❌

Normale weergave

Ontvangen β€” 20 Juni 2026 ⏭ Software

32.2.0-beta1: OBS Studio 32.2.0 Beta 1

βœ‡OBS
Door: RytoEX
20 Juni 2026 om 20:07

32.2 New Features

  • Replaced add source dropdown with new dialog [Warchamp7]
  • Improved FPS selector UX [jcm93]
  • Added missing file support for filters [exeldro]
  • Added ability for plugins to set custom icons for new source types [cg2121]
  • Included .webp files when adding a directory to Image Slide Show source [TarunCore]
  • Added copy paste functions to frontend API [exeldro]
  • Added filter to compose SDR into HDR [jpark37]
  • Added delete as a hotkey to delete sources on macOS [PatTheMav]
  • Added dynamic bitrate support to multitrack video [lexano-ivs]

32.2 Changes

  • Forced Intel-based installations to update to Apple Silicon version on macOS [PatTheMav]
    • This change means that OBS Studio versions built for Intel-based Macs but running on Apple Silicon Macs will automatically update to OBS Studio built for Apple Silicon Macs. If an installation was using third-party plugins, those plugins will no longer load until replaced with Apple Silicon versions.
  • Fixed audio mixer state getting out of sync when changing settings via websockets or plugins [Warchamp7]
  • Added theming for checked QToolButtons [glikely]
  • Improved OpenGL performance slightly on low-end machines [kkartaltepe]
  • Set minimum size for color source to 1 pixel [exeldro]
  • Added minimum width to spinboxes [Warchamp7]
  • Disallowed overwriting the crash handler [sebastian-s-beckmann]
  • Applied process mitigation policies for Windows [notr1ch]
  • Adjusted description of multitrack video [jhnbwrs]
  • Changed new capture devices to use fallback frame rate by default [PatTheMav]
  • Improved DLL loading behavior on Windows [notr1ch]
  • Limited multitrack video config to Custom service [PatTheMav]

32.2 Bug Fixes

  • Fixed OAuth and dock state save corruption [PatTheMav]
  • Fixed group bounds not resizing when removing items [howellrl]
  • Fixed canvas mixes not being restored after video reset [dsaedtler]
  • Fixed some erroneous crashes during shutdown [Warchamp7]
  • Fixed display capture sometimes capturing black after a duplicator failure [ThrowTop]
  • Fixed color of controls dock output buttons in System theme [shiina424]
  • Fixed virtual camera reset failures [stephematician]
  • Fixed potential crash when user discards changes in the settings window [suogesi]
  • Fixed incorrect return value in virtualcam filter [xtfo]
  • Fixed source toolbar buttons not working after dragging a source into a group [Warchamp7]
  • Fixed properties hint icon spacing [Warchamp7]
  • Fixed potential crash when a video device reconnects on macOS [jcm93]
  • Fixed an issue where PipeWire could fail on NVIDIA GPUs [hoshinolina]
  • Fixed obs_canvas_get_video_info returning incorrect framerate [dsaedtler]

32.2 Deprecations

  • Deprecated obs_properties_add_button [sebastian-s-beckmann]

  •  
  • ↗️

HeidiSQL v12.19

βœ‡HeidiSQL
Door: github-actions[bot]
20 Juni 2026 om 13:27

12.19 - 2026-06-20

⛰️ Features

  • Label the new tab like the selected table, in the "Select top x rows" action - (f87cc85)

πŸš€ Enhancements

  • Pass LogLevel=error to the SSH command line - (923296d)

πŸ› Bug Fixes

  • (ui) Apply "disabled painting" to tree node icons, not to the text which gets unreadable - (4b2f469)
  • Crash in grid export with no focused column and usage of IfThen() which evaluates all arguments before the function is called - (bfe336b)
  • Reveal default text value of SQLite columns - (7f6e368)
  • Do not use INVISIBLE keyword on MariaDB - (fb082b8)
  • Prevent duplicate icons in Linux Alt-Tab by providing StartupWMClass with what xprop told me in the WM_CLASS line - (249c311)
  • Compiler error 4001 on arm64: Incompatible type - (1dbe1ae)
  • Compiler error 4001 and 4025on arm64: Incompatible type for arg no. 1: Got "SYSTEM.UITYPES.TFontStyles", expected "GRAPHICS.TFontStyles" - (aefc8fb)
  • Compiler error 4001 on arm64: Incompatible types: got "TFontStyles" expected "Set Of TFontStyle" - (f67445f)
  • Unhide hint on lblPasswordHint - (5f35d41)
  • Initially visible password hint may confuse user - (ed0f932)
  • Set new authentication plugin only if the user changed it, and then hint the user this will reset the password - (4ed89b8)
  • Error dialog due to unsupported SHOW GLOBAL VARIABLES query on MySQL 3.x servers - (49c70f8)
  • Truncate strings on UTF-8 boundaries in StrEllipsis - (2174388)
  • Prevent access violation on session disconnect (nil ActivePage) - (f878277)
  • "sort alphabetically" checkbox in column selector does nothing on macOS - (ec2b942)
  • A checkbox does not seem to have Focused on macOS during a mouse-click - (c21f646)
  • Work around mysql bug for "hidden" routines in UPPERCASE databases - (f51834c)

βš™οΈ Miscellaneous Tasks

  • Add missing download QT6ARM step to release job - (7df0567)
  • Align hostname in Transifex config file with the one in my ~/.transifexrc - (1a316c6)
  • Align Transifex config to current directory structure, and add a client for Windows - (40bfb69)
  • Require new step in release job, fix /tmp naming - (1fb805d)
  • Attempt to compile a QT6 binary for Linux ARM64 / RaspiOS - (5dc2bc4)

Localize

  • Update compiled .mo translation files - (ae730a8)

Contributors

  •  
  • ↗️
Ontvangen β€” 18 Juni 2026 ⏭ Software

Firefox

βœ‡Mozilla Firefox
18 Juni 2026 om 14:50

Fixed

  • Fixed frequent crashes affecting users with Intel Raptor Lake processors. (Bug 2039575)

  • Fixed an issue on macOS where choosing a PDF option, such as "Save as PDF", from the system print dialog would send the job to your printer instead of saving a file. (Bug 2047850)

  •  
  • ↗️
Ontvangen β€” 17 Juni 2026 ⏭ Software

Early Stable Update for Desktop

βœ‡Google Chrome
17 Juni 2026 om 18:10

The Stable channel has been updated to 150.0.7871.24/.25 for Windows and Mac as part of our early stable release to a small percentage of users. A full list of changes in this build is available in the log.

You can find more details about early Stable releases here.

Interested in switching release channels? Β Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Daniel Yip

Google Chrome

  •  
  • ↗️

Stable Channel Update for Desktop

βœ‡Google Chrome
17 Juni 2026 om 03:32

The Stable channel has been updated to 149.0.7827.155/.156 for Windows and Mac and 149.0.7827.155 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 33 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[N/A][516496659] Critical CVE-2026-12437: Use after free in WebShare. Reported by Google on 2026-05-25

[N/A][516947912] Critical CVE-2026-12438: Inappropriate implementation in WebView. Reported by Google on 2026-05-27

[N/A][519728275] Critical CVE-2026-12439: Use after free in Digital Credentials. Reported by Google on 2026-06-03

[N/A][519731619] Critical CVE-2026-12440: Use after free in DigitalCredentials. Reported by Google on 2026-06-03

[N/A][520157118] Critical CVE-2026-12441: Use after free in File Input. Reported by Google on 2026-06-05

[N/A][521950423] Critical CVE-2026-12442: Use after free in Passwords. Reported by Google on 2026-06-09

[N/A][522566295] Critical CVE-2026-12443: Use after free in Web Authentication. Reported by Google on 2026-06-11

[N/A][513160088] High CVE-2026-12444: Out of bounds read in Chromoting. Reported by Google on 2026-05-14

[N/A][513199795] High CVE-2026-12445: Use after free in Extensions. Reported by Google on 2026-05-14

[N/A][513313107] High CVE-2026-12446: Insufficient data validation in Passwords. Reported by Google on 2026-05-14

[N/A][513405023] High CVE-2026-12447: Heap buffer overflow in WebRTC. Reported by Google on 2026-05-15

[N/A][513458233] High CVE-2026-12448: Inappropriate implementation in WebView. Reported by Google on 2026-05-15

[N/A][513480539] High CVE-2026-12449: Use after free in Chromoting. Reported by Google on 2026-05-15

[N/A][514531776] High CVE-2026-12450: Inappropriate implementation in Media. Reported by Zhixin Tu on 2026-05-19

[N/A][514741076] High CVE-2026-12451: Use after free in DigitalCredentials. Reported by Google on 2026-05-19

[N/A][515462244] High CVE-2026-12452: Use after free in Downloads. Reported by Google on 2026-05-21

[N/A][516448843] High CVE-2026-12453: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-25

[N/A][516926968] High CVE-2026-12454: Race in Safe Browsing. Reported by Google on 2026-05-27

[N/A][517069848] High CVE-2026-12455: Use after free in Tab Strip. Reported by Google on 2026-05-27

[N/A][517124587] High CVE-2026-12456: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-27

[N/A][517153117] High CVE-2026-12457: Insufficient data validation in Extensions. Reported by Google on 2026-05-27

[N/A][517258337] High CVE-2026-12458: Incorrect security UI in Passwords. Reported by Google on 2026-05-27

[N/A][517406035] High CVE-2026-12459: Inappropriate implementation in Serial. Reported by Google on 2026-05-28

[N/A][517484284] High CVE-2026-12460: Insufficient policy enforcement in File System Access. Reported by Google on 2026-05-28

[N/A][517727318] High CVE-2026-12461: Out of bounds read in WebRTC. Reported by Google on 2026-05-29

[N/A][517916024] High CVE-2026-12462: Use after free in Media. Reported by Google on 2026-05-29

[N/A][518042749] High CVE-2026-12463: Inappropriate implementation in Views. Reported by Google on 2026-05-30

[N/A][519358344] High CVE-2026-12464: Use after free in Browser. Reported by Google on 2026-06-03

[N/A][520189702] High CVE-2026-12465: Insufficient validation of untrusted input in Metrics. Reported by Google on 2026-06-05

[N/A][520199394] High CVE-2026-12466: Heap buffer overflow in WebRTC. Reported by Google on 2026-06-05

[N/A][520202726] High CVE-2026-12467: Use after free in Extensions. Reported by Google on 2026-06-05

[N/A][521485244] High CVE-2026-12468: Inappropriate implementation in Updater. Reported by Google on 2026-06-08

[N/A][521618871] High CVE-2026-12469: Uninitialized Use in GPU. Reported by Google on 2026-06-09


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Daniel Yip

Google Chrome

  •  
  • ↗️

Extended Stable Update for Desktop

βœ‡Google Chrome
16 Juni 2026 om 23:30

The Extended Stable channel has been updated to 148.0.7778.271 for Windows and Mac which will roll out over the coming days/weeks.


A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Daniel Yip
Google Chrome
  •  
  • ↗️
Ontvangen β€” 16 Juni 2026 ⏭ Software

2.7.3

βœ‡MPC-HC
Door: clsid2
16 Juni 2026 om 21:16

Donations are appreciated. There is now a PayPal option.

Changes from 2.7.2 to 2.7.3:

Updates:

  • Updated LAV Filters to version 0.82
  • Updated MPC Video Renderer to version 0.10.4.2550
  • Updated MPC Audio Renderer

Fixes:

  • A few crash fixes, bug fixes and small improvements.

