Hi, everyone! We've just released Chrome 119 (119.0.6045.66) for Android: it'll become available on Google Play over the next few days.
The Chrome team is delighted to announce the promotion of Chrome 119 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.
Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 19 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$16000][1492698] High CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2023-10-14
[$11000][1492381] High CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy on 2023-10-13
[$TBD][1492384] High CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy on 2023-10-13
[$7000][40073339] High CVE-2024-3174: Inappropriate implementation in V8. Reported by Alan Goodman on 2023-09-25
[$3000][1281972] Medium CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) on 2021-12-22
[$5000][40066780] Medium CVE-2023-7011: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-07-03
[$3000][1473957] Medium CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim on 2023-08-18
[$2000][1480852] Medium CVE-2023-5852: Use after free in Printing. Reported by [pwn2car] on 2023-09-10
[$1000][1456876] Medium CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh on 2023-06-22
[$1000][40071326] Medium CVE-2023-7013: Inappropriate implementation in Compositing. Reported by Suhwan Song on 2023-09-05
[$1000][1488267] Medium CVE-2023-5854: Use after free in Profiles. Reported by Minchin Park of SSD-Disclosure Labs on 2023-10-01
[$TBD][1492396] Medium CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang on 2023-10-13
[$TBD][1493380] Medium CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI on 2023-10-17
[N/A][1493435] Medium CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann on 2023-10-18
[$3000][1457704] Low CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong on 2023-06-24
[$500][1482045] Low CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee on 2023-09-13
We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.As usual, our ongoing internal security work was responsible for a wide range of fixes:
[1497743] Various fixes from internal audits, fuzzing and other initiatives
Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.
The Beta channel has been updated to 119.0.6045.105 for Windows, Mac and Linux.
A partial list of changes is available in the Git log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
Prudhvi BommanaGoogle Chrome
Hi everyone! We've just released Chrome Stable 119 (119.0.6045.109) for iOS; it'll become available on App Store in the next few hours.
This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.
Erhu AkpobaroGoogle Chrome
The Stable channel is being updated to 118.0.5993.123/124 (Platform version: 15604.56/57.0) for most ChromeOS devices and will be rolled out over the next few days. This build contains a number of bug fixes and security updates.
If you find new issues, please let us know one of the following ways:
Interested in switching channels? Find out how.
Cole Brown,
Google ChromeOS
Hi everyone! We've just released Chrome Beta 119 (119.0.6045.66) for Android. It's now available on Google Play.
You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.
If you find a new issue, please let us know by filing a bug.
The Dev channel has been updated to 120.0.6090.0 for Windows, Mac and Linux.
Srinivas SistaGoogle Chrome
Hi everyone! We've just released Chrome Dev 120 (120.0.6087.2) for Android. It's now available on Google Play.
Harry SoudersGoogle Chrome
The Beta channel has been updated to 119.0.6045.59 for Windows, Mac and Linux.
Hi, everyone! We've just released Chrome 119 (119.0.6045.66) for Android to a small percentage of users. It'll become available on Google Play over the next few days. You can find more details about early Stable releases here.
The Beta channel is being updated to OS version: 15633.23.0 Browser version: 119.0.6045.38 for most ChromeOS devices.
If you find new issues, please let us know one of the following ways
Daniel Gagnon,Google ChromeOS
Hi everyone! We've just released Chrome Beta 119 (119.0.6045.53) for Android. It's now available on Google Play.
Hi everyone! We've just released Chrome Beta 119 (119.0.6045.40) for iOS; it'll become available on App Store in the next few days.
You can see a partial list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.
Hi everyone! We've just released Chrome Stable 119 (119.0.6045.41) for iOS; it'll become available on App Store in the next few hours.
Hi, everyone! We've just released Chrome 118 (118.0.5993.111) for Android: it'll become available on Google Play over the next few days.
The Stable channel has been updated to 118.0.5993.117 for Mac and Linux and 118.0.5993.117/.118 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.
The Extended Stable channel has been updated to 118.0.5993.117 for Mac and 118.0.5993.118 for Windows, which will roll out over the coming days/weeks.
This update includes 2 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$3000][1491296] High CVE-2023-5472: Use after free in Profiles. Reported by @18楼梦想改造家 on 2023-10-10
[1495429] Various fixes from internal audits, fuzzing and other initiatives
Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.
LTS-114 has been updated in the LTS channel to 114.0.5735.338 (Platform Version: 15437.75.0) for most ChromeOS devices. Want to know more about Long Term Support? Click here.
Hi everyone! We've just released Chrome Dev 120 (120.0.6073.4) for Android. It's now available on Google Play.
The Stable channel has been updated to 118.0.5993.96 for Mac which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.
The Extended Stable channel has been updated to 118.0.5993.96 for Mac, which will roll out over the coming days/weeks.
Daniel Yip
The Dev channel has been updated to 120.0.6073.0 for Windows, Mac and Linux.
Hi everyone! We've just released Chrome Beta 119 (119.0.6045.30) for iOS; it'll become available on App Store in the next few days.
The Beta channel has been updated to 119.0.6045.33 for Windows, Mac and Linux.
The Stable channel is being updated to 118.0.5993.86 (Platform version: 15604.45.0) for most ChromeOS devices and will be rolled out over the next few days. This build contains a number of bug fixes and security updates.
ChromeOS Vulnerabiltity Rewards Program Reported Bug Fixes:
[$5000] [1472943] High CVE-NA Use-after-free in Virglrenderer. Reported by rinngo on 2023-08-15
[$7000] [1473956] High CVE-NA Heap buffer overflow in Virglrenderer. Reported by Bugreporterca on 2023-08-15
[$5000] [1472566] High CVE-NA Heap buffer overflow in Virglrenderer. Reported by Bugreporterca on 2023-08-14
[$1000] [1473015] Medium CVE-NA Heap buffer overflow in Virglrenderer. Reported by Bugreporterca on 2023-08-18
[$1000] [1474235] Medium CVE-NA Out-of-Bound Read in Virglrenderer. Reported by zx on 2023-08-20
[$500] [1475224] Low CVE-NA DoS in Virglrenderer. Reported by Bugreporterca on 2023-08-23
We would like to thank the security researchers that report vulnerabilities to us via bughunters.google.com to keep ChromeOS and the entire open source ecosystem secure.
Chrome Browser Security Fixes:
[TBD][1487110] Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家 on 2023-09-27
[$2000][1476952] Medium CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong on 2023-08-30
[$1000][1458934] Medium CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip on 2023-06-28
[$1000][1474253] Medium CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun on 2023-08-20
[$500][1471253] Medium CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong on 2023-08-09
[$6000][1395164] Low CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry on 2022-12-02
[$2000][1472404] Low CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Shaheen Fazim on 2023-06-15
[$1000][1357442] Low CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh on 2022-08-29
[$1000][1484000] Low CVE-2023-5473: Use after free in Cast. Reported by DarkNavy on 2023-09-18
Other 3rd Party Security Fixes Included:
[NA] [299481133] High Fixes CVE-2023-4921 in Linux Kernel
Android Runtime Container Security Fixes:
[NA] [NA] Medium Fixes CVE-2023-21143 on impacted platforms
[NA] [NA] Medium Fixes CVE-2020-29374 on impacted platforms
Users who are pinned to a specific release of ChromeOS will not receive these security fixes or any other security fixes. We recommend updating to the latest version of Stable to ensure you are protected against exploitation of known vulnerabilities.
To see fixes included in the Long Term Stable channel, see the release notes.
