Development Build

MPC-HC

Door: clsid2

15 Juni 2026 om 20:42

Below are development builds for testing purposes.

Latest development build: 2.7.2.18 (June 15th 2026)

Latest stable release build: 2.7.2
https://github.com/clsid2/mpc-hc/releases/tag/2.7.2

HeidiSQL v12.18

HeidiSQL

Door: github-actions[bot]

9 Juni 2026 om 20:37

12.18 - 2026-06-09

⛰️ Features

(packaging) Create .rpm package through Makefile, plus let GH action run that step in release mode - (fc728cf)
Create checkbox in advanced session setting for new ForceUnicode setting - (75a0f7f)
Create opt-out setting "ForceUnicode", for sessions which shall not force Unicode communication - (ed9a94f)
Enable connection port visible in a column of the session tree - (7cfdb97)
Display auth plugin in a new column of the user listing tree - (3e4f562)
Support authentication plugin selection in user manager - (07112a0)
Grid export option for exporting the focused grid column only - (d896680)
Bypass automatic foreign key lookup in data grid editing through new menu item - (a5ae04b)
Add a separate menu item "copy formatted text", using the old code for copying SynEdit-highlighted text as HTML - (84c63c6)
Filter edit box for shortcuts in preferences - (fb243fc)
Create CLI app for adding PE security flags to heidisql.exe - (3e797e2)
Rename snippet per right-click on query helpers tree - (7171e48)
Name columns in SELECT when exporting table with invisible columns - (1799b0d)
Support invisible indexes on MySQL 8.0+ and ignored indexes on MariaDB 10.6+ - (b3fa484)
Support assigning a default role to a user - (96d2aef)
Support assigning roles to a user or role - (96717cd)
Do not require MySQL's RELOAD privilege just for opening the user manager - (f79d9a5)
When nodes are filtered, change "Check all" action to "Change all visible" - (ebd60b3)
Disable role rename, add menu item for creating a role, support role deletion - (83472c5)
Prevent editing contents of generated columns in data grid - (9ecdff0)
Basic support for MariaDB user roles, loaded without SQL error and shown with a different icon - (3249401)
Add context menu item for deleting a single query from the history - (0035d5e)
Reset a table's current auto_increment value in "delete + insert data" mode - (0422bb3)
Support cancelling server login dialog - (e5b9574)
Keep EXPLAIN output format traditional, on newer MySQL servers - (90f9937)
Make HTML export dark/light mode aware - (dc046e9)
Allow setting database to in PostgreSQL connections, and show and in the pulldown selector - (950e2ca)

🚀 Enhancements

Disable plugin selector as long as no user was selected - (54dd7d8)
Do not copy default type and value from previous column when adding columns to a table - (42a061d)
Suppress dialog for saving modified SQL on app close, when tabs get auto-restored - (4ca01d9)
Remove FLUSH PRIVILEGES from the user managers FormShow handler. If a click on a non-flushed user in the tree produces an exception, that is caught and shown as a normal error message. - (fe7a5ef)
50% black grid lines, should fit on both light and dark theme - (1872916)
Increase supported table size and row limit for quick filter menu showing distinct values - (48eca57)