OpenSubtitles download error 406

Subtitle downloads from OpenSubtitles may fail depending on time of day. This is due to our daily download quota being exceeded. Current amount of donations is barely enough to pay for the existing quota. So it is unlikely that quota can be increased and situation will get worse over time.
If you create an OpenSubtitles account and configure it in MPC-HC settings then you may be able to bypass the quota.
Options > Subtitles > Misc > Right-click on OpenSubtitles.com > Setup > Fill in username/password

Overview of features

A lot of people seem to be unaware of some of the awesome features that have been added to MPC-HC in the past years. Here is a list of useful options and features that everyone should know about:

  • Play HDR video
    This requires using either MPC Video Renderer (MPCVR) or madVR.
    These renderers can be selected here:
    Options > Playback > Output
    With other video renderers, the colors will be wrong!
    MPCVR is now included and is the recommended renderer for modern systems. MadVR needs to be installed separately. MPCVR also supports Dolby Vision. MadVR does not.
    For optimal performance you should change the hardware decoder to D3D11 in LAV Video Decoder settings when using MPCVR on Windows 10/11, because this renderer uses DirectX11.
    (Automatic detection of GPU and configuration of the above settings is high on my ToDo list, so MPC-HC will have better default out-of-the-box settings on modern systems in the future.)
  • The installer of MPC-HC is very basic (and that will not change).
    I therefore recommend using K-Lite Codec Pack. That includes MPC-HC and other essential components. It has a very advanced installation that can automatically create file associations, and helps you with easy configuration of important MPC-HC settings, such as preferred subtitle language. It also does automatic configuration of renderer and hardware decoding, for best performance and HDR support.
    The Standard version should be sufficient for most people. Use Full version of you like to use MadVR.
  • Modern GUI Theme (Dark or Light) or the old classic theme
    Options > Player > User Interface
    It is also possible to change the height of the seekbar and size of the toolbar buttons.
    Plus there are options to show audio/video details in the statusbar, such as codec and resolution.
  • Customizable toolbar buttons
    You can add/remove/re-order the player buttons.
    There are also several different toolbar designs to choose from.
  • Video preview on the seekbar
    Options > Player > User Interface > Hover type
  • Ability to search for subtitles
    Press D for manual search.
    Or enable automatic search in: Options > Subtitles > Misc
  • Adjust playback speed
    Menu > Play > Playback rate
    The buttons in the player that control playback rate take a 2x step by default. This can be customized to smaller values (like 10%):
    Options > Playback > Speed step
    Adjusting playback speed works best with the internal audio renderer. This also has automatic pitch correction.
    Options > Playback > Output > Audio Renderer
  • MPC-HC can remember recently played files and also their playback position, so you can resume playback from when you left
    Options > Player > History
  • You can quickly seek through a video with Ctrl + Mouse Scrollwheel.
  • You can jump to next/previous file in a folder by pressing PageUp/PageDown.
  • You can right-click on the framestep button to step backwards. Some other buttons also have right-click actions, such as closing file by right-clicking stop.
  • You can perform automatic actions at end of file. For example to go to next file or close player.
    Options > Playback > After Playback (permanent setting)
    Menu > Play > After Playback (for current file only)
  • A-B repeat
    You can loop a segment of a video. Press [ and ] to set start and stop markers.
  • You can rotate/flip/mirror/stretch/zoom the video
    Menu > View > Pan&Scan
    This is also easily done with hotkeys (see below).
  • There are lots of keyboard hotkeys and mouse actions to control the player. They can be customized as well.
    Options > Player > Keys
    Tip: there is a search box above the table.
  • You can hide GUI elements even in windowed mode
    Options > User Interface > Hide Windowed Controls
    That hides most GUI elements during playback. To show them simply move your mouse to bottom of window.
    You can even hide everything except the video by pressing 1 (restore normal view with 3).
  • You can seek inside the playlist by simply typing text (when playlist window has the mouse focus).
  • MPC-HC also supports Blu-ray playback.
    Only limitation is that you need to use a decrypting tool.
    And it also does not support Blu-ray menus, but you can use the navigate menu in the player to select the content to play.
  • You can stream videos directly from Youtube and many other video websites
    Put yt-dlp.exe in the MPC-HC installation folder.
    Then you can open website URLs in the player: Menu > File > Open File/URL
    You can even download those videos: Menu > File > Save a copy
    Tip: to be able to download in best quality with yt-dlp, it is recommended to also put ffmpeg.exe in the MPC-HC folder.
    Several YDL configuration options are found here: Options > Advanced
    This includes an option to specify the location of yt-dlp.exe in case you don't want to put it in MPC-HC folder.
    Note 1: You also need to install Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)
    Note 2: For optimal Youtube support you may also need to put deno.exe in same folder as yt-dlp.
    Note 3: yt-dlp nightly build (very latest version made daily)
    Note 4: yt-dlp windows7 compatible build
  • Besides all these (new) features, there have also been many bugfixes and internal improvements in the player in the past years that give better performance and stability. It also has updated internal codecs. Support was added for CUE sheets, WebVTT subtitles, etc.
  • You should really take a few minutes to look through all the options pages if you are a new user or if you are upgrading from a very old version. Don't forget the advanced options page.

MPC Video Renderer

Frequently Asked Questions

  •  
  • ↗️

Firefox

βœ‡Mozilla Firefox
17 Juni 2026 om 16:40

New

  • Firefox Settings features a brand-new look with streamlined organization, clearer groupings, and improved navigation for easier customization.

    Screenshot of the redesigned Firefox Settings

  • In Private Browsing windows, you can now temporarily disable tracker blocking for a tab if it's causing a site to break. When you reload a page where trackers were blocked, Firefox shows a message offering to reload without the stricter protections. All other tracking protections stay active.

    Screenshot of infobar offering to disable tracking protection

  • You can now mute your browser from the address bar: type "mute" (or "shush" or "sssh") and use the address bar quick action to silence every tab currently playing sound across all Firefox windows.

  • Improved support for more advanced cursor movement commands, including those relating to paragraph boundaries, on macOS.

  • On Windows and Linux, you can now copy links via the tab context menu by right-clicking a tab and selecting Share > Copy Link, making it easy to copy a link without switching to the tab first. When multiple tabs are selected, you can copy all selected links at once. Windows users still retain access to Microsoft sharing options from the Share menu.

  • A "Send tab" toolbar button is now available which can be added via More Tools > Customize Toolbar.

  • The following languages are now available for Translations:

    • Basque
    • Galician

  • Firefox builds in Croatian, English (UK), Georgian, Persian, Slovenian, Tajik, Tamil, Tibetan, Turkish, Welsh, and Xhosa now come with a built-in dictionary for the Firefox spellchecker.

Firefox Labs

  • Firefox now offers experimental support for the new JPEG XL image format, which generally provides better compression than WebP, JPEG, PNG, and GIF and is designed to supersede them. You can enable it from the Firefox Labs panel in Settings.

    Screenshot showing JPEG XL in Firefox Labs

Fixed

  • Fixed an issue where the Paste option could be missing from context menus when editing content on sites such as Squarespace, LinkedIn, and eBay.

  • Improved dragging images from Firefox to the desktop or Finder on macOS β€” images now save reliably and land where you drop them.

  • In multiple monitor situations, the About Firefox window now more reliably opens on the display with the most recently used Firefox window.

  • Fixed arrow-key text navigation and word selection commands that moved in the wrong direction in right-to-left text on macOS and Linux.

  • Various security fixes.

Changed

  • Site zooming via keyboard or mouse now offers more zoom levels in smaller increments than before.

  • When a PDF or other file that Firefox opens directly finishes downloading, it now opens in a background tab if you've switched tabs or closed the original page.

  • The Tabs from Other Devices panel in the sidebar now lets you open tabs in a new tab or a new container tab from the context menu.

Developer

Web Platform

  • Web Notifications can now have action buttons via the actions option. They appear as buttons below the notification text or in the Options list on macOS.

  • The field-sizing property is now available, allowing form controls to adjust in size to fit their contents.

  • Firefox now supports the WebAuthn Related Origin Request feature, which simplifies login flows by making Passkeys usable from multiple domains.

  • The Pointer Lock API now supports the unadjustedMovement option, allowing sites to receive raw mouse-movement data unaffected by OS-level acceleration.

Community Contributions

  •  
  • ↗️
Ontvangen β€” 13 Juni 2026 ⏭ Software

Dopamine 3.0.6

βœ‡Dopamine
Door: digimezzo
13 Juni 2026 om 07:12

[3.0.6] - 2026-06-13

Fixed

  • Manually edited album covers are overwritten on the next collection refresh
  • Fixed AppImage package not working on modern GNU/Linux distributions
  • Deleting song from playlist sometimes fails
  • Playback controls only work when clicking on upper half of the buttons
  • It's unclear that files must be tagged with an external ReplayGain scanner (for example rsgain) before normalization can take effect.
  • Change to Artist or Album tags is not reflected in the song list view nor in the Now Playing information
  • ReplayGain issues
  • Smart playlist filters ignore text containing accents or other special characters
  • Some MP3 files trigger an "MPEG header not found" error due to a too-narrow initial MPEG header scan range

Changed

  • Updated the Vietnamese translation

  •  
  • ↗️
Ontvangen β€” 12 Juni 2026 ⏭ Software

HWMonitor 1.64

βœ‡HWMonitor
12 Juni 2026 om 22:05
  • Intel Arc G3 & G3 Extreme (Panther Lake).
  • Intel Core Ultra 5 250KF Plus (Arrow Lake Refresh).
  • AMD Ryzen 7 7700X3D (Raphael).
  • AMD Ryzen AI Max+ 495, 492, 488 (Gorgon Halo).
  • AMD Ryzen AI Max 490, 485 (Gorgon Halo).
  • AMD Ryzen AI Max PRO 495, 490, 485, 480 (Gorgon Halo).
  • AMD Ryzen 9 9950X3D2 (Granite Ridge).
  • AMD Ryzen 9 PRO 9965X3D, PRO 9945 (Granite Ridge).
  • AMD Ryzen 7 PRO 9755, PRO 9745 (Granite Ridge).
  • AMD Ryzen 5 PRO 9645 (Granite Ridge).
  • AMD Ryzen AI 7/PRO 450G/GE (Gorgon Point 2).
  • AMD Ryzen AI 5/PRO 440G/GE (Gorgon Point 2).
  • AMD Ryzen AI 5/PRO 435G/GE (Gorgon Point 3).
  • Support of HUDIMM and HSODIMM memory modules.
  • New themes.
  • New real-time graphs.
  •  
  • ↗️

Extended Stable Updates for Desktop

βœ‡Google Chrome
11 Juni 2026 om 20:59

The Extended Stable channel has been updated to 148.0.7778.265Β for Windows and Mac which will roll out over the coming days/weeks.


A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista
Google Chrome
  •  
  • ↗️

Stable Channel Update for Desktop

βœ‡Google Chrome
16 Juni 2026 om 23:29

The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 27 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[N/A][516731749] Critical CVE-2026-12007: Use after freeΒ  Core. Reported by Google on 2026-05-26

[N/A][516942828] Critical CVE-2026-12008: Use after freeΒ  DigitalCredentials. Reported by Google on 2026-05-27

[N/A][517332006] Critical CVE-2026-12009: Insufficient validation of untrusted inputΒ  Accessibility. Reported by Google on 2026-05-28

[N/A][517531647] Critical CVE-2026-12010: Heap buffer overflowΒ  GPU. Reported by Google on 2026-05-28

[N/A][518108291] Critical CVE-2026-12011: Use after freeΒ  WebMIDI. Reported by Google on 2026-05-30

[N/A][499182801] High CVE-2026-12012: Use after freeΒ  Network. Reported by Google on 2026-04-03

[N/A][514742747] High CVE-2026-12014: Use after freeΒ  Cast. Reported by Google on 2026-05-19

[N/A][515463295] High CVE-2026-12015: Use after freeΒ  Autofill. Reported by Google on 2026-05-21

[N/A][516482138] High CVE-2026-12016: Insufficient validation of untrusted inputΒ  DevTools. Reported by Google on 2026-05-25

[N/A][516797143] High CVE-2026-12017: Insufficient validation of untrusted inputΒ  Extensions. Reported by Google on 2026-05-26

[N/A][516808201] High CVE-2026-12018: Inappropriate implementationΒ  Mojo. Reported by Google on 2026-05-26

[N/A][516872067] High CVE-2026-12019: Out of bounds writeΒ  Codecs. Reported by Google on 2026-05-26

[N/A][516907083] High CVE-2026-12020: Use after freeΒ  Autofill. Reported by Google on 2026-05-27

[N/A][516929496] High CVE-2026-12022: RaceΒ  Safe Browsing. Reported by Google on 2026-05-27

[N/A][517018374] High CVE-2026-12023: Use after freeΒ  GPU. Reported by Google on 2026-05-27

[N/A][517086161] High CVE-2026-12024: Insufficient policy enforcementΒ  DevTools. Reported by Google on 2026-05-27

[N/A][517153191] High CVE-2026-12025: Insufficient validation of untrusted inputΒ  Network. Reported by Google on 2026-05-27

[N/A][517347084] High CVE-2026-12026: Out of bounds readΒ  Video. Reported by Google on 2026-05-28

[N/A][517517155] High CVE-2026-12027: Insufficient policy enforcementΒ  Headless. Reported by Google on 2026-05-28

[N/A][517555461] High CVE-2026-12028: Use after freeΒ  GPU. Reported by Google on 2026-05-28

[N/A][518002958] High CVE-2026-12029: Use after freeΒ  Video. Reported by Google on 2026-05-29

[N/A][518007423] High CVE-2026-12030: Heap buffer overflowΒ  GPU. Reported by Google on 2026-05-29

[N/A][518045638] High CVE-2026-12031: Inappropriate implementationΒ  Views. Reported by Google on 2026-05-30

[N/A][518128953] High CVE-2026-12032: Inappropriate implementationΒ  Passwords. Reported by Google on 2026-05-30

[N/A][519248779] High CVE-2026-12033: Out of bounds readΒ  VideoCapture. Reported by Google on 2026-06-02

[N/A][519258799] High CVE-2026-12034: Insufficient validation of untrusted inputΒ  Linux Toolkit Theming. Reported by Google on 2026-06-02

[N/A][520210566] High CVE-2026-12035: Use after freeΒ  Views. Reported by Google on 2026-06-05


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.



