Chrome Releases: September 2023

Chrome Dev for Android Update

Thursday, September 21, 2023

Hi everyone! We've just released Chrome Dev 119 (119.0.6019.3) for Android. It's now available on Google Play.You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.If you find a new issue, please let us know by filing a bug.Erhu Akpobaro
Google Chrome

Long Term Support Channel Update for ChromeOS

Thursday, September 21, 2023

Release notes for LTC-114 can be found here
Want to know more about Long-term Support? Click here

This update contains multiple Security fixes, including:

1470477 High CVE-2023-4428 Out of bounds memory access in CSS

1464215 High CVE-2023-4354 Heap buffer overflow in Skia

1470668 High CVE-2023-4427 Out of bounds memory access in V8

1458046 High CVE-2023-4353 Heap buffer overflow in ANGLE

1450376 Medium CVE-2023-3734 Inappropriate implementation in Picture In Picture.

1458911 Medium CVE-2023-4357 Insufficient validation of untrusted input in XML

1450203 Medium CVE-2023-3733 Inappropriate implementation in WebApp Installs

High CVE-2023-3390 A use-after-free vulnerability in the Linux kernel's netfilter subsystem

Giuliana Pritchard
Google ChromeOS

A new LTC-114 version, 114.0.5735.332 (Platform Version: 15437.68.0), was rolled out for most ChromeOS devices.

If you have devices in the LTC channel, they will be updated to this version. The LTS channel remains on LTS-108 until September 26th, 2023.
Release notes for LTC-114 can be found here
Want to know more about Long-term Support? Click here

This update contains multiple Security fixes, including:

1470477 High CVE-2023-4428 Out of bounds memory access in CSS

1464215 High CVE-2023-4354 Heap buffer overflow in Skia

1470668 High CVE-2023-4427 Out of bounds memory access in V8

1458046 High CVE-2023-4353 Heap buffer overflow in ANGLE

1450376 Medium CVE-2023-3734 Inappropriate implementation in Picture In Picture.

1458911 Medium CVE-2023-4357 Insufficient validation of untrusted input in XML

1450203 Medium CVE-2023-3733 Inappropriate implementation in WebApp Installs

High CVE-2023-3390 A use-after-free vulnerability in the Linux kernel's netfilter subsystem

Giuliana Pritchard
Google ChromeOS

Beta Channel Update for ChromeOS/ChromeOS Flex

Wednesday, September 20, 2023

The Beta channel is being updated to OS version: 15604.16.0, Browser version: 118.0.5993.18 for most ChromeOS devices.If you find new issues, please let us know one of the following ways:

File a bug

Visit our ChromeOS communities

General: Chromebook Help Community
Beta Specific: ChromeOS Beta Help Community

Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

Cole Brown,Google ChromeOS

Chrome Beta for Android Update

Wednesday, September 20, 2023

Hi everyone! We've just released Chrome Beta 118 (118.0.5993.21) for Android. It's now available on Google Play.You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.If you find a new issue, please let us know by filing a bug.Krishna Govind
Google Chrome

Chrome Beta for Desktop Update

Wednesday, September 20, 2023

The Beta channel has been updated to 118.0.5993.18 for Windows, Mac and Linux.A partial list of changes is available in the Git log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.Daniel Yip
Google Chrome

Chrome Beta for iOS Update

Wednesday, September 20, 2023

Hi everyone! We've just released Chrome Beta 118 (118.0.5993.21) for iOS; it'll become available on App Store in the next few days.You can see a partial list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.Krishna Govind
Google Chrome

Long Term Support Channel Update for ChromeOS

Monday, September 18, 2023

1479274 High CVE-2023-4863 Heap buffer overflow in Web

1472492 High CVE-2023-4572 Use after free in MediaStream

1470668 High CVE-2023-4427 Out of bounds memory access in V8

Giuliana Pritchard

Google Chrome OS

LTS-108 is being updated in the LTS channel to 108.0.5359.243 (Platform Version: 15183.106.0) for most ChromeOS devices. Want to know more about Long Term Support? Click here.
This update contains multiple Security fixes, including:
1479274 High CVE-2023-4863 Heap buffer overflow in Web1472492 High CVE-2023-4572 Use after free in MediaStream1470668 High CVE-2023-4427 Out of bounds memory access in V8

Giuliana Pritchard

Google Chrome OS

Chrome Stable for iOS Update

Saturday, September 16, 2023

Hi everyone! We've just released Chrome Stable 117 (117.0.5938.108) for iOS; it'll become available on App Store in the next few hours.This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.Harry Souders
Google Chrome