🐛 Bug Fixes

(ui) Filter away vertical writing fonts with an @ prefix - (1814ee9)
(ui) Size and margin of buttons on SQL help dialog - (61bc258)
(ui) Apply the same larger tree node height on Linux - (c770406)
(ui) Remove default "add user" event from add button, turn it into a pure dropdown button - (d7910c1)
Copy table dialog crashes when none of dbtree and listtables has Focused=True - (9216061)
Prefer SHOW KEYS over SHOW INDEXES, which are synonyms, while very old servers only accept the one with KEYS - (b97122c)
Prevent grid queries from doing "WHERE intcol::text = 1", due to "1" being incompatible to the text value on the left - (bcea889)
Vulnerability CVE-2025-70873, updating SQLite libs to v3.53.1 - (2930be8)
Complaint about invalid password length on user plugins which have no fixed password length - (510b141)
SUBSTRING() on array typed VARCHARs throw "function substr(...) does not exist" - (5f2959d)
MS SQL throws "Cannot drop database xyz, because it is currently in use" when user is about to drop the current database - (fa2bb05)
Wrong tab order after inserting new checkbox in the middle - (59d4f1f)
Space missing in CREATE TABLE code of PG table with SERIAL column - (1633c33)
Quick filter prompts on numbers break WHERE clause through local formatting - (e7646a0)
Restore displayed session name in message dialog caption, was removed in commit:63028518f8b0d5869383d3bc0c42f188851797ed - (a6d6e70)
Missing bottom anchor on shortcuts tree - (f8c4bde)
Broken ci compilation for Windows - (570fab1)
Broken ci compilation, move -WB -WR linker options to the conditionals section of the lpi file - (97ec20b)
Turn exception in ParseViewStructure into a log message - (7562a1e)
Data grid filter cut with several double-dash comments on one line - (dac7b0e)
Hidden input box for line terminator in csv import dialog - (f20d634)
Mouse click in edited row calls save action although focus did not change - (b8313e5)
SSH command line tweaks, patch from jarczakpawel - (454571e)
Broken compilation due encoding update to utf-8: ellipsis char constant seen as string now, instead of char - (26b9696)
Replace hardcoded Windows directory separator with DirectorySeparator - (41615e6)
Explicitly set client encoding on PG connection - (79c5e4c)
MSSQL foreign key lookup to include table schema - (305534d)
Wrong ENUM column type detection, due to less strict regex - (e731fd0)
Do not start edit mode in ListTables on right mouse button click - (89ccbac)
Staying on current table by click on "follow foreign key" when the foreign table lives in a different database - (8643172)
Some crashes found in uploaded crash reports - (7bed735)
Enable save button after changing default role per combobox - (508b139)
Support backtick quoted user roles, and some other TValueListEditor related bug fixes - (86ea19c)
A few compiler warnings - (c6dffe1)
Pre-select nothing in BOOL grid cell editor on PostgreSQL - (1895959)
Allow non existent SQLite files, only complain when its path does not exist - (02cf4cb)
Solution for #2431 breaks other stuff, reverting a part of it - (e940863)
Editing table data on mysql versions without generated column support - (32f3e6b)
EAbort crash when copying text from SynEdit without a highlighter - (6c219b9)
Missing anchors and autosize in user manager form - (91b90bc)
Reset tree refresh marker earlier, so SetActiveDatabase triggers events and hides the table + data tab after dropping tables - (d2c9c96)
Prevent crash due to unsupported edit-database feature on MS SQL - (68aeb96)
Clear data grid before indicating a broken or temporary table for which we get no columns from IS.COLUMNS - (b4ec223)
Populate SSH executable combo with only a global "ssh" command, do not add .exe files on Linux and macOS - (37f57ce)
Call to non existent inherited constructor version of TSQLBatch - (b2f4d5b)
TSQLBatch using backslash for escaping single quotes on all server types. Introduce server type specific TSQLBatch.FEscape char. - (e9af525)
Crash in SQL export to database for zero length SQL, plus upgrade old-style string handling - (056b5e9)
Do not delete selected SQL text from editor when trying to focus the position of erroneous SQL - (f5c5f33)
Crash after canceling query - (ee16571)

🚜 Refactor

Convert remaining latin1 unit to utf-8 - (85fb0bd)
Sync from master - (9727d53)
Revert most of what I did for #2424 - (3d547fd)
Prefer qAutoInc in SQLProvider over dedicated AutoIncName method - (2fbb779)
Simplify some more calls to Query() with the overloaded variants - (b0ab0fc)
Convert more TFeatureOrRequirement's to TQueryId - (9f21853)

Localize

Update compiled .mo translation files - (53f95d2)

Contributors

@ansgarbecker

New Contributors ❤️

@jonathanp12 made their first contribution

v12.18-Windows

HeidiSQL

Door: ansgarbecker

9 Juni 2026 om 19:21

Bump version for v12.18 release

Xml Notepad 2.9.0.22

XML Notepad

Door: lovettchris

9 Juni 2026 om 01:54

Update to WebView2 version 1.0.3967.48.
Fix #489 : Make FindDialog resizeable & preserve user size.