Interested in switching release channels? Find out howΒ here. If you find a new issue, please let us know byΒ filing a bug. TheΒ community help forumΒ is also a great place to reach out for help or learn about common issues.


Srinivas Sista

Google Chrome

  •  
  • ↗️
Ontvangen β€” 11 Juni 2026 ⏭ Software
Ontvangen β€” 9 Juni 2026 ⏭ Software

HeidiSQL v12.18

βœ‡HeidiSQL
Door: github-actions[bot]
9 Juni 2026 om 20:37

12.18 - 2026-06-09

⛰️ Features

  • (packaging) Create .rpm package through Makefile, plus let GH action run that step in release mode - (fc728cf)
  • Create checkbox in advanced session setting for new ForceUnicode setting - (75a0f7f)
  • Create opt-out setting "ForceUnicode", for sessions which shall not force Unicode communication - (ed9a94f)
  • Enable connection port visible in a column of the session tree - (7cfdb97)
  • Display auth plugin in a new column of the user listing tree - (3e4f562)
  • Support authentication plugin selection in user manager - (07112a0)
  • Grid export option for exporting the focused grid column only - (d896680)
  • Bypass automatic foreign key lookup in data grid editing through new menu item - (a5ae04b)
  • Add a separate menu item "copy formatted text", using the old code for copying SynEdit-highlighted text as HTML - (84c63c6)
  • Filter edit box for shortcuts in preferences - (fb243fc)
  • Create CLI app for adding PE security flags to heidisql.exe - (3e797e2)
  • Rename snippet per right-click on query helpers tree - (7171e48)
  • Name columns in SELECT when exporting table with invisible columns - (1799b0d)
  • Support invisible indexes on MySQL 8.0+ and ignored indexes on MariaDB 10.6+ - (b3fa484)
  • Support assigning a default role to a user - (96d2aef)
  • Support assigning roles to a user or role - (96717cd)
  • Do not require MySQL's RELOAD privilege just for opening the user manager - (f79d9a5)
  • When nodes are filtered, change "Check all" action to "Change all visible" - (ebd60b3)
  • Disable role rename, add menu item for creating a role, support role deletion - (83472c5)
  • Prevent editing contents of generated columns in data grid - (9ecdff0)
  • Basic support for MariaDB user roles, loaded without SQL error and shown with a different icon - (3249401)
  • Add context menu item for deleting a single query from the history - (0035d5e)
  • Reset a table's current auto_increment value in "delete + insert data" mode - (0422bb3)
  • Support cancelling server login dialog - (e5b9574)
  • Keep EXPLAIN output format traditional, on newer MySQL servers - (90f9937)
  • Make HTML export dark/light mode aware - (dc046e9)
  • Allow setting database to in PostgreSQL connections, and show and in the pulldown selector - (950e2ca)

πŸš€ Enhancements

  • Disable plugin selector as long as no user was selected - (54dd7d8)
  • Do not copy default type and value from previous column when adding columns to a table - (42a061d)
  • Suppress dialog for saving modified SQL on app close, when tabs get auto-restored - (4ca01d9)
  • Remove FLUSH PRIVILEGES from the user managers FormShow handler. If a click on a non-flushed user in the tree produces an exception, that is caught and shown as a normal error message. - (fe7a5ef)
  • 50% black grid lines, should fit on both light and dark theme - (1872916)
  • Increase supported table size and row limit for quick filter menu showing distinct values - (48eca57)

πŸ› Bug Fixes

  • (ui) Filter away vertical writing fonts with an @ prefix - (1814ee9)
  • (ui) Size and margin of buttons on SQL help dialog - (61bc258)
  • (ui) Apply the same larger tree node height on Linux - (c770406)
  • (ui) Remove default "add user" event from add button, turn it into a pure dropdown button - (d7910c1)
  • Copy table dialog crashes when none of dbtree and listtables has Focused=True - (9216061)
  • Prefer SHOW KEYS over SHOW INDEXES, which are synonyms, while very old servers only accept the one with KEYS - (b97122c)
  • Prevent grid queries from doing "WHERE intcol::text = 1", due to "1" being incompatible to the text value on the left - (bcea889)
  • Vulnerability CVE-2025-70873, updating SQLite libs to v3.53.1 - (2930be8)
  • Complaint about invalid password length on user plugins which have no fixed password length - (510b141)
  • SUBSTRING() on array typed VARCHARs throw "function substr(...) does not exist" - (5f2959d)
  • MS SQL throws "Cannot drop database xyz, because it is currently in use" when user is about to drop the current database - (fa2bb05)
  • Wrong tab order after inserting new checkbox in the middle - (59d4f1f)
  • Space missing in CREATE TABLE code of PG table with SERIAL column - (1633c33)
  • Quick filter prompts on numbers break WHERE clause through local formatting - (e7646a0)
  • Restore displayed session name in message dialog caption, was removed in commit:63028518f8b0d5869383d3bc0c42f188851797ed - (a6d6e70)
  • Missing bottom anchor on shortcuts tree - (f8c4bde)
  • Broken ci compilation for Windows - (570fab1)
  • Broken ci compilation, move -WB -WR linker options to the conditionals section of the lpi file - (97ec20b)
  • Turn exception in ParseViewStructure into a log message - (7562a1e)
  • Data grid filter cut with several double-dash comments on one line - (dac7b0e)
  • Hidden input box for line terminator in csv import dialog - (f20d634)
  • Mouse click in edited row calls save action although focus did not change - (b8313e5)
  • SSH command line tweaks, patch from jarczakpawel - (454571e)
  • Broken compilation due encoding update to utf-8: ellipsis char constant seen as string now, instead of char - (26b9696)
  • Replace hardcoded Windows directory separator with DirectorySeparator - (41615e6)
  • Explicitly set client encoding on PG connection - (79c5e4c)
  • MSSQL foreign key lookup to include table schema - (305534d)
  • Wrong ENUM column type detection, due to less strict regex - (e731fd0)
  • Do not start edit mode in ListTables on right mouse button click - (89ccbac)
  • Staying on current table by click on "follow foreign key" when the foreign table lives in a different database - (8643172)
  • Some crashes found in uploaded crash reports - (7bed735)
  • Enable save button after changing default role per combobox - (508b139)
  • Support backtick quoted user roles, and some other TValueListEditor related bug fixes - (86ea19c)
  • A few compiler warnings - (c6dffe1)
  • Pre-select nothing in BOOL grid cell editor on PostgreSQL - (1895959)
  • Allow non existent SQLite files, only complain when its path does not exist - (02cf4cb)
  • Solution for #2431 breaks other stuff, reverting a part of it - (e940863)
  • Editing table data on mysql versions without generated column support - (32f3e6b)
  • EAbort crash when copying text from SynEdit without a highlighter - (6c219b9)
  • Missing anchors and autosize in user manager form - (91b90bc)
  • Reset tree refresh marker earlier, so SetActiveDatabase triggers events and hides the table + data tab after dropping tables - (d2c9c96)
  • Prevent crash due to unsupported edit-database feature on MS SQL - (68aeb96)
  • Clear data grid before indicating a broken or temporary table for which we get no columns from IS.COLUMNS - (b4ec223)
  • Populate SSH executable combo with only a global "ssh" command, do not add .exe files on Linux and macOS - (37f57ce)
  • Call to non existent inherited constructor version of TSQLBatch - (b2f4d5b)
  • TSQLBatch using backslash for escaping single quotes on all server types. Introduce server type specific TSQLBatch.FEscape char. - (e9af525)
  • Crash in SQL export to database for zero length SQL, plus upgrade old-style string handling - (056b5e9)
  • Do not delete selected SQL text from editor when trying to focus the position of erroneous SQL - (f5c5f33)
  • Crash after canceling query - (ee16571)

🚜 Refactor

  • Convert remaining latin1 unit to utf-8 - (85fb0bd)
  • Sync from master - (9727d53)
  • Revert most of what I did for #2424 - (3d547fd)
  • Prefer qAutoInc in SQLProvider over dedicated AutoIncName method - (2fbb779)
  • Simplify some more calls to Query() with the overloaded variants - (b0ab0fc)
  • Convert more TFeatureOrRequirement's to TQueryId - (9f21853)

Localize

  • Update compiled .mo translation files - (53f95d2)

Contributors

New Contributors ❀️

  •  
  • ↗️
Ontvangen β€” 8 Juni 2026 ⏭ Software

Extended Stable Updates for Desktop

βœ‡Google Chrome
8 Juni 2026 om 22:40

The Extended Stable channel has been updated to 148.0.7778.254 for Windows and Mac which will roll out over the coming days/weeks.


A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Daniel Yip
Google Chrome
  •  
  • ↗️

Stable Channel Update for Desktop

βœ‡Google Chrome
9 Juni 2026 om 02:51

The Stable channel has been updated to 149.0.7827.102/.103 for Windows andΒ Mac and 149.0.7827.102 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log


Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 74 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information

[N/A][516501794] Critical CVE-2026-11628: Use after free in Ozone. Reported by Google on 2026-05-25

[N/A][516674532] Critical CVE-2026-11629: Use after free in Ozone. Reported by Google on 2026-05-26

[N/A][516677924] Critical CVE-2026-11630: Use after free in File Input. Reported by Google on 2026-05-26

[N/A][516691130] Critical CVE-2026-11631: Use after free in Aura. Reported by Google on 2026-05-26

[N/A][516707881] Critical CVE-2026-11632: Use after free in TabStrip. Reported by Google on 2026-05-26

[N/A][516963272] Critical CVE-2026-11633: Use after free in Bluetooth. Reported by Google on 2026-05-27

[N/A][516975148] Critical CVE-2026-11634: Use after free in Gamepad. Reported by Google on 2026-05-27

[N/A][516987814] Critical CVE-2026-11635: Use after free in Bluetooth. Reported by Google on 2026-05-27

[N/A][517023053] Critical CVE-2026-11636: Use after free in Autofill. Reported by Google on 2026-05-27

[N/A][517040438] Critical CVE-2026-11637: Use after free in Views. Reported by Google on 2026-05-27

[N/A][517047197] Critical CVE-2026-11638: Use after free in Printing. Reported by Google on 2026-05-27

[N/A][517227707] Critical CVE-2026-11639: Use after free in Compositing. Reported by Google on 2026-05-27

[N/A][517339758] Critical CVE-2026-11640: Integer overflow in libyuv. Reported by Google on 2026-05-28

[N/A][517418936] Critical CVE-2026-11641: Use after free in Bluetooth. Reported by Google on 2026-05-28

[N/A][517678820] Critical CVE-2026-11642: Use after free in Web Apps. Reported by Google on 2026-05-29