Stable Channel Update for Desktop

Friday, September 15, 2023

Prudhvikumar Bommana

Google Chrome

Chrome Dev for Android Update

Thursday, September 14, 2023

Hi everyone! We've just released Chrome Dev 119 (119.0.6006.3) for Android. It's now available on Google Play.You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.If you find a new issue, please let us know by filing a bug.Erhu Akpobaro
Google Chrome

Chrome Stable for iOS Update

Thursday, September 14, 2023

Hi everyone! We've just released Chrome Stable 117 (117.0.5938.104) for iOS; it'll become available on App Store in the next few hours.This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.Harry Souders
Google Chrome

Chrome Beta for Android Update

Wednesday, September 13, 2023

Hi everyone! We've just released Chrome Beta 118 (118.0.5993.13) for Android. It's now available on Google Play.You can see a partial list of the changes in the Git log. For details on new features, check out the Chromium blog, and for details on web platform updates, check here.If you find a new issue, please let us know by filing a bug.Krishna Govind
Google Chrome

Chrome Beta for iOS Update

Wednesday, September 13, 2023

Hi everyone! We've just released Chrome Beta 118 (118.0.5993.13) for iOS; it'll become available on App Store in the next few days.You can see a partial list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.Krishna Govind
Google Chrome

Stable Channel Desktop Update

Wednesday, September 13, 2023

The Stable channel has been updated to 109.0.5414.165 for Windows Server 2012 and Windows Server 2012 R2 only, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log.For more details on this change refer hereSrinivas SistaGoogle Chrome

Chrome Dev for Desktop Update

Wednesday, September 13, 2023

The Dev channel has been updated to 118.0.5993.11 for Windows, Mac and Linux.A partial list of changes is available in the Git log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.Daniel Yip
Google Chrome

Chrome Stable for iOS Update

Wednesday, September 13, 2023

Hi everyone! We've just released Chrome Stable 117 (117.0.5938.82) for iOS; it'll become available on App Store in the next few hours.This release includes stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let us know by filing a bug.Harry Souders
Google Chrome

Chrome for Android Update

Tuesday, September 12, 2023

Android releases contain the same security fixes as their corresponding Desktop release (Windows: 117.0.5938.62/.63; Mac & Linux: 117.0.5938.62), unless otherwise noted.

Harry Souders
Google Chrome

Hi, everyone! We've just released Chrome 117 (117.0.5938.60) for Android: it'll become available on Google Play over the next few days.Git logfiling a bug
Android releases contain the same security fixes as their corresponding Desktop release (Windows: 117.0.5938.62/.63; Mac & Linux: 117.0.5938.62), unless otherwise noted.
Harry Souders
Google Chrome

Stable Channel Update for Desktop

Tuesday, September 12, 2023

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 21 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$NA][1479274] Critical CVE-2023-4863: Heap buffer overflow in WebP. Reported by Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School on 2023-09-06

[N/A][40070891] High CVE-2023-7010: Use after free in WebRTC. Reported by Ned Williamson of Google Project Zero on 2023-08-30

[$15000][40061476] High CVE-2024-3176: Out of bounds write in SwiftShader. Reported by Chaoyuan Peng (@ret2happy) on 2022-10-26

[$3000][1430867] Medium CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya on 2023-04-06

[$3000][1459281] Medium CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali on 2023-06-29

[$2000][1454515] Medium CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong on 2023-06-14

[$1000][1446709] Medium CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry on 2023-05-18

[$1000][1453501] Medium CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks on 2023-06-09

[$500][1441228] Medium CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh on 2023-04-29

[$1000][40061509] Medium CVE-2023-7012: Insufficient data validation in Permission Prompts. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2022-10-28

[$6000][1449874] Low CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry on 2023-05-30

[$2000][1462104] Low CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) on 2023-07-04

[$TBD][1451543] Low CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong on 2023-06-06

[$TBD][1463293] Low CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong on 2023-07-09

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Google is aware that an exploit for CVE-2023-4863 exists in the wild.

As usual, our ongoing internal security work was responsible for a wide range of fixes:

[1481336] Various fixes from internal audits, fuzzing and other initiatives

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Prudhvikumar Bommana
Google Chrome

The Chrome team is delighted to announce the promotion of Chrome 117 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.Chrome 117.0.5938.62 (Linux and Mac), 117.0.5938.62/.63( Windows) contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 117.