Extended Stable Updates for Desktop

Google Chrome

8 Juni 2026 om 22:40

The Extended Stable channel has been updated to 148.0.7778.254 for Windows and Mac which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Daniel Yip

Google Chrome

Stable Channel Update for Desktop

Google Chrome

9 Juni 2026 om 02:51

The Stable channel has been updated to 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 74 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information

[N/A][516501794] Critical CVE-2026-11628: Use after free in Ozone. Reported by Google on 2026-05-25

[N/A][516674532] Critical CVE-2026-11629: Use after free in Ozone. Reported by Google on 2026-05-26

[N/A][516677924] Critical CVE-2026-11630: Use after free in File Input. Reported by Google on 2026-05-26

[N/A][516691130] Critical CVE-2026-11631: Use after free in Aura. Reported by Google on 2026-05-26

[N/A][516707881] Critical CVE-2026-11632: Use after free in TabStrip. Reported by Google on 2026-05-26

[N/A][516963272] Critical CVE-2026-11633: Use after free in Bluetooth. Reported by Google on 2026-05-27

[N/A][516975148] Critical CVE-2026-11634: Use after free in Gamepad. Reported by Google on 2026-05-27

[N/A][516987814] Critical CVE-2026-11635: Use after free in Bluetooth. Reported by Google on 2026-05-27

[N/A][517023053] Critical CVE-2026-11636: Use after free in Autofill. Reported by Google on 2026-05-27

[N/A][517040438] Critical CVE-2026-11637: Use after free in Views. Reported by Google on 2026-05-27

[N/A][517047197] Critical CVE-2026-11638: Use after free in Printing. Reported by Google on 2026-05-27

[N/A][517227707] Critical CVE-2026-11639: Use after free in Compositing. Reported by Google on 2026-05-27

[N/A][517339758] Critical CVE-2026-11640: Integer overflow in libyuv. Reported by Google on 2026-05-28

[N/A][517418936] Critical CVE-2026-11641: Use after free in Bluetooth. Reported by Google on 2026-05-28

[N/A][517678820] Critical CVE-2026-11642: Use after free in Web Apps. Reported by Google on 2026-05-29

[N/A][518006379] Critical CVE-2026-11643: Use after free in Proxy. Reported by Google on 2026-05-29

[N/A][518043597] Critical CVE-2026-11644: Use after free in Views. Reported by Google on 2026-05-30

[$55000][506689381] High CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3 on 2026-04-27

[$500][517168239] High CVE-2026-11646: Use after free in ViewTransitions. Reported by Quac Tran on 2026-05-27

[N/A][502156940] High CVE-2026-11647: Use after free in Printing. Reported by Google on 2026-04-13

[N/A][506684534] High CVE-2026-11648: Use after free in FullScreen. Reported by Mihnea Nicolau on 2026-04-27

[N/A][511270083] High CVE-2026-11649: Use after free in V8. Reported by Google on 2026-05-08

[N/A][511279942] High CVE-2026-11650: Use after free in V8. Reported by Google on 2026-05-08

[N/A][511736002] High CVE-2026-11651: Use after free in Network. Reported by Google on 2026-05-10

[N/A][513156160] High CVE-2026-11652: Use after free in Extensions. Reported by Google on 2026-05-14

[N/A][513321171] High CVE-2026-11653: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-14

[N/A][513362710] High CVE-2026-11654: Use after free in CameraCapture. Reported by Google on 2026-05-15

[N/A][513396305] High CVE-2026-11655: Integer overflow in Media. Reported by Google on 2026-05-15

[N/A][513424000] High CVE-2026-11656: Use after free in ServiceWorker. Reported by Google on 2026-05-15

[N/A][513465272] High CVE-2026-11657: Use after free in Payments. Reported by Google on 2026-05-15

[N/A][513564337] High CVE-2026-11658: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-15