[N/A][518006379] Critical CVE-2026-11643: Use after free in Proxy. Reported by Google on 2026-05-29

[N/A][518043597] Critical CVE-2026-11644: Use after free in Views. Reported by Google on 2026-05-30

[$55000][506689381] High CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3 on 2026-04-27

[$500][517168239] High CVE-2026-11646: Use after free in ViewTransitions. Reported by Quac Tran on 2026-05-27

[N/A][502156940] High CVE-2026-11647: Use after free in Printing. Reported by Google on 2026-04-13

[N/A][506684534] High CVE-2026-11648: Use after free in FullScreen. Reported by Mihnea Nicolau on 2026-04-27

[N/A][511270083] High CVE-2026-11649: Use after free in V8. Reported by Google on 2026-05-08

[N/A][511279942] High CVE-2026-11650: Use after free in V8. Reported by Google on 2026-05-08

[N/A][511736002] High CVE-2026-11651: Use after free in Network. Reported by Google on 2026-05-10

[N/A][513156160] High CVE-2026-11652: Use after free in Extensions. Reported by Google on 2026-05-14

[N/A][513321171] High CVE-2026-11653: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-14

[N/A][513362710] High CVE-2026-11654: Use after free in CameraCapture. Reported by Google on 2026-05-15

[N/A][513396305] High CVE-2026-11655: Integer overflow in Media. Reported by Google on 2026-05-15

[N/A][513424000] High CVE-2026-11656: Use after free in ServiceWorker. Reported by Google on 2026-05-15

[N/A][513465272] High CVE-2026-11657: Use after free in Payments. Reported by Google on 2026-05-15

[N/A][513564337] High CVE-2026-11658: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-15

[N/A][513702971] High CVE-2026-11659: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-16

[N/A][513731890] High CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-16

[N/A][513748868] High CVE-2026-11661: Use after free in Views. Reported by Google on 2026-05-16

[N/A][513773313] High CVE-2026-11662: Type Confusion in Bindings. Reported by Google on 2026-05-16

[N/A][513820666] High CVE-2026-11663: Use after free in Skia. Reported by Google on 2026-05-16

[N/A][513830374] High CVE-2026-11664: Use after free in Payments. Reported by Google on 2026-05-16

[N/A][513948465] High CVE-2026-11665: Out of bounds read in Dawn. Reported by Google on 2026-05-17

[N/A][514009323] High CVE-2026-11666: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-17

[N/A][514671098] High CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google on 2026-05-19

[N/A][515419790] High CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google on 2026-05-21

[N/A][515429352] High CVE-2026-11669: Integer overflow in Media. Reported by Google on 2026-05-21

[N/A][515469283] High CVE-2026-11670: Use after free in PDF. Reported by Google on 2026-05-21

[N/A][516608438] High CVE-2026-11671: Use after free in Navigation. Reported by Google on 2026-05-26

[N/A][516794471] High CVE-2026-11672: Out of bounds write in GPU. Reported by Google on 2026-05-26

[N/A][516902973] High CVE-2026-11673: Use after free in InterestGroups. Reported by Google on 2026-05-26

[N/A][516910450] High CVE-2026-11674: Use after free in Guest View. Reported by Google on 2026-05-27

[N/A][516915337] High CVE-2026-11675: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-05-27

[N/A][516949298] High CVE-2026-11676: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27

[N/A][516979551] High CVE-2026-11677: Race in Network. Reported by Google on 2026-05-27

[N/A][516986556] High CVE-2026-11678: Integer overflow in libyuv. Reported by Google on 2026-05-27

[N/A][516997135] High CVE-2026-11679: Use after free in Codecs. Reported by Google on 2026-05-27

[N/A][517004487] High CVE-2026-11680: Use after free in Media. Reported by Google on 2026-05-27

[N/A][517050585] High CVE-2026-11681: Use after free in Ozone. Reported by Google on 2026-05-27

[N/A][517103584] High CVE-2026-11682: Insufficient validation of untrusted input in Views. Reported by Google on 2026-05-27

[N/A][517129549] High CVE-2026-11683: Use after free in WebCodecs. Reported by Google on 2026-05-27

[N/A][517130229] High CVE-2026-11684: Insufficient policy enforcement in Network. Reported by Google on 2026-05-27

[N/A][517183713] High CVE-2026-11685: Insufficient data validation in MediaCapture. Reported by Google on 2026-05-27

[N/A][517247333] High CVE-2026-11686: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27

[N/A][517303276] High CVE-2026-11687: Use after free in Dawn. Reported by Google on 2026-05-28

[N/A][517309206] High CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google on 2026-05-28

[N/A][517486004] High CVE-2026-11689: Insufficient validation of untrusted input in Passwords. Reported by Google on 2026-05-28

[N/A][517533654] High CVE-2026-11690: Out of bounds read and write in Media. Reported by Google on 2026-05-28

[N/A][517585486] High CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-28

[N/A][517607902] High CVE-2026-11692: Use after free in Read Anything. Reported by Google on 2026-05-28

[N/A][517644287] High CVE-2026-11693: Inappropriate implementation in Plugins. Reported by Google on 2026-05-28

[N/A][517705966] High CVE-2026-11694: Use after free in ServiceWorker. Reported by Google on 2026-05-29

[N/A][517762104] High CVE-2026-11695: Inappropriate implementation in Passwords. Reported by Google on 2026-05-29

[N/A][517993381] High CVE-2026-11696: Uninitialized Use in Video. Reported by Google on 2026-05-29

[N/A][518105731] High CVE-2026-11697: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-30

[N/A][518235412] High CVE-2026-11698: Use after free in Bluetooth. Reported by Google on 2026-05-30

[N/A][518237527] High CVE-2026-11699: Use after free in Bluetooth. Reported by Google on 2026-05-30

[N/A][511732085] Medium CVE-2026-11700: Use after free in Tracing. Reported by Google on 2026-05-10

[N/A][516413817] Medium CVE-2026-11701: Insufficient validation of untrusted input in Guest View. Reported by Google on 2026-05-25


Google is aware that an exploit for CVE-2026-11645 exists in the wild.


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.


Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.


Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Daniel Yip

Google Chrome

  •  
  • ↗️
Ontvangen β€” 4 Juni 2026 ⏭ Software

2.7.2

βœ‡MPC-HC
Door: clsid2
16 Juni 2026 om 21:17

Changes from 2.7.1 to 2.7.2:

Updates:

  • Updated LAV Filters to version 0.81-23-g6fadb
  • Updated MPC Video Renderer to version 0.10.2.2540
  • Updated MediaInfo DLL to version 26.05
  • Updated MPC Audio Renderer

Fixes:

  • Several crash fixes, bug fixes and small improvements.

  •  
  • ↗️

CPU-Z 2.20.2

βœ‡CPU-Z
4 Juni 2026 om 18:00
  • Intel Arc G3 and G3 Extreme (Panther Lake)(2.20.2).
  • AMD Ryzen 7 7700X3D (Raphael) (2.20.1).
  • AMD Ryzen AI Max+ 495, 492, 488 (Gorgon Halo).
  • AMD Ryzen AI Max 490, 485 (Gorgon Halo).
  • AMD Ryzen AI Max PRO 495, 490, 485, 480 (Gorgon Halo).
  • AMD Ryzen 9 9950X3D2 (Granite Ridge).
  • AMD Ryzen 9 PRO 9965X3D, PRO 9945 (Granite Ridge).
  • AMD Ryzen 7 PRO 9755, PRO 9745 (Granite Ridge).
  • AMD Ryzen 5 PRO 9645 (Granite Ridge).
  • AMD Ryzen AI 7/PRO 450G/GE (Gorgon Point 2).
  • AMD Ryzen AI 5/PRO 440G/GE (Gorgon Point 2).
  • AMD Ryzen AI 5/PRO 435G/GE (Gorgon Point 3).
  • AMD Ryzen AI Max+ 392 (Strix Halo).
  • Intel Core Ultra 5 250KF Plus (Arrow Lake Refresh).
  • Intel Core 7 360 and 350 (Wildcat Lake).
  • Intel Core 5 330, 320 and 315 (Wildcat Lake).
  • Intel Core 3 304 (Wildcat Lake).
  • Intel Core 9 273PQE, 273PTE, 273PE (Bartlett Lake).
  • Intel Core 7 253PQE, 253PTE, 253PE, 251TE, 251E (Bartlett Lake).
  • Intel Core 5 223PQE, 223PTE, 223PE, 221TE, 221E, 213PTE, 213PE, 211TE, 211E (Bartlett Lake).
  • Intel Core 3 201TE, 201E (Bartlett Lake).
  • Intel Arc Pro B70 and B65 (BMG-G31).
  • Intel Arc Pro B60 and B50 (BMG-G21).
  • Support of HUDIMM and HSODIMM memory modules.
  •  
  • ↗️

FileZilla Client 3.70.6 released

βœ‡FileZilla
Door: Tim Kosse
4 Juni 2026 om 17:16

New features:

  • SFTP: Added compatibility flag to Site Manager to ignore invalid bits in file attributes flags received from non-compliant servers

Bugfixes and minor changes:

  • SFTP: Updated to fzssh 1.3.0
  • Updated to libfilezilla 0.56.1
  • Removed autodetection of FTP server type governing the remote path syntax. Exotic server types now need to be set explicitly on the advanced page in the Site Manager
  •  
  • ↗️

Paint.NET 5.2 Alpha (build 9650)

βœ‡Paint.net
Door: Rick Brewster
4 Juni 2026 om 00:02

​

This is an updated alpha build for 5.2 that fixes some more bugs and crashes.

You can read more about 5.2 and what it includes by reading the release notes for the first alpha.

Change Log

Changes since 5.2 Alpha (build 9641):

  • Fixed an issue when drawing at the edge of the canvas viewport that would cause it to freeze and then jump all the way to the far edge of the canvas
  • Fixed an issue when drawing a selection using the intersect combine mode that would make the selection disappear and cause other weird issues with history (undo/redo).
  • Fixed the Move Selected Pixels tool setting color values to 0 for transparent pixels when not necessary (just moving without scaling/rotation, nearest neighbor sampling, etc.). Bug was reported here by @frio.
  • Fixed clipboard images accessed by plugins not always having a non-null ColorContext property. This property can still be null in some cases (e.g. alpha-only pixel formats). Reported here by @_koh_.
  • Optimized the compositing code for the Move Selected Pixels tool. The improvement is most noticeable on CPUs with AVX2 (not AVX512) which are not already bottlenecked by the GPU’s rendering.
  • Fixed a rare crash that could happen while switching tools while also changing the color

Download and Install

This build is available via the built-in updater as long as you have opted-in to pre-release updates. From within Settings -> Updates, enable β€œAlso check for pre-release (beta) versions of paint.net” and then click on the Check Now button. You can also use the links below to download an offline installer or portable ZIP.

You can also download the installer here (for any supported CPU and OS), which is also where you can find downloads for offline installers, portable ZIPs, and deployable MSIs.

​

  •  
  • ↗️

Extended Stable Updates for Desktop

βœ‡Google Chrome
3 Juni 2026 om 18:20

Β The Extended Stable channel has been updated to 148.0.7778.254Β for Windows and Mac which will roll out over the coming days/weeks.


A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista
Google Chrome
  •  
  • ↗️
Ontvangen β€” 2 Juni 2026 ⏭ Software

Stable Channel Update for Desktop

βœ‡Google Chrome
5 Juni 2026 om 00:27

The Chrome team is delighted to announce the promotion of Chrome 149 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 149.0.7827.53 (Linux)Β 149.0.7827.53/54Β Windows/Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 149.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.


This update includes 429 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.


