A new LTS-126 version 126.0.6478.258 (Platform Version: 15886.83.0), is being rolled out for most ChromeOS devices.
Hello All,
The Beta channel has been updated to 131.0.6778.75 (Platform version: 16063.32.0) for most ChromeOS devices.
If you find new issues, please let us know one of the following ways:
Google ChromeOS.
The Stable channel is being updated to OS version: 16033.58.0 Browser version:130.0.6723.126 for most ChromeOS devices.
If you find new issues, please let us know one of the following ways
Interested in switching channels? Find out how.
Giuliana PritchardGoogle ChromeOS
A new LTS-126 version 126.0.6478.257 (Platform Version: 15886.82.0), is being rolled out for most ChromeOS devices.
The Beta channel has been updated to 131.0.6778.29 (Platform version: 16063.23.0) for most ChromeOS devices.
The Stable channel is being updated to OS version: 16033.51.0 Browser version:130.0.6723.101 for most ChromeOS devices.
The Beta channel has been updated to 131.0.6778.17 (Platform version: 16063.13.0) for most ChromeOS devices.
The Stable channel is being updated to OS version: 16033.43.0 Browser version: 130.0.6723.84 for most ChromeOS devices.
Security Fixes and Rewards
ChromeOS Vulnerability Rewards Program Reported Bug Fixes:
N/A
Other 3rd Party Security Fixes Included:
High Fixes CVE-2024-7006 in libtiff
Medium Fixes CVE-2024-47076 CVE-2024-47175 CVE-2024-47176 CVE-2024-47177 in CUPS
Android Security fixes can be found here
Chrome Browser Security Fixes:
[$4000.0] [368672129] MEDIUM CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S on 2024-09-21
[$36000.0] [367755363] HIGH CVE-2024-9954:Use after free in AI. Reported by DarkNavy on 2024-09-18
[$TBD] [367734947] HIGH CVE- DCHECK failure in base_.kind() == JAVA_SCRIPT in frames.h on 2024-09-17
[$TBD] [366635354] HIGH CVE- V8 correctness failure in sources: 1e - Missing TypeError in inlined js-to-wasm wrapper for ref extern on 2024-09-14
[$1000.0] [364773822] LOW CVE-2024-9966 Inappropriate implementation in Navigations. Reported by Harry Chen on 2024-09-05
[TBD][375123371] CRITICAL CVE-2024-10487: Out of bounds write in Dawn. Reported by Apple Security Engineering and Architecture (SEAR) on 2024-10-23[TBD][374310077] HIGH CVE-2024-10488: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564) on 2024-10-18[TBD][371011220] HIGH CVE-2024-10229: Inappropriate implementation in Extensions. Reported by Vsevolod Kokorin (Slonser) of Solidlab on 2024-10-02
[TBD][371565065] HIGH CVE-2024-10230: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-05
[TBD][372269618] HIGH CVE-2024-10231: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-10-09
[$1000.0] [364508693] MEDIUM CVE-2024-9962 : Inappropriate implementation in Permissions. Reported by Shaheen Fazim on 2024-09-04
[$3000.0] [361711121] LOW CVE-2024-9964 : Inappropriate implementation in Payments. Reported by Hafiizh on 2024-08-23
[$2000.0] [354748063] MEDIUM CVE-2024-9960: Use after free in Dawn. Reported by Anonymous on 2024-07-23
[$TBD] [328278718] MEDIUM CVE-2024-9963 : Insufficient data validation in Downloads. Reported by st4nly0n on 2024-03-06
[$5000.0] [40076120] MEDIUM CVE-2024-9958 Inappropriate implementation in PictureInPicture. Reported by Lyra Rebane (rebane2001) on 2023-11-02
Giuliana Pritchard
Google ChromeOS
A new LTS-126 version 126.0.6478.256 (Platform Version: 15886.81.0), has rolled out for most ChromeOS devices.
The Beta channel is being updated to OS version: 16033.38.0, Browser version: 130.0.6723.79 for most ChromeOS devices.
Giuliana Pritchard,
The Stable channel is being updated to OS version: 16002.60.0 Browser version: 129.0.6668.112 for most ChromeOS devices.
Matt NelsonGoogle ChromeOS
The Beta channel is being updated to OS version: 16033.32.0, Browser version: 130.0.6723.63 for most ChromeOS devices.
The Dev channel has been updated to 131.0.6778.0 (Platform version: 16063.2.0) for most ChromeOS devices.
The Stable channel is being updated to OS version: 16002.58.0 Browser version: 129.0.6668.110 for most ChromeOS devices.
A new LTS-126 version 126.0.6478.255 (Platform Version: 15886.80.0), is being rolled out for most ChromeOS devices.
The Beta channel is being updated to OS version: 16033.24.0, Browser version: 130.0.6723.36 for most ChromeOS devices.
The Dev channel has been updated to 131.0.6752.0 (Platform version: 16052.0.0) for most ChromeOS devices.
The Beta channel is being updated to OS version: 16033.17.0, Browser version: 130.0.6723.25 for most ChromeOS devices.
This release includes upstream updates to CUPS components and the removal of cups-browsed.
When booted in verified mode, ChromeOS devices are not impacted by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177
The Stable channel is being updated to OS version: 16002.44.0 Browser version: 129.0.6668.80 for most ChromeOS devices.
[$55000][365376497] High CVE-2024-8904: Type Confusion in V8. Reported by Popax21 on 2024-09-08
[$8000][359949835] Medium CVE-2024-8905: Inappropriate implementation in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team on 2024-08-15
[$1000][337222641] Low CVE-2024-8908: Inappropriate implementation in Autofill. Reported by Levit Nudi from Kenya on 2024-04-26
[$8000][363538434] High CVE-2024-9121: Inappropriate implementation in V8. Reported by Tashita Software Security on 2024-09-01
[TBD][365802567] High CVE-2024-9122: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) on 2024-09-10
[TBD][365884464] High CVE-2024-9123: Integer overflow in Skia. Reported by raven at KunLun lab on 2024-09-11