[N/A][513702971] High CVE-2026-11659: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-16

[N/A][513731890] High CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-16

[N/A][513748868] High CVE-2026-11661: Use after free in Views. Reported by Google on 2026-05-16

[N/A][513773313] High CVE-2026-11662: Type Confusion in Bindings. Reported by Google on 2026-05-16

[N/A][513820666] High CVE-2026-11663: Use after free in Skia. Reported by Google on 2026-05-16

[N/A][513830374] High CVE-2026-11664: Use after free in Payments. Reported by Google on 2026-05-16

[N/A][513948465] High CVE-2026-11665: Out of bounds read in Dawn. Reported by Google on 2026-05-17

[N/A][514009323] High CVE-2026-11666: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-17

[N/A][514671098] High CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google on 2026-05-19

[N/A][515419790] High CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google on 2026-05-21

[N/A][515429352] High CVE-2026-11669: Integer overflow in Media. Reported by Google on 2026-05-21

[N/A][515469283] High CVE-2026-11670: Use after free in PDF. Reported by Google on 2026-05-21

[N/A][516608438] High CVE-2026-11671: Use after free in Navigation. Reported by Google on 2026-05-26

[N/A][516794471] High CVE-2026-11672: Out of bounds write in GPU. Reported by Google on 2026-05-26

[N/A][516902973] High CVE-2026-11673: Use after free in InterestGroups. Reported by Google on 2026-05-26

[N/A][516910450] High CVE-2026-11674: Use after free in Guest View. Reported by Google on 2026-05-27

[N/A][516915337] High CVE-2026-11675: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-05-27

[N/A][516949298] High CVE-2026-11676: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27

[N/A][516979551] High CVE-2026-11677: Race in Network. Reported by Google on 2026-05-27

[N/A][516986556] High CVE-2026-11678: Integer overflow in libyuv. Reported by Google on 2026-05-27

[N/A][516997135] High CVE-2026-11679: Use after free in Codecs. Reported by Google on 2026-05-27

[N/A][517004487] High CVE-2026-11680: Use after free in Media. Reported by Google on 2026-05-27

[N/A][517050585] High CVE-2026-11681: Use after free in Ozone. Reported by Google on 2026-05-27

[N/A][517103584] High CVE-2026-11682: Insufficient validation of untrusted input in Views. Reported by Google on 2026-05-27

[N/A][517129549] High CVE-2026-11683: Use after free in WebCodecs. Reported by Google on 2026-05-27

[N/A][517130229] High CVE-2026-11684: Insufficient policy enforcement in Network. Reported by Google on 2026-05-27

[N/A][517183713] High CVE-2026-11685: Insufficient data validation in MediaCapture. Reported by Google on 2026-05-27

[N/A][517247333] High CVE-2026-11686: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-27

[N/A][517303276] High CVE-2026-11687: Use after free in Dawn. Reported by Google on 2026-05-28

[N/A][517309206] High CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google on 2026-05-28

[N/A][517486004] High CVE-2026-11689: Insufficient validation of untrusted input in Passwords. Reported by Google on 2026-05-28

[N/A][517533654] High CVE-2026-11690: Out of bounds read and write in Media. Reported by Google on 2026-05-28

[N/A][517585486] High CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page. Reported by Google on 2026-05-28

[N/A][517607902] High CVE-2026-11692: Use after free in Read Anything. Reported by Google on 2026-05-28

[N/A][517644287] High CVE-2026-11693: Inappropriate implementation in Plugins. Reported by Google on 2026-05-28

[N/A][517705966] High CVE-2026-11694: Use after free in ServiceWorker. Reported by Google on 2026-05-29

[N/A][517762104] High CVE-2026-11695: Inappropriate implementation in Passwords. Reported by Google on 2026-05-29

[N/A][517993381] High CVE-2026-11696: Uninitialized Use in Video. Reported by Google on 2026-05-29

[N/A][518105731] High CVE-2026-11697: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-30

[N/A][518235412] High CVE-2026-11698: Use after free in Bluetooth. Reported by Google on 2026-05-30

[N/A][518237527] High CVE-2026-11699: Use after free in Bluetooth. Reported by Google on 2026-05-30

[N/A][511732085] Medium CVE-2026-11700: Use after free in Tracing. Reported by Google on 2026-05-10

[N/A][516413817] Medium CVE-2026-11701: Insufficient validation of untrusted input in Guest View. Reported by Google on 2026-05-25

Google is aware that an exploit for CVE-2026-11645 exists in the wild.