[$97000][498904293] Critical CVE-2026-10881: Out of bounds read and write in ANGLE. Reported by Anonymous on 2026-04-02

[$43000][503420443] Critical CVE-2026-10882: Use after free in Network. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-17

[$5000][503768143] Critical CVE-2026-10883: Out of bounds write in ANGLE. Reported by Maher Azzouzi on 2026-04-17

[N/A][503617302] Critical CVE-2026-10884: Use after free in Chromecast. Reported by Google on 2026-04-17

[N/A][504072665] Critical CVE-2026-10885: Use after free in Chrome for iOS. Reported by Google on 2026-04-18

[TBD][505096898] Critical CVE-2026-10886: Use after free in FileSystem. Reported by Andrew Boni on 2026-04-21

[N/A][505204771] Critical CVE-2026-10887: Use after free in Chromoting. Reported by Google on 2026-04-22

[N/A][505815080] Critical CVE-2026-10888: Use after free in Cast Streaming. Reported by Google on 2026-04-23

[N/A][513003797] Critical CVE-2026-10889: Out of bounds read in ANGLE. Reported by Google on 2026-05-14

[N/A][513136593] Critical CVE-2026-10890: Use after free in Cast. Reported by Google on 2026-05-14

[N/A][513160681] Critical CVE-2026-10891: Use after free in GFX. Reported by Google on 2026-05-14

[N/A][513165325] Critical CVE-2026-10892: Out of bounds write in GPU. Reported by Google on 2026-05-14

[N/A][513231432] Critical CVE-2026-10893: Use after free in Chromoting. Reported by Google on 2026-05-14

[N/A][513445101] Critical CVE-2026-10894: Use after free in Printing. Reported by Google on 2026-05-15

[N/A][513454018] Critical CVE-2026-10895: Use after free in Ozone. Reported by Google on 2026-05-15

[N/A][513514692] Critical CVE-2026-10896: Use after free in Chrome for iOS. Reported by Google on 2026-05-15

[N/A][513543143] Critical CVE-2026-10897: Out of bounds write in GPU. Reported by Google on 2026-05-15

[N/A][513946753] Critical CVE-2026-10898: Stack buffer overflow in GPU. Reported by Google on 2026-05-17

[N/A][516653777] Critical CVE-2026-10899: Use after free in Ozone. Reported by Google on 2026-05-26

[N/A][516878683] Critical CVE-2026-10900: Use after free in Passwords. Reported by Google on 2026-05-26

[N/A][516957738] Critical CVE-2026-10901: Use after free in Passwords. Reported by Google on 2026-05-27

[N/A][517046249] Critical CVE-2026-10902: Use after free in Ozone. Reported by Google on 2026-05-27

[$11000][503422316] High CVE-2026-10903: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-17

[$8000][506855825] High CVE-2026-10904: Inappropriate implementation in V8. Reported by 303f06e3 on 2026-04-27

[$5000][487357841] High CVE-2026-10905: Use after free in Network. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-25

[$3000][503420438] High CVE-2026-10906: Use after free in WebAuthentication. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-17

[$2000][489071023] High CVE-2026-10907: Out of bounds write in ANGLE. Reported by sweetchip on 2026-03-02

[$2000][505045913] High CVE-2026-10908: Use after free in FullScreen. Reported by Mihnea Nicolau on 2026-04-21

[$1000][508092644] High CVE-2026-10909: Use after free in Dawn. Reported by whiter@xuanyusec on 2026-04-30

[$500][508811477] High CVE-2026-10910: Type Confusion in V8. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-05-02

[N/A][495819067] High CVE-2026-10911: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-24

[N/A][496614553] High CVE-2026-10912: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-03-26

[N/A][497450927] High CVE-2026-10913: Use after free in ANGLE. Reported by Google on 2026-03-29

[N/A][497574371] High CVE-2026-10914: Use after free in ANGLE. Reported by Google on 2026-03-30

[N/A][497612174] High CVE-2026-10915: Use after free in Core. Reported by Google on 2026-03-30

[N/A][497643690] High CVE-2026-10916: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-30

[N/A][497929481] High CVE-2026-10917: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-30

[N/A][498259721] High CVE-2026-10918: Use after free in Viz. Reported by Google on 2026-03-31

[N/A][498872764] High CVE-2026-10919: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498977444] High CVE-2026-10920: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-04-02

[N/A][499159695] High CVE-2026-10921: Integer overflow in Dawn. Reported by Google on 2026-04-03

[N/A][499164652] High CVE-2026-10922: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-04-03

[N/A][499423683] High CVE-2026-10923: Use after free in WebAppInstalls. Reported by Google on 2026-04-04

[N/A][500055357] High CVE-2026-10924: Integer overflow in Chromecast. Reported by Google on 2026-04-06

[N/A][500071763] High CVE-2026-10925: Out of bounds write in Skia. Reported by Google on 2026-04-06

[N/A][500075522] High CVE-2026-10926: Use after free in Cast. Reported by Google on 2026-04-06

[N/A][500090141] High CVE-2026-10927: Out of bounds read in Dawn. Reported by Google on 2026-04-06

[N/A][500124367] High CVE-2026-10928: Script injection in Headless. Reported by Google on 2026-04-06

[N/A][500429259] High CVE-2026-10929: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500472605] High CVE-2026-10930: Out of bounds read in ANGLE. Reported by Google on 2026-04-07

[TBD][501115599] High CVE-2026-10931: Use after free in FileSystem. Reported by asjidkalam on 2026-04-10

[N/A][501335606] High CVE-2026-10932: Use after free in UI. Reported by Google on 2026-04-10

[N/A][501557633] High CVE-2026-10933: Use after free in Audio. Reported by Google on 2026-04-11

[N/A][501594107] High CVE-2026-10934: Use after free in Autofill. Reported by Google on 2026-04-11

[N/A][501898683] High CVE-2026-10935: Inappropriate implementation in V8. Reported by Google on 2026-04-12

[N/A][502439789] High CVE-2026-10936: Type Confusion in V8. Reported by Google on 2026-04-14

[N/A][502651056] High CVE-2026-10937: Inappropriate implementation in Passwords. Reported by Google on 2026-04-14

[N/A][502681591] High CVE-2026-10938: Insufficient validation of untrusted input in Input. Reported by Google on 2026-04-14

[N/A][503502607] High CVE-2026-10939: Use after free in WebRTC. Reported by Google on 2026-04-17

[N/A][503879873] High CVE-2026-10940: Race in Codecs. Reported by Google on 2026-04-17

[N/A][503958940] High CVE-2026-10941: Out of bounds memory access in Skia. Reported by Google on 2026-04-18

[N/A][504104263] High CVE-2026-10942: Insufficient validation of untrusted input in UI. Reported by Google on 2026-04-18

[TBD][504194151] High CVE-2026-10943: Use after free in WebRTC. Reported by Rayyan Kadar on 2026-04-20

[N/A][504215814] High CVE-2026-10944: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-19

[N/A][504417768] High CVE-2026-10945: Use after free in PDF. Reported by Google on 2026-04-20

[N/A][504587797] High CVE-2026-10946: Heap buffer overflow in Media. Reported by Google on 2026-04-20

[N/A][504597736] High CVE-2026-10947: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][504599749] High CVE-2026-10948: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][504644843] High CVE-2026-10949: Heap buffer overflow in Video. Reported by Google on 2026-04-20

[N/A][505123022] High CVE-2026-10950: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-21

[N/A][505191883] High CVE-2026-10951: Use after free in Autofill. Reported by Google on 2026-04-22

[N/A][505231370] High CVE-2026-10952: Use after free in Chrome for iOS. Reported by Google on 2026-04-22

[N/A][506147564] High CVE-2026-10953: Use after free in Core. Reported by Google on 2026-04-24

[N/A][506150628] High CVE-2026-10954: Use after free in Actor. Reported by Google on 2026-04-24

[N/A][506374676] High CVE-2026-10955: Type Confusion in ANGLE. Reported by Google on 2026-04-25

[N/A][506375731] High CVE-2026-10956: Use after free in MimeHandlerView. Reported by Google on 2026-04-25

[N/A][506377279] High CVE-2026-10957: Use after free in Glic. Reported by Google on 2026-04-25

[N/A][507251069] High CVE-2026-10958: Use after free in Chrome for iOS. Reported by Google on 2026-04-28

[N/A][507258648] High CVE-2026-10959: Use after free in Input. Reported by Google on 2026-04-28

[N/A][507258786] High CVE-2026-10960: Uninitialized Use in Codecs. Reported by Google on 2026-04-28

[N/A][508281950] High CVE-2026-10961: Use after free in Chrome for iOS. Reported by Google on 2026-04-30

[N/A][511006880] High CVE-2026-10962: Type Confusion in Media. Reported by Google on 2026-05-08

[N/A][511218177] High CVE-2026-10963: Integer overflow in V8. Reported by Google on 2026-05-08

[N/A][511228272] High CVE-2026-10964: Integer overflow in V8. Reported by Google on 2026-05-08

[N/A][511290038] High CVE-2026-10965: Integer overflow in DevTools. Reported by Google on 2026-05-08

[N/A][511713779] High CVE-2026-10966: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-05-10

[N/A][511714900] High CVE-2026-10967: Use after free in SurfaceCapture. Reported by Google on 2026-05-10

[N/A][511758373] High CVE-2026-10968: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-10

[N/A][511765713] High CVE-2026-10969: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-10

[N/A][512772489] High CVE-2026-10970: Insufficient validation of untrusted input in InterestGroups. Reported by Google on 2026-05-13

[N/A][513005991] High CVE-2026-10971: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-05-14

[N/A][513006660] High CVE-2026-10972: Use after free in Ozone. Reported by Google on 2026-05-14

[N/A][513042859] High CVE-2026-10973: Uninitialized Use in Dawn. Reported by Google on 2026-05-14

[N/A][513135862] High CVE-2026-10974: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-14

[N/A][513154132] High CVE-2026-10975: Use after free in WebRTC. Reported by Google on 2026-05-14

[N/A][513249847] High CVE-2026-10976: Uninitialized Use in Dawn. Reported by Google on 2026-05-14

[N/A][513340227] High CVE-2026-10977: Uninitialized Use in Skia. Reported by Google on 2026-05-14

[N/A][513394258] High CVE-2026-10978: Use after free in Chromoting. Reported by Google on 2026-05-15

[N/A][513468021] High CVE-2026-10979: Out of bounds read in ANGLE. Reported by Google on 2026-05-15

[N/A][513713927] High CVE-2026-10980: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16

[N/A][513762354] High CVE-2026-10981: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-05-16

[N/A][513774197] High CVE-2026-10982: Use after free in WebXR. Reported by Google on 2026-05-16

[N/A][513947609] High CVE-2026-10983: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-17

[N/A][514022635] High CVE-2026-10984: Inappropriate implementation in Accessibility. Reported by Google on 2026-05-17

[N/A][514082801] High CVE-2026-10985: Out of bounds read in Skia. Reported by Google on 2026-05-17

[N/A][514744613] High CVE-2026-10986: Integer overflow in Media. Reported by Google on 2026-05-19

[N/A][515431687] High CVE-2026-10987: Integer overflow in V8. Reported by Google on 2026-05-21

[N/A][515465685] High CVE-2026-10988: Use after free in Views. Reported by Google on 2026-05-21

[N/A][516311623] High CVE-2026-10989: Inappropriate implementation in V8. Reported by Google on 2026-05-25

[$4000][506311914] Medium CVE-2026-10990: Use after free in Glic. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-25

[$3000][503553614] Medium CVE-2026-10991: Use after free in V8. Reported by Alisa Esage (@alisaesage) on 2026-04-17

[$2000][493534964] Medium CVE-2026-10992: Insufficient data validation in Animation. Reported by heapracer (@heapracer) on 2026-03-17

[$2000][504160794] Medium CVE-2026-10993: Heap buffer overflow in Skia. Reported by M. Fauzan Wijaya (Gh05t666nero) on 2026-04-19

[$2000][504820809] Medium CVE-2026-10994: Uninitialized Use in ANGLE. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-04-21

[$2000][505371980] Medium CVE-2026-10995: Heap buffer overflow in TabStrip. Reported by Sven Dysthe (@svn-dys) on 2026-04-22

[TBD][40051700] Medium CVE-2026-10996: Inappropriate implementation in Workers. Reported by Jayateertha Guruprasad on 2024-12-23

[TBD][464217867] Medium CVE-2026-10997: Insufficient policy enforcement in Extensions. Reported by djallalakira@gmail.com on 2025-11-28

[TBD][486536242] Medium CVE-2026-10998: Out of bounds read in Media. Reported by Ameen Basha M K on 2026-02-22

[TBD][489369089] Medium CVE-2026-10999: Out of bounds memory access in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04

[TBD][492374380] Medium CVE-2026-11000: Use after free in Fonts. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13

[N/A][493691489] Medium CVE-2026-11001: Incorrect security UI in Payments. Reported by Google on 2026-03-18

[TBD][494740162] Medium CVE-2026-11002: Use after free in Autofill. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-21

[TBD][494823867] Medium CVE-2026-11003: Use after free in WebRTC. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2026-03-21

[TBD][494823889] Medium CVE-2026-11004: Out of bounds read in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-22

[TBD][495052581] Medium CVE-2026-11005: Out of bounds read in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-22

[N/A][495489174] Medium CVE-2026-11006: Out of bounds read in Dawn. Reported by Google on 2026-03-23

[N/A][495834228] Medium CVE-2026-11007: Insufficient validation of untrusted input in WebView. Reported by Google on 2026-03-24

[N/A][495864099] Medium CVE-2026-11008: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-24

[N/A][496233132] Medium CVE-2026-11009: Use after free in USB. Reported by Google on 2026-03-25

[TBD][496266444] Medium CVE-2026-11010: Use after free in WebShare. Reported by David Sievers on 2026-03-26

[N/A][496702621] Medium CVE-2026-11011: Insufficient policy enforcement in Password Manager. Reported by Google on 2026-03-26

[N/A][497000161] Medium CVE-2026-11012: Use after free in Serial. Reported by Google on 2026-03-27

[N/A][497056412] Medium CVE-2026-11013: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-28

[N/A][497058611] Medium CVE-2026-11014: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-28

[TBD][497183443] Medium CVE-2026-11015: Out of bounds read in WebGPU. Reported by Yuma Takeuchi on 2026-03-29

[N/A][497278395] Medium CVE-2026-11016: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-28

[N/A][497336872] Medium CVE-2026-11017: Inappropriate implementation in Link Preview. Reported by Google on 2026-03-29

[N/A][497342466] Medium CVE-2026-11018: Insufficient policy enforcement in Actor. Reported by Google on 2026-03-29

[N/A][497344640] Medium CVE-2026-11019: Inappropriate implementation in Payments. Reported by Google on 2026-03-29

[N/A][497440270] Medium CVE-2026-11020: Inappropriate implementation in Extensions. Reported by Google on 2026-03-29

[N/A][497487755] Medium CVE-2026-11021: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-29

[N/A][497532918] Medium CVE-2026-11022: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-29

[N/A][497538899] Medium CVE-2026-11023: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-29

[N/A][497591594] Medium CVE-2026-11024: Stack buffer overflow in Skia. Reported by Google on 2026-03-30

[N/A][497595264] Medium CVE-2026-11025: Insufficient policy enforcement in Navigation. Reported by Google on 2026-03-30

[N/A][497599683] Medium CVE-2026-11026: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-30

[N/A][497604407] Medium CVE-2026-11027: Insufficient validation of untrusted input in Glic. Reported by Google on 2026-03-30

[N/A][497627277] Medium CVE-2026-11028: Use after free in Media. Reported by Google on 2026-03-30

[N/A][497651688] Medium CVE-2026-11029: Insufficient validation of untrusted input in Drag and Drop. Reported by Google on 2026-03-30

[N/A][497722502] Medium CVE-2026-11030: Use after free in Network. Reported by Google on 2026-03-30

[N/A][497748760] Medium CVE-2026-11031: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-03-30

[N/A][497831111] Medium CVE-2026-11032: Insufficient data validation in Password Manager. Reported by Google on 2026-03-30

[N/A][497926664] Medium CVE-2026-11033: Uninitialized Use in WebML. Reported by Google on 2026-03-30

[N/A][497934980] Medium CVE-2026-11034: Insufficient validation of untrusted input in Tab Group Sync. Reported by Google on 2026-03-30

[N/A][497936421] Medium CVE-2026-11035: Insufficient validation of untrusted input in Custom Tabs. Reported by Google on 2026-03-30

[N/A][497964917] Medium CVE-2026-11036: Inappropriate implementation in DOM. Reported by Google on 2026-03-30

[N/A][497971287] Medium CVE-2026-11037: Out of bounds write in Codecs. Reported by Google on 2026-03-31

[N/A][498080391] Medium CVE-2026-11038: Insufficient validation of untrusted input in Subresource Integrity. Reported by Google on 2026-03-31

[N/A][498204112] Medium CVE-2026-11039: Uninitialized Use in Skia. Reported by Google on 2026-03-31

[N/A][498371085] Medium CVE-2026-11040: Use after free in ANGLE. Reported by Google on 2026-04-01

[N/A][498700369] Medium CVE-2026-11041: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-01

[N/A][498720094] Medium CVE-2026-11042: Use after free in Views. Reported by Google on 2026-04-01

[N/A][498721316] Medium CVE-2026-11043: Out of bounds write in ANGLE. Reported by Google on 2026-04-01

[N/A][498724803] Medium CVE-2026-11044: Integer overflow in ANGLE. Reported by Google on 2026-04-01

[N/A][498727111] Medium CVE-2026-11045: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-01

[N/A][498728857] Medium CVE-2026-11046: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-01

[N/A][498768132] Medium CVE-2026-11047: Insufficient validation of untrusted input in Base. Reported by Google on 2026-04-02

[N/A][498808432] Medium CVE-2026-11048: Inappropriate implementation in Extensions. Reported by Google on 2026-04-02

[N/A][498815068] Medium CVE-2026-11049: Use after free in Password Manager. Reported by Google on 2026-04-02

[N/A][498818402] Medium CVE-2026-11050: Use after free in V8. Reported by Google on 2026-04-02

[TBD][498828605] Medium CVE-2026-11051: Out of bounds read in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-02

[N/A][498834967] Medium CVE-2026-11052: Type Confusion in GPU. Reported by Google on 2026-04-02

[N/A][498841456] Medium CVE-2026-11053: VULNERABILITY in WebRTC. Reported by Google on 2026-04-02

[N/A][498845284] Medium CVE-2026-11054: Use after free in WebRTC. Reported by Google on 2026-04-02

[N/A][498881735] Medium CVE-2026-11055: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498887785] Medium CVE-2026-11056: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-04-02

[N/A][498951946] Medium CVE-2026-11057: Uninitialized Use in Skia. Reported by Google on 2026-04-02

[N/A][498986406] Medium CVE-2026-11058: Integer overflow in CredentialProvider. Reported by Google on 2026-04-02

[N/A][498991983] Medium CVE-2026-11059: Use after free in Blink. Reported by Google on 2026-04-02

[N/A][499018355] Medium CVE-2026-11060: Use after free in Media. Reported by Google on 2026-04-02

[N/A][499031961] Medium CVE-2026-11061: Out of bounds read in ANGLE. Reported by Google on 2026-04-02

[N/A][499033012] Medium CVE-2026-11062: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-02

[N/A][499051067] Medium CVE-2026-11063: Insufficient validation of untrusted input in WebNN. Reported by Google on 2026-04-02

[N/A][499075743] Medium CVE-2026-11064: Uninitialized Use in GPU. Reported by Google on 2026-04-02

[N/A][499093536] Medium CVE-2026-11065: Use after free in ANGLE. Reported by Google on 2026-04-03

[N/A][499124128] Medium CVE-2026-11066: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-03

[N/A][499140183] Medium CVE-2026-11067: Uninitialized Use in Dawn. Reported by Google on 2026-04-03

[N/A][499194333] Medium CVE-2026-11068: Use after free in WebSockets. Reported by Google on 2026-04-03

[N/A][499213367] Medium CVE-2026-11069: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-04-03

[N/A][499225384] Medium CVE-2026-11070: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-03

[N/A][499227659] Medium CVE-2026-11071: Use after free in Base. Reported by Google on 2026-04-03

[N/A][499238195] Medium CVE-2026-11072: Use after free in WebView. Reported by Google on 2026-04-03

[N/A][499365904] Medium CVE-2026-11073: Use after free in WebGL. Reported by Google on 2026-04-03

[TBD][499587071] Medium CVE-2026-11074: Use after free in WebRTC. Reported by boboliverfrancishoward@gmail.com on 2026-04-05

[TBD][499659070] Medium CVE-2026-11075: Out of bounds read in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab on 2026-04-06

[N/A][499784386] Medium CVE-2026-11076: Type Confusion in CSS. Reported by Google on 2026-04-05

[TBD][499908918] Medium CVE-2026-11077: Out of bounds read in Dawn. Reported by Anonymous on 2026-04-06

[TBD][499917177] Medium CVE-2026-11078: Insufficient validation of untrusted input in FileSystem. Reported by Eran Rom of Palo Alto Networks on 2026-04-06

[N/A][500028989] Medium CVE-2026-11079: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-06

[N/A][500032538] Medium CVE-2026-11080: Use after free in WebView. Reported by Google on 2026-04-06

[N/A][500076131] Medium CVE-2026-11081: Policy bypass in Canvas. Reported by Google on 2026-04-06

[N/A][500079715] Medium CVE-2026-11082: Use after free in GPU. Reported by Google on 2026-04-06

[N/A][500095743] Medium CVE-2026-11083: Inappropriate implementation in Password Manager. Reported by Google on 2026-04-06

[N/A][500124500] Medium CVE-2026-11084: Inappropriate implementation in Password Manager. Reported by Google on 2026-04-06

[N/A][500132379] Medium CVE-2026-11085: Integer overflow in GPU. Reported by Google on 2026-04-06

[N/A][500140111] Medium CVE-2026-11086: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-04-07

[N/A][500140149] Medium CVE-2026-11087: Uninitialized Use in ANGLE. Reported by Google on 2026-04-07

[N/A][500144879] Medium CVE-2026-11088: Integer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500154880] Medium CVE-2026-11089: Uninitialized Use in Media. Reported by Google on 2026-04-07

[N/A][500161302] Medium CVE-2026-11090: Uninitialized Use in ANGLE. Reported by Google on 2026-04-07

[N/A][500162791] Medium CVE-2026-11091: Inappropriate implementation in Dawn. Reported by Google on 2026-04-07

[N/A][500170887] Medium CVE-2026-11092: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-07

[N/A][500172365] Medium CVE-2026-11093: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-04-07

[N/A][500174874] Medium CVE-2026-11094: Use after free in Codecs. Reported by Google on 2026-04-07

[N/A][500293394] Medium CVE-2026-11095: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-07

[N/A][500296311] Medium CVE-2026-11096: Out of bounds read in WebRTC. Reported by Google on 2026-04-07

[N/A][500311718] Medium CVE-2026-11097: Inappropriate implementation in WebView. Reported by Google on 2026-04-07

[N/A][500315455] Medium CVE-2026-11098: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-07

[N/A][500414865] Medium CVE-2026-11099: Vulnerability in Skia. Reported by Google on 2026-04-07

[N/A][500416901] Medium CVE-2026-11100: Use after free in File Input. Reported by Google on 2026-04-07

[N/A][500443031] Medium CVE-2026-11101: Uninitialized Use in Dawn. Reported by Google on 2026-04-07

[N/A][500468338] Medium CVE-2026-11102: Inappropriate implementation in Isolated Web Apps. Reported by Google on 2026-04-07

[N/A][500483038] Medium CVE-2026-11103: Inappropriate implementation in Installer. Reported by Google on 2026-04-07

[N/A][500501226] Medium CVE-2026-11104: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500505339] Medium CVE-2026-11105: Insufficient validation of untrusted input in WebUI. Reported by Google on 2026-04-08

[N/A][500508725] Medium CVE-2026-11106: Inappropriate implementation in Media. Reported by Google on 2026-04-08

[N/A][500510384] Medium CVE-2026-11107: Inappropriate implementation in Downloads. Reported by Google on 2026-04-08

[N/A][500517053] Medium CVE-2026-11108: Inappropriate implementation in NFC. Reported by Google on 2026-04-08

[N/A][500524833] Medium CVE-2026-11109: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500528864] Medium CVE-2026-11110: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500530720] Medium CVE-2026-11111: Out of bounds read in ANGLE. Reported by Google on 2026-04-08

[N/A][500541413] Medium CVE-2026-11112: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-08

