FreeSMUG build.

New in Portable Chromium 24.0.1312.52 (Jan 11, 2013)

  • This is the first Stable release with support for MathML.
  • This release also contains an update to Flash (11.5.502.146) as well as improvements in speed and stability.

New in Portable Chromium 23.0.1271.101a (Dec 20, 2012)

  • This build contains the fix to a bug with sound distortion with microphone input: 157613.
  • This FreeSMUG build should fix temporarily log in problem.

New in Portable Chromium 23.0.1271.101 (Dec 19, 2012)

  • This build contains the fix to a bug with sound distortion with microphone input: 157613.

New in Portable Chromium 23.0.1271.97 (Dec 12, 2012)

  • some texts in a Website Settings popup are trimmed (Issue: 159156)
  • some plugins stopped working (Issue: 159896)
  • fixed a known crash (Issue:161854)
  • new version of Adobe Flash 11.5.502.136.

New in Portable Chromium 23.0.1271.95 (Dec 3, 2012)

  • [161564] High CVE-2012-5138: Incorrect file path handling.
  • [162835] High CVE-2012-5137: Use-after-free in media source handling.

New in Portable Chromium 23.0.1271.91 (Nov 30, 2012)

  • This version fixes several issues including no audio from Flash content when speaker configuration is set to Quadraphoni

New in Portable Chromium 23.0.1271.64 (Nov 9, 2012)

  • This release contains a number of new features and fixes for the security issue.
  • High CVE-2012-5115: Defend against wild writes in buggy graphics drivers.

New in Portable Chromium 22.0.1229.94 (Oct 11, 2012)

  • This release contains fixes for the security issue.

New in Portable Chromium 22.0.1229.92 (Oct 9, 2012)

  • an issue with multiple profiles on Mac OS X 10.8.2.
  • a fix for text display on the Mac
  • a new version of Flash (11.4.402.287) with security and other fixes.

New in Portable Chromium 21.0.1180.89 (Sep 3, 2012)

  • Several Pepper Flash fixes (Issue 140577, 144107, 140498, 142479).
  • Microphone issues with tinychat.com (Issue: 143192)
  • devtools regression with "save as" of edited source (issue: 141180)
  • mini ninjas shaders fails (Issue: 142705)
  • page randomly turns red/green gradient boxes (Issue: 110343)

New in Portable Chromium 20.0.1132.57 (Jul 12, 2012)

  • This release contains security fixes, an update to Flash player, v8 (3.10.8.20) and couple of stability/bug fixes.

New in Portable Chromium 19.0.1084.54 (Jun 7, 2012)

  • This release Supports the Mac transition to OS X 10.8 Mountain Lion.

New in Portable Chromium 19.0.1084.53 (Jun 4, 2012)

  • This release Supports the Mac transition to OS X 10.8 Mountain Lion.

New in Portable Chromium 19.0.1084.52 (May 28, 2012)

  • This release contains security fixes.

New in Portable Chromium 18.0.1025.168 (May 3, 2012)

  • This release fixes a top crasher on the Mac.

New in Portable Chromium 18.0.1025.163 (Apr 18, 2012)

  • This release fixes issues with fonts

New in Portable Chromium 18.0.1025.151 (Apr 12, 2012)

  • Black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371)
  • CSS not applied to element (Issue: 114667)
  • Regression rendering a div with background gradient and borders (Issue: 113726)
  • Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
  • Multiple crashes (Issues: 72235, 116825 and 92998)
  • Pop-up dialog is at wrong position (Issue: 116045)
  • HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165)
  • SSL interstitial error "proceed anyway" / "back to safety" buttons don't work (Issue: 119252)
  • Known Issues:
  • HTML5 audio doesn't work on some Mac computers (Issue: 109441)
  • Security fixes and rewards:
  • A new version of Flash Player is included.

New in Portable Chromium 18.0.1025.142 (Mar 29, 2012)

  • This release contains a number of new features including faster and fancier graphics.

New in Portable Chromium 17.0.963.83 (Mar 24, 2012)

  • This release fixes issues with Flash games, along with the security fixes.

New in Portable Chromium 17.0.963.79 (Mar 12, 2012)

  • This release fixes issues with Flash games and videos, along with a security fix.

New in Portable Chromium 17.0.963.78 (Mar 9, 2012)

  • This release fixes issues with Flash games and videos, along with a security fix.

New in Portable Chromium 17.0.963.66 (Mar 7, 2012)

  • This release fixes an issue in the DOM.

New in Portable Chromium 17.0.963.56 (Feb 16, 2012)

  • This release fixes a number of stability and security issues and also includes a new version of Flash.

New in Portable Chromium 16.0.912.75 (Jan 11, 2012)

  • Build from 16.0.912.75 source code.
  • [$1000] [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla.
  • [$1000] [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla.
  • [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar).
  • This release contains security fixes.

New in Portable Chromium 16.0.912.63 (Dec 14, 2011)

  • Great improvements including enhancements to Sync and the ability to create multiple profiles on a single instance of Chrome.

New in Portable Chromium 15.0.874.121 (Nov 20, 2011)

  • Updated V8 - 3.5.10.24
  • This build contains the fix to a regression: SVG in iframe doesn't use specified dimensions.

New in Portable Chromium 14.0.835.202 (Oct 6, 2011)

  • This release contains Adobe Flash Player 11, along with the stability and security fixes.

New in Portable Chromium 14.0.835.186 (Sep 22, 2011)

  • This release includes an update to Flash Player (v. 10,3,183,10) that addresses a zero-day vulnerability.

New in Portable Chromium 14.0.835.163 (Sep 17, 2011)

  • This release contains security fixes. More details about high level features can be found on the Google Chrome blog.

New in Portable Chromium 13.0.782.218 (Sep 2, 2011)

  • These releases contain an updated version of the Adobe Flash Player

New in Portable Chromium 12.0.742.122 (Jul 23, 2011)

  • These releases contain an updated version of the Adobe Flash Player

New in Portable Chromium 12.0.742.100 (Jun 21, 2011)

  • This release contains an updated version of Adobe Flash

New in Portable Chromium 11.0.696.71 (May 25, 2011)

  • This version include security fixes and rewards.

New in Portable Chromium 11.0.696.68 (May 14, 2011)

  • This version include security fixes and also has Flash Player 10.3 which is an incremental release with improved stability, enhanced security and user privacy protection, and new capabilities for enterprises and developers.

New in Portable Chromium 11.0.696.65 (May 10, 2011)

  • After deleting bookmarks on the Bookmark managers, the bookmark bar doesn't display properly with existing bookmarks. (Issue 80580).
  • About Google Chrome window shows unknown channel for 11.0.696.57 (Issue 80683).
  • Chrome/Mac seems to clobber focus when uploading attachments to Gmail with the flash-based uploader (Issue 77172).
  • Also included is an updated version of Flash Player 10.2.

New in Portable Chromium 11.0.696.57 (Apr 29, 2011)

  • Chrome 11 contains some really great improvements including speech input through HTML.
  • Yes, you get the new icon

New in Portable Chromium 10.0.648.134 (Mar 18, 2011)

  • This release contains an updated version of the Adobe Flash player.

New in Portable Chromium 10.0.648.1337 (Mar 15, 2011)

  • New version of V8 - Crankshaft - which greatly improves javascript performance
  • New settings pages that open in a tab, rather than a dialog box
  • Improved security with malware reporting and disabling outdated plugins by default
  • Sandboxed Adobe Flash on Windows
  • Password sync as part of Chrome Sync now enabled by default
  • GPU Accelerated Video
  • Background WebApps
  • webNavigation extension API (experimental but ready for testing)