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Daniel Yip

Google Chrome

2.7.2

MPC-HC

Door: clsid2

16 Juni 2026 om 21:17

Changes from 2.7.1 to 2.7.2:

Updates:

Updated LAV Filters to version 0.81-23-g6fadb
Updated MPC Video Renderer to version 0.10.2.2540
Updated MediaInfo DLL to version 26.05
Updated MPC Audio Renderer

Fixes:

Several crash fixes, bug fixes and small improvements.

CPU-Z 2.20.2

CPU-Z

4 Juni 2026 om 18:00

Intel Arc G3 and G3 Extreme (Panther Lake)(2.20.2).
AMD Ryzen 7 7700X3D (Raphael) (2.20.1).
AMD Ryzen AI Max+ 495, 492, 488 (Gorgon Halo).
AMD Ryzen AI Max 490, 485 (Gorgon Halo).
AMD Ryzen AI Max PRO 495, 490, 485, 480 (Gorgon Halo).
AMD Ryzen 9 9950X3D2 (Granite Ridge).
AMD Ryzen 9 PRO 9965X3D, PRO 9945 (Granite Ridge).
AMD Ryzen 7 PRO 9755, PRO 9745 (Granite Ridge).
AMD Ryzen 5 PRO 9645 (Granite Ridge).
AMD Ryzen AI 7/PRO 450G/GE (Gorgon Point 2).
AMD Ryzen AI 5/PRO 440G/GE (Gorgon Point 2).
AMD Ryzen AI 5/PRO 435G/GE (Gorgon Point 3).
AMD Ryzen AI Max+ 392 (Strix Halo).
Intel Core Ultra 5 250KF Plus (Arrow Lake Refresh).
Intel Core 7 360 and 350 (Wildcat Lake).
Intel Core 5 330, 320 and 315 (Wildcat Lake).
Intel Core 3 304 (Wildcat Lake).
Intel Core 9 273PQE, 273PTE, 273PE (Bartlett Lake).
Intel Core 7 253PQE, 253PTE, 253PE, 251TE, 251E (Bartlett Lake).
Intel Core 5 223PQE, 223PTE, 223PE, 221TE, 221E, 213PTE, 213PE, 211TE, 211E (Bartlett Lake).
Intel Core 3 201TE, 201E (Bartlett Lake).
Intel Arc Pro B70 and B65 (BMG-G31).
Intel Arc Pro B60 and B50 (BMG-G21).
Support of HUDIMM and HSODIMM memory modules.

FileZilla Client 3.70.6 released

FileZilla

Door: Tim Kosse

4 Juni 2026 om 17:16

New features:

SFTP: Added compatibility flag to Site Manager to ignore invalid bits in file attributes flags received from non-compliant servers

Bugfixes and minor changes:

SFTP: Updated to fzssh 1.3.0
Updated to libfilezilla 0.56.1
Removed autodetection of FTP server type governing the remote path syntax. Exotic server types now need to be set explicitly on the advanced page in the Site Manager

Paint.NET 5.2 Alpha (build 9650)

Paint.net

Door: Rick Brewster

4 Juni 2026 om 00:02

This is an updated alpha build for 5.2 that fixes some more bugs and crashes.

You can read more about 5.2 and what it includes by reading the release notes for the first alpha.

Change Log

Changes since 5.2 Alpha (build 9641):

Fixed an issue when drawing at the edge of the canvas viewport that would cause it to freeze and then jump all the way to the far edge of the canvas
Fixed an issue when drawing a selection using the intersect combine mode that would make the selection disappear and cause other weird issues with history (undo/redo).
Fixed the Move Selected Pixels tool setting color values to 0 for transparent pixels when not necessary (just moving without scaling/rotation, nearest neighbor sampling, etc.). Bug was reported here by @frio.
Fixed clipboard images accessed by plugins not always having a non-null ColorContext property. This property can still be null in some cases (e.g. alpha-only pixel formats). Reported here by @_koh_.
Optimized the compositing code for the Move Selected Pixels tool. The improvement is most noticeable on CPUs with AVX2 (not AVX512) which are not already bottlenecked by the GPU’s rendering.
Fixed a rare crash that could happen while switching tools while also changing the color

Download and Install

This build is available via the built-in updater as long as you have opted-in to pre-release updates. From within Settings -> Updates, enable “Also check for pre-release (beta) versions of paint.net” and then click on the Check Now button. You can also use the links below to download an offline installer or portable ZIP.

You can also download the installer here (for any supported CPU and OS), which is also where you can find downloads for offline installers, portable ZIPs, and deployable MSIs.

Extended Stable Updates for Desktop

Google Chrome

3 Juni 2026 om 18:20

The Extended Stable channel has been updated to 148.0.7778.254 for Windows and Mac which will roll out over the coming days/weeks.

A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

Stable Channel Update for Desktop

Google Chrome

5 Juni 2026 om 00:27

The Chrome team is delighted to announce the promotion of Chrome 149 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.

Chrome 149.0.7827.53 (Linux) 149.0.7827.53/54 Windows/Mac contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new features and big efforts delivered in 149.

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 429 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$97000][498904293] Critical CVE-2026-10881: Out of bounds read and write in ANGLE. Reported by Anonymous on 2026-04-02

[$43000][503420443] Critical CVE-2026-10882: Use after free in Network. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-17

[$5000][503768143] Critical CVE-2026-10883: Out of bounds write in ANGLE. Reported by Maher Azzouzi on 2026-04-17

[N/A][503617302] Critical CVE-2026-10884: Use after free in Chromecast. Reported by Google on 2026-04-17

[N/A][504072665] Critical CVE-2026-10885: Use after free in Chrome for iOS. Reported by Google on 2026-04-18

[TBD][505096898] Critical CVE-2026-10886: Use after free in FileSystem. Reported by Andrew Boni on 2026-04-21

[N/A][505204771] Critical CVE-2026-10887: Use after free in Chromoting. Reported by Google on 2026-04-22

[N/A][505815080] Critical CVE-2026-10888: Use after free in Cast Streaming. Reported by Google on 2026-04-23

[N/A][513003797] Critical CVE-2026-10889: Out of bounds read in ANGLE. Reported by Google on 2026-05-14

[N/A][513136593] Critical CVE-2026-10890: Use after free in Cast. Reported by Google on 2026-05-14

[N/A][513160681] Critical CVE-2026-10891: Use after free in GFX. Reported by Google on 2026-05-14

[N/A][513165325] Critical CVE-2026-10892: Out of bounds write in GPU. Reported by Google on 2026-05-14

[N/A][513231432] Critical CVE-2026-10893: Use after free in Chromoting. Reported by Google on 2026-05-14

[N/A][513445101] Critical CVE-2026-10894: Use after free in Printing. Reported by Google on 2026-05-15

[N/A][513454018] Critical CVE-2026-10895: Use after free in Ozone. Reported by Google on 2026-05-15

[N/A][513514692] Critical CVE-2026-10896: Use after free in Chrome for iOS. Reported by Google on 2026-05-15

[N/A][513543143] Critical CVE-2026-10897: Out of bounds write in GPU. Reported by Google on 2026-05-15

[N/A][513946753] Critical CVE-2026-10898: Stack buffer overflow in GPU. Reported by Google on 2026-05-17

[N/A][516653777] Critical CVE-2026-10899: Use after free in Ozone. Reported by Google on 2026-05-26

[N/A][516878683] Critical CVE-2026-10900: Use after free in Passwords. Reported by Google on 2026-05-26

[N/A][516957738] Critical CVE-2026-10901: Use after free in Passwords. Reported by Google on 2026-05-27

[N/A][517046249] Critical CVE-2026-10902: Use after free in Ozone. Reported by Google on 2026-05-27

[$11000][503422316] High CVE-2026-10903: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-17

[$8000][506855825] High CVE-2026-10904: Inappropriate implementation in V8. Reported by 303f06e3 on 2026-04-27

[$5000][487357841] High CVE-2026-10905: Use after free in Network. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-25

[$3000][503420438] High CVE-2026-10906: Use after free in WebAuthentication. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-17

[$2000][489071023] High CVE-2026-10907: Out of bounds write in ANGLE. Reported by sweetchip on 2026-03-02

[$2000][505045913] High CVE-2026-10908: Use after free in FullScreen. Reported by Mihnea Nicolau on 2026-04-21

[$1000][508092644] High CVE-2026-10909: Use after free in Dawn. Reported by whiter@xuanyusec on 2026-04-30

[$500][508811477] High CVE-2026-10910: Type Confusion in V8. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-05-02

[N/A][495819067] High CVE-2026-10911: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-24

[N/A][496614553] High CVE-2026-10912: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-03-26

[N/A][497450927] High CVE-2026-10913: Use after free in ANGLE. Reported by Google on 2026-03-29

[N/A][497574371] High CVE-2026-10914: Use after free in ANGLE. Reported by Google on 2026-03-30

[N/A][497612174] High CVE-2026-10915: Use after free in Core. Reported by Google on 2026-03-30

[N/A][497643690] High CVE-2026-10916: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-30

[N/A][497929481] High CVE-2026-10917: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-30

[N/A][498259721] High CVE-2026-10918: Use after free in Viz. Reported by Google on 2026-03-31

[N/A][498872764] High CVE-2026-10919: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498977444] High CVE-2026-10920: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-04-02

[N/A][499159695] High CVE-2026-10921: Integer overflow in Dawn. Reported by Google on 2026-04-03

[N/A][499164652] High CVE-2026-10922: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-04-03

[N/A][499423683] High CVE-2026-10923: Use after free in WebAppInstalls. Reported by Google on 2026-04-04

[N/A][500055357] High CVE-2026-10924: Integer overflow in Chromecast. Reported by Google on 2026-04-06

[N/A][500071763] High CVE-2026-10925: Out of bounds write in Skia. Reported by Google on 2026-04-06

[N/A][500075522] High CVE-2026-10926: Use after free in Cast. Reported by Google on 2026-04-06

[N/A][500090141] High CVE-2026-10927: Out of bounds read in Dawn. Reported by Google on 2026-04-06

[N/A][500124367] High CVE-2026-10928: Script injection in Headless. Reported by Google on 2026-04-06

[N/A][500429259] High CVE-2026-10929: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500472605] High CVE-2026-10930: Out of bounds read in ANGLE. Reported by Google on 2026-04-07

[TBD][501115599] High CVE-2026-10931: Use after free in FileSystem. Reported by asjidkalam on 2026-04-10

[N/A][501335606] High CVE-2026-10932: Use after free in UI. Reported by Google on 2026-04-10

[N/A][501557633] High CVE-2026-10933: Use after free in Audio. Reported by Google on 2026-04-11

[N/A][501594107] High CVE-2026-10934: Use after free in Autofill. Reported by Google on 2026-04-11

[N/A][501898683] High CVE-2026-10935: Inappropriate implementation in V8. Reported by Google on 2026-04-12

[N/A][502439789] High CVE-2026-10936: Type Confusion in V8. Reported by Google on 2026-04-14

[N/A][502651056] High CVE-2026-10937: Inappropriate implementation in Passwords. Reported by Google on 2026-04-14

[N/A][502681591] High CVE-2026-10938: Insufficient validation of untrusted input in Input. Reported by Google on 2026-04-14

[N/A][503502607] High CVE-2026-10939: Use after free in WebRTC. Reported by Google on 2026-04-17

[N/A][503879873] High CVE-2026-10940: Race in Codecs. Reported by