[N/A][500560764] Medium CVE-2026-11113: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-08

[N/A][501360342] Medium CVE-2026-11114: Use after free in Device Trust. Reported by Google on 2026-04-10

[N/A][501370283] Medium CVE-2026-11115: Use after free in Updater. Reported by Google on 2026-04-10

[N/A][501376612] Medium CVE-2026-11116: Use after free in Chromoting. Reported by Google on 2026-04-10

[N/A][501403820] Medium CVE-2026-11117: Use after free in Views. Reported by Google on 2026-04-10

[N/A][501424047] Medium CVE-2026-11118: Use after free in WebRTC. Reported by Google on 2026-04-10

[N/A][501461853] Medium CVE-2026-11119: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-10

[N/A][501467566] Medium CVE-2026-11120: Insufficient validation of untrusted input in Enterprise Reporting. Reported by Google on 2026-04-10

[N/A][501483855] Medium CVE-2026-11121: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-04-10

[N/A][501485453] Medium CVE-2026-11122: Inappropriate implementation in Keyboard. Reported by Google on 2026-04-10

[N/A][501505198] Medium CVE-2026-11123: Uninitialized Use in ANGLE. Reported by Google on 2026-04-10

[N/A][501511299] Medium CVE-2026-11124: Heap buffer overflow in Skia. Reported by Google on 2026-04-10

[N/A][501517520] Medium CVE-2026-11125: Use after free in Compositing. Reported by Google on 2026-04-10

[N/A][501528031] Medium CVE-2026-11126: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-04-10

[N/A][501535295] Medium CVE-2026-11127: Inappropriate implementation in WebAPKs. Reported by Google on 2026-04-10

[N/A][501541341] Medium CVE-2026-11128: Insufficient validation of untrusted input in Web Share. Reported by Google on 2026-04-10

[N/A][501541962] Medium CVE-2026-11129: Inappropriate implementation in Extensions. Reported by Google on 2026-04-10

[N/A][501546443] Medium CVE-2026-11130: Use after free in Media. Reported by Google on 2026-04-11

[N/A][501561644] Medium CVE-2026-11131: Use after free in Autofill. Reported by Google on 2026-04-11

[N/A][501597365] Medium CVE-2026-11132: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501606085] Medium CVE-2026-11133: Insufficient policy enforcement in Paint. Reported by Google on 2026-04-11

[N/A][501640084] Medium CVE-2026-11134: Insufficient data validation in Media. Reported by Google on 2026-04-11

[N/A][501644835] Medium CVE-2026-11135: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-11

[TBD][501646327] Medium CVE-2026-11136: Use after free in Canvas. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-04-11

[N/A][501647943] Medium CVE-2026-11137: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][501650354] Medium CVE-2026-11138: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][501650594] Medium CVE-2026-11139: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501659253] Medium CVE-2026-11140: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-11

[N/A][501667839] Medium CVE-2026-11141: Uninitialized Use in Audio. Reported by Google on 2026-04-11

[N/A][501668745] Medium CVE-2026-11142: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501674219] Medium CVE-2026-11143: Heap buffer overflow in Extensions. Reported by Google on 2026-04-11

[N/A][501676175] Medium CVE-2026-11144: Use after free in Media. Reported by Google on 2026-04-11

[N/A][501683745] Medium CVE-2026-11145: Race in Geolocation. Reported by Google on 2026-04-11

[N/A][501709220] Medium CVE-2026-11146: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-11

[N/A][501731689] Medium CVE-2026-11147: Use after free in WebML. Reported by Google on 2026-04-11

[N/A][501738451] Medium CVE-2026-11148: Inappropriate implementation in Payments. Reported by Google on 2026-04-11

[N/A][501739206] Medium CVE-2026-11149: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-04-11

[N/A][501740299] Medium CVE-2026-11150: Inappropriate implementation in XML. Reported by Google on 2026-04-11

[N/A][501740323] Medium CVE-2026-11151: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-04-11

[N/A][501762953] Medium CVE-2026-11152: Object lifecycle issue in Dawn. Reported by Google on 2026-04-11

[N/A][501779840] Medium CVE-2026-11153: Side-channel information leakage in Forms. Reported by Google on 2026-04-12

[N/A][501789156] Medium CVE-2026-11154: Use after free in Dawn. Reported by Google on 2026-04-12

[N/A][501801823] Medium CVE-2026-11155: Insufficient policy enforcement in CSS. Reported by Google on 2026-04-12

[N/A][501810226] Medium CVE-2026-11156: Inappropriate implementation in CSS. Reported by Google on 2026-04-12

[N/A][501823385] Medium CVE-2026-11157: Script injection in Accessibility. Reported by Google on 2026-04-12

[N/A][501844153] Medium CVE-2026-11158: Insufficient validation of untrusted input in Downloads. Reported by Google on 2026-04-12

[N/A][501861921] Medium CVE-2026-11159: Uninitialized Use in Skia. Reported by Google on 2026-04-12

[N/A][501862016] Medium CVE-2026-11160: Out of bounds read in Input. Reported by Google on 2026-04-12

[N/A][501920294] Medium CVE-2026-11161: Insufficient data validation in DataTransfer. Reported by Google on 2026-04-12

[N/A][502035074] Medium CVE-2026-11162: Insufficient policy enforcement in CSS. Reported by Google on 2026-04-13

[N/A][502072755] Medium CVE-2026-11163: Use after free in Messages. Reported by Google on 2026-04-13

[N/A][502089411] Medium CVE-2026-11164: Use after free in Blink. Reported by Google on 2026-04-13

[N/A][502099949] Medium CVE-2026-11165: Use after free in WebMIDI. Reported by Google on 2026-04-13

[N/A][502118936] Medium CVE-2026-11166: Inappropriate implementation in SVG. Reported by Google on 2026-04-13

[N/A][502228856] Medium CVE-2026-11167: Inappropriate implementation in WebView. Reported by Google on 2026-04-13

[N/A][502256049] Medium CVE-2026-11168: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-13

[N/A][502285273] Medium CVE-2026-11169: Inappropriate implementation in XML. Reported by Google on 2026-04-13

[N/A][502322596] Medium CVE-2026-11170: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-13

[N/A][502322843] Medium CVE-2026-11171: Integer overflow in Blink. Reported by Google on 2026-04-13

[TBD][502328201] Medium CVE-2026-11172: Incorrect security UI in Contact Picker. Reported by mochazril.ti@gmail.com on 2026-04-14

[N/A][502337304] Medium CVE-2026-11173: Out of bounds write in V8. Reported by Google on 2026-04-14

[N/A][502348223] Medium CVE-2026-11174: Insufficient policy enforcement in Site Isolation. Reported by Google on 2026-04-14

[N/A][502368088] Medium CVE-2026-11175: Incorrect security UI in Messages. Reported by Google on 2026-04-14

[N/A][502371717] Medium CVE-2026-11176: Inappropriate implementation in Media. Reported by Google on 2026-04-14

[TBD][502449864] Medium CVE-2026-11177: Use after free in Omnibox. Reported by gevakun on 2026-04-14

[N/A][502501810] Medium CVE-2026-11178: Policy bypass in WebView. Reported by Google on 2026-04-14

[N/A][502615170] Medium CVE-2026-11179: Inappropriate implementation in ORB. Reported by Google on 2026-04-14

[N/A][502631225] Medium CVE-2026-11180: Policy bypass in SVG. Reported by Google on 2026-04-14

[N/A][502633299] Medium CVE-2026-11181: Inappropriate implementation in Media Session. Reported by Google on 2026-04-14

[N/A][502651014] Medium CVE-2026-11182: Inappropriate implementation in SVG. Reported by Google on 2026-04-14

[N/A][502768780] Medium CVE-2026-11183: Out of bounds read in GWP-ASan. Reported by Google on 2026-04-15

[N/A][502777516] Medium CVE-2026-11184: Insufficient policy enforcement in Actor. Reported by Google on 2026-04-15

[N/A][502784366] Medium CVE-2026-11185: Use after free in V8. Reported by Google on 2026-04-15

[N/A][502805170] Medium CVE-2026-11186: Inappropriate implementation in CSS. Reported by Google on 2026-04-15

[N/A][502819675] Medium CVE-2026-11187: Insufficient policy enforcement in Glic. Reported by Google on 2026-04-15

[N/A][502959826] Medium CVE-2026-11188: Use after free in USB. Reported by Google on 2026-04-15

[TBD][503197481] Medium CVE-2026-11189: Insufficient validation of untrusted input in DevTools. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab on 2026-04-16

[N/A][503375371] Medium CVE-2026-11190: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-16

[N/A][503392431] Medium CVE-2026-11191: Out of bounds memory access in ANGLE. Reported by Google on 2026-04-16

[N/A][503490678] Medium CVE-2026-11192: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-04-17

[N/A][503642586] Medium CVE-2026-11193: Insufficient policy enforcement in Password Manager. Reported by Google on 2026-04-17

[N/A][503719488] Medium CVE-2026-11194: Inappropriate implementation in Network. Reported by Google on 2026-04-17

[N/A][503865896] Medium CVE-2026-11195: Inappropriate implementation in MHTML. Reported by Google on 2026-04-17

[N/A][503879106] Medium CVE-2026-11196: Type Confusion in XML. Reported by Google on 2026-04-17

[TBD][504073872] Medium CVE-2026-11197: Insufficient policy enforcement in Workers. Reported by VEZEKA on 2026-04-19

[N/A][504395300] Medium CVE-2026-11198: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-20

[N/A][504572664] Medium CVE-2026-11199: Insufficient validation of untrusted input in WebRTC. Reported by Google on 2026-04-20

[N/A][504579798] Medium CVE-2026-11200: Inappropriate implementation in WebRTC. Reported by Google on 2026-04-20

[TBD][505068950] Medium CVE-2026-11201: Use after free in ServiceWorker. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-22

[N/A][505144022] Medium CVE-2026-11202: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-22

[N/A][505192638] Medium CVE-2026-11203: Policy bypass in GPU. Reported by Google on 2026-04-22

[N/A][505200733] Medium CVE-2026-11204: Inappropriate implementation in Signin. Reported by Google on 2026-04-22

[N/A][505290253] Medium CVE-2026-11205: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-22

[TBD][505427216] Medium CVE-2026-11206: Policy bypass in ServiceWorker. Reported by David Bors, Catalin Iovita on 2026-04-23

[N/A][506127858] Medium CVE-2026-11207: Insufficient validation of untrusted input in Autofill. Reported by Google on 2026-04-24

[N/A][506387278] Medium CVE-2026-11208: Use after free in Codecs. Reported by Google on 2026-04-25

[N/A][506391032] Medium CVE-2026-11209: Insufficient policy enforcement in Passwords. Reported by Google on 2026-04-25

[N/A][506473226] Medium CVE-2026-11210: Insufficient policy enforcement in Safe Browsing. Reported by Google on 2026-04-25

[N/A][506629455] Medium CVE-2026-11211: Integer overflow in V8. Reported by Google on 2026-04-26

[N/A][507216833] Medium CVE-2026-11212: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-28

[N/A][507382702] Medium CVE-2026-11213: Insufficient validation of untrusted input in Reading Mode. Reported by Google on 2026-04-28

[N/A][508257850] Medium CVE-2026-11214: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-30

[N/A][513446116] Medium CVE-2026-11215: Inappropriate implementation in Cronet. Reported by Google on 2026-05-15

[$3000][474583539] Low CVE-2026-11216: Incorrect security UI in File Input. Reported by Azza Tegar Naufal Ataullah on 2026-01-10

[$3000][487564032] Low CVE-2026-11217: Insufficient policy enforcement in Fenced Frames. Reported by Tianyi Hu on 2026-02-25

[$2000][476862276] Low CVE-2026-11218: Inappropriate implementation in PlatformIntegration. Reported by Han Liu (Xi’an Jiaotong University, School of Cyber Science and Engineering)
 on 2026-01-19

[$2000][480074849] Low CVE-2026-11219: Insufficient data validation in Navigation. Reported by Bharat (mrnoob)Β  on 2026-01-30

[$2000][487300831] Low CVE-2026-11220: Insufficient validation of untrusted input in Navigation. Reported by Tianyi Hu on 2026-02-24

[$1500][492211919] Low CVE-2026-11221: Insufficient validation of untrusted input in PointerLock. Reported by mihalis.haatainen@bountyy.fi on 2026-03-12

[$1000][458442542] Low CVE-2026-11222: Incorrect security UI in Tab Strip. Reported by Hafiizh on 2025-11-07

[$1000][494800494] Low CVE-2026-11223: Insufficient validation of untrusted input in Network. Reported by Tianyi Hu on 2026-03-21

[$500][502461760] Low CVE-2026-11224: Use after free in Chromoting. Reported by David Bors, Catalin Iovita on 2026-04-14

[$500][503346647] Low CVE-2026-11225: Incorrect security UI in WebUI. Reported by Tareq Ahamed - itztrq on 2026-04-16

[N/A][385662278] Low CVE-2026-11226: Insufficient policy enforcement in PreviewTab. Reported by Google on 2020-03-05

[TBD][448421954] Low CVE-2026-11227: Incorrect security UI in Tab Hover Cards. Reported by Hafiizh on 2025-10-01

[TBD][454484864] Low CVE-2026-11228: Incorrect security UI in File Input. Reported by Umar FarooqΒ  on 2025-10-23

[TBD][482713603] Low CVE-2026-11229: Insufficient policy enforcement in Enterprise. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-08

[N/A][493225428] Low CVE-2026-11230: Use after free in Extensions. Reported by Google on 2026-03-16

[N/A][495840862] Low CVE-2026-11231: Inappropriate implementation in Safe Browsing. Reported by Google on 2026-03-24

[N/A][495981782] Low CVE-2026-11232: Inappropriate implementation in TabGroups. Reported by Google on 2026-03-25

[N/A][496088449] Low CVE-2026-11233: Insufficient validation of untrusted input in FoldableAPIs. Reported by Google on 2026-03-25

[N/A][496095145] Low CVE-2026-11234: Insufficient policy enforcement in FoldableAPIs. Reported by Google on 2026-03-25

[N/A][496419374] Low CVE-2026-11235: Insufficient validation of untrusted input in Compositing. Reported by Google on 2026-03-26

[N/A][496427030] Low CVE-2026-11236: Insufficient policy enforcement in Web Bluetooth. Reported by Google on 2026-03-26

[N/A][496617698] Low CVE-2026-11237: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-26

[N/A][496705691] Low CVE-2026-11238: Inappropriate implementation in DevTools. Reported by Google on 2026-03-26

[N/A][497025738] Low CVE-2026-11239: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-03-27

[N/A][497030032] Low CVE-2026-11240: Insufficient validation of untrusted input in Loader. Reported by Google on 2026-03-27

[N/A][497203741] Low CVE-2026-11241: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-28

[N/A][497385823] Low CVE-2026-11242: Insufficient validation of untrusted input in Plugins. Reported by Google on 2026-03-29

[N/A][497394061] Low CVE-2026-11243: Incorrect security UI in Downloads. Reported by Google on 2026-03-29

[N/A][497609145] Low CVE-2026-11244: Insufficient validation of untrusted input in WebAuthentication. Reported by Google on 2026-03-30

[N/A][497610654] Low CVE-2026-11245: Inappropriate implementation in Payments. Reported by Google on 2026-03-30

[N/A][497660733] Low CVE-2026-11246: Insufficient validation of untrusted input in IndexedDB. Reported by Google on 2026-03-30

[N/A][497865734] Low CVE-2026-11247: Insufficient policy enforcement in CustomTabs. Reported by Google on 2026-03-30

[N/A][497946941] Low CVE-2026-11248: Policy bypass in Google Lens. Reported by Google on 2026-03-30

[N/A][497989379] Low CVE-2026-11249: Use after free in Network. Reported by Google on 2026-03-31

[N/A][498281224] Low CVE-2026-11250: Inappropriate implementation in DevTools. Reported by Google on 2026-03-31

[N/A][498301853] Low CVE-2026-11251: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-03-31

[N/A][498373018] Low CVE-2026-11252: Policy bypass in Content Settings. Reported by Google on 2026-04-01

[N/A][498397912] Low CVE-2026-11253: Race in Permissions. Reported by Google on 2026-04-01

[N/A][498405554] Low CVE-2026-11254: Inappropriate implementation in Permissions. Reported by Google on 2026-04-01

[N/A][498417152] Low CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API. Reported by Google on 2026-04-01

[N/A][498856565] Low CVE-2026-11256: Out of bounds read in GPU. Reported by Google on 2026-04-02

[N/A][499051898] Low CVE-2026-11257: Inappropriate implementation in Browser. Reported by Google on 2026-04-02

[N/A][499078161] Low CVE-2026-11258: Inappropriate implementation in File System Access. Reported by Google on 2026-04-02

[N/A][499215943] Low CVE-2026-11259: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-04-03

[N/A][499257860] Low CVE-2026-11260: Policy bypass in Permissions. Reported by Google on 2026-04-03

[N/A][499262832] Low CVE-2026-11261: Insufficient validation of untrusted input in PDF. Reported by Google on 2026-04-03

[N/A][499386363] Low CVE-2026-11262: Use after free in TabStrip. Reported by Google on 2026-04-03

[N/A][500044225] Low CVE-2026-11263: Insufficient policy enforcement in WebAuthentication. Reported by Google on 2026-04-06

[N/A][500099106] Low CVE-2026-11264: Policy bypass in Content Security Policy. Reported by Google on 2026-04-06

[N/A][500262869] Low CVE-2026-11265: Insufficient data validation in Autofill. Reported by Google on 2026-04-07

[N/A][500521311] Low CVE-2026-11266: Policy bypass in SafeBrowsing. Reported by Google on 2026-04-08

[N/A][500528267] Low CVE-2026-11267: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-08

[N/A][500528706] Low CVE-2026-11268: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500551122] Low CVE-2026-11269: Inappropriate implementation in Extensions. Reported by Google on 2026-04-08

[N/A][501504245] Low CVE-2026-11270: Inappropriate implementation in UI. Reported by Google on 2026-04-10

[N/A][501685207] Low CVE-2026-11271: Incorrect security UI in Passwords. Reported by Google on 2026-04-11

[N/A][501747321] Low CVE-2026-11272: Insufficient validation of untrusted input in Reading List. Reported by Google on 2026-04-11

[N/A][501757688] Low CVE-2026-11273: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-04-11

[N/A][501760514] Low CVE-2026-11274: Inappropriate implementation in DOM Distiller. Reported by Google on 2026-04-11

[N/A][501763121] Low CVE-2026-11275: Insufficient policy enforcement in Page Info. Reported by Google on 2026-04-11

[N/A][501780338] Low CVE-2026-11276: Inappropriate implementation in Cast. Reported by Google on 2026-04-12

[N/A][501839664] Low CVE-2026-11277: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-12

[N/A][501859865] Low CVE-2026-11278: Inappropriate implementation in CustomTabs. Reported by Google on 2026-04-12

[N/A][501878477] Low CVE-2026-11279: Out of bounds read in DevTools. Reported by Google on 2026-04-12

[N/A][501892820] Low CVE-2026-11280: Insufficient validation of untrusted input in Signin. Reported by Google on 2026-04-12

[N/A][501900366] Low CVE-2026-11281: Integer overflow in Chromoting. Reported by Google on 2026-04-12

[N/A][502023400] Low CVE-2026-11282: Policy bypass in Sandbox. Reported by Google on 2026-04-13

[N/A][502069297] Low CVE-2026-11283: Policy bypass in Shortcuts. Reported by Google on 2026-04-13

[N/A][502073069] Low CVE-2026-11284: Side-channel information leakage in PerformanceAPIs. Reported by Google on 2026-04-13

[N/A][502090914] Low CVE-2026-11285: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-13

[N/A][502110170] Low CVE-2026-11286: Insufficient validation of untrusted input in Wallet. Reported by Google on 2026-04-13

[N/A][502173136] Low CVE-2026-11287: Insufficient validation of untrusted input in Navigation. Reported by Google on 2026-04-13

[N/A][502231588] Low CVE-2026-11288: Policy bypass in CSS. Reported by Google on 2026-04-13

[N/A][502239897] Low CVE-2026-11289: Side-channel information leakage in Paint. Reported by Google on 2026-04-13

[N/A][502264647] Low CVE-2026-11290: Integer overflow in WebView. Reported by Google on 2026-04-13

[N/A][502346855] Low CVE-2026-11291: Policy bypass in Android Autofill. Reported by Google on 2026-04-14

[N/A][502358901] Low CVE-2026-11292: Policy bypass in Blink. Reported by Google on 2026-04-14

[TBD][502362260] Low CVE-2026-11293: Use after free in Input. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-14

[N/A][502403953] Low CVE-2026-11294: Inappropriate implementation in Passwords. Reported by Google on 2026-04-14

[N/A][502444677] Low CVE-2026-11295: Inappropriate implementation in WebView. Reported by Google on 2026-04-14

[N/A][502493950] Low CVE-2026-11296: Inappropriate implementation in ImageCapture. Reported by Google on 2026-04-14

[N/A][502502017] Low CVE-2026-11297: Insufficient validation of untrusted input in Reader Mode. Reported by Google on 2026-04-14

[N/A][502503860] Low CVE-2026-11298: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-14

[TBD][502598424] Low CVE-2026-11299: Out of bounds read in Fonts. Reported by sharadboni@gmail.com on 2026-04-14

[N/A][503614310] Low CVE-2026-11300: Inappropriate implementation in Permissions. Reported by Google on 2026-04-17

[N/A][504180386] Low CVE-2026-11301: Out of bounds read in LiveCaption. Reported by Google on 2026-04-19

[N/A][504196549] Low CVE-2026-11302: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-19

[N/A][504416752] Low CVE-2026-11303: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504418475] Low CVE-2026-11304: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504545544] Low CVE-2026-11305: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504548949] Low CVE-2026-11306: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504551617] Low CVE-2026-11307: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][505945112] Low CVE-2026-11308: Inappropriate implementation in Extensions. Reported by Google on 2026-04-24

[N/A][506392934] Low CVE-2026-11309: Insufficient policy enforcement in History. Reported by Google on 2026-04-25


We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.



Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Srinivas Sista

Google Chrome

  •  
  • ↗️
Ontvangen β€” 31 Mei 2026 ⏭ Software

Dopamine 3.0.5

βœ‡Dopamine
Door: digimezzo
31 Mei 2026 om 21:51

Added

  • Added an Adwaita theme, because GNU/Linux deserves some love.
  • Added Windows taskbar media controls accessible by hovering over the app icon in the taskbar
  • Added a "Refresh now" button to the main menu
  • Added ReplayGain support
  • Added option to show album name on the now playing page
  • Added possibility to edit the album cover

Changed

  • Discord Rich Presence says "Listening to" instead of "Playing"
  • Improved scaling of different parts of the user interface
  • Updated the Czech translation
  • Updated the German translation
  • Updated the Hebrew translation
  • Updated the Russian translation
  • Updated the Vietnamese translation

Fixed

  • Saving a rating to an MP3 file could create an ID3v1 tag, causing genres to be stored and displayed as their numeric ID3v1 code (e.g. "Eurodance" becoming "54")
  • It is not possible to edit songs from the Songs screen
  • There is no scroll bar in the smart playlist editor
  • Loop one does not work correctly when using gapless or crossfading playback
  • When exiting Dopamine, the Discord status doesn't disappear.
  • It's not always clear when Dopamine is refreshing the collection

P.S.: If you enjoy Dopamine, please consider donating via PayPal or buying me a coffee. Your support keeps the music going!

  •  
  • ↗️
Ontvangen β€” 30 Mei 2026 ⏭ Software

Early Stable Update for Desktop

βœ‡Google Chrome
29 Mei 2026 om 21:52

The Stable channel has been updated to 149.0.7827.53/.54 for Windows and Mac as part of our early stable release to a small percentage of users. A full list of changes in this build is available in the log.

You can find more details about early Stable releases here.

Interested in switching release channels? Β Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.


Srinivas Sista

Google Chrome

  •  
  • ↗️
Ontvangen β€” 29 Mei 2026 ⏭ Software
❌