The Dev Channel is being updated to 97.0.4669.0 (Platform version: 14309.0.0) for most Chrome OS devices. Systems will be receiving updates over the next several days.
If you find new issues, please let us know by visiting our forum or filing a bug. Interested in switching channels Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 vertical dots in the upper right corner of the browser).
Cole Brown,
Google Chrome OS
The Stable channel has been updated to 95.0.4638.69 for Windows, Mac and Linux which will roll out over the coming days/weeks.
A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 9 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$10000][1259864] High CVE-2021-37997 : Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab on 2021-10-14
[$7500][1259587] High CVE-2021-37998 : Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-13
[$1000][1251541] High CVE-2021-37999 : Insufficient data validation in New Tab Page. Reported by Ashish Arun Dhone on 2021-09-21
[$N/A][1249962] High CVE-2021-38000 : Insufficient validation of untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group on 2021-09-15
[$N/A][1260577] High CVE-2021-38001 : Type Confusion in V8. Reported by @s0rrymybad of Kunlun Lab via Tianfu Cup on 2021-10-16
[$N/A][1260940] High CVE-2021-38002 : Use after free in Web Transport. Reported by @__R0ng of 360 Alpha Lab, 漏洞研究院青训队 via Tianfu Cup on 2021-10-16
[$N/A][1263462] High CVE-2021-38003 : Inappropriate implementation in V8. Reported by Clément Lecigne from Google TAG and Samuel Groß from Google Project Zero on 2021-10-26
[$5000][1227170] Medium CVE-2021-38004 : Insufficient policy enforcement in Autofill. Reported by Mark Amery on 2021-07-07
Google is aware that exploits for CVE-2021-38000 and CVE-2021-38003 exist in the wild.
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.
As usual, our ongoing internal security work was responsible for a wide range of fixes:
[1264537] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
The Extended Stable channel has been updated to 94.0.4606.113 for Windows and Mac which will roll out over the coming days/weeks.
Hi everyone! We've just released Chrome Beta 96 (96.0.4664.35) for Android: it's now available on Google Play.
You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.If you find a new issue, please let us know by filing a bug.Krishna GovindGoogle Chrome
Hi everyone! We've just released Chrome Beta 96 (96.0.4664.27) for Android: it's now available on Google Play.
The Beta channel is being updated to 96.0.4664.25 (Platform version: 14268.18.0) for most Chrome OS devices.
The Beta channel has been updated to 96.0.4664.27 for Windows, Mac and Linux.
Hi, everyone! We've released Chrome Beta 96 (96.0.4664.27) for iOS: it'll become available on App Store in next few days.
You can see a partial list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.
Harry SoudersGoogle Chrome
The Dev channel has been updated to 97.0.4681.0/.4 for Windows, 97.0.4681.0 for Mac and 97.0.4682.3 for Linux.
A partial list of changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Prudhvikumar Bommana
Google Chrome
The Beta channel is being updated to 96.0.4664.13 (Platform version: 14268.9.0) for most Chrome OS devices.
The Dev Channel is being updated to 97.0.4669.0 (Platform version: 14295.0.0) for most Chrome OS devices. Systems will be receiving updates over the next several days.
Hi everyone! We've just released Chrome Beta 96 (96.0.4664.17) for Android: it's now available on Google Play.
The Dev channel has been updated to 97.0.4676.0 for Windows, Mac and Linux.
The Chrome team is excited to announce the promotion of Chrome 96 to the Beta channel for Windows, Mac and Linux. Chrome 96.0.4664.18 contains our usual under-the-hood performance and stability tweaks, but there are also some cool new features to explore - please head to the Chromium blog to learn more!
The Stable channel is being updated to 94.0.4606.104 (Platform version: 14150.64.0) for most Chrome OS devices. Systems will be receiving updates over the next several days.
This build contains a number of features, bug fixes and security updates.
Matt Nelson
The Dev channel has been updated to 96.0.4664.18 for Windows, Mac and Linux.
Srinivas Sista
Hi, everyone! We've released Chrome Beta 96 (96.0.4664.17) for iOS: it'll become available on App Store in next few days.
The Dev channel is being updated to 96.0.4664.13 (Platform version: 14268.9.0) for most Chrome OS devices.
Hi, everyone! We've just released Chrome 95 (95.0.4638.50) for Android: it'll become available on Google Play over the next few days.
The Extended Stable channel has been updated to 94.0.4606.101 for Windows and Mac which will roll out over the coming days/weeks.
The Chrome team is delighted to announce the promotion of Chrome 95 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
This update includes 19 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$20000][1246631] High CVE-2021-37981 : Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-09-04
[$10000][1248661] High CVE-2021-37982 : Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group on 2021-09-11
[$10000][1249810] High CVE-2021-37983 : Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-09-15
[$7500][1253399] High CVE-2021-37984 : Heap buffer overflow in PDFium. Reported by Antti Levomäki, Joonas Pihlaja and Christian Jalio from Forcepoint on 2021-09-27
[$5000][1241860] High CVE-2021-37985 : Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-08-20
[$6000][1242404] Medium CVE-2021-37986 : Heap buffer overflow in Settings. Reported by raven (@raid_akame) on 2021-08-23
[$5000][1206928] Medium CVE-2021-37987 : Use after free in Network APIs. Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-08
[$5000][1228248] Medium CVE-2021-37988 : Use after free in Profiles. Reported by raven (@raid_akame) on 2021-07-12
[$2000][1233067] Medium CVE-2021-37989 : Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara on 2021-07-26
[$N/A][1247395] Medium CVE-2021-37990 : Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield on 2021-09-07
[$TBD][1250660] Medium CVE-2021-37991 : Race in V8. Reported by Samuel Groß of Google Project Zero on 2021-09-17
[$TBD][1253746] Medium CVE-2021-37992 : Out of bounds read in WebAudio. Reported by sunburst@Ant Security Light-Year Lab on 2021-09-28
[$TBD][1255332] Medium CVE-2021-37993 : Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2021-10-02
[$TBD][1243020] Medium CVE-2021-37996 : Insufficient validation of untrusted input in Downloads. Reported by Anonymous on 2021-08-24
[$3000][1100761] Low CVE-2021-37994 : Inappropriate implementation in iFrame Sandbox. Reported by David Erceg on 2020-06-30
[$1000][1242315] Low CVE-2021-37995 : Inappropriate implementation in WebApp Installer. Reported by Terence Eden on 2021-08-23
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.As usual, our ongoing internal security work was responsible for a wide range of fixes:
[1261511] Various fixes from internal audits, fuzzing and other initiatives
Hi, everyone! We've just released Chrome 95 (95.0.4638.50) for iOS: it'll become available on App Store in the next few hours.
This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.
Harry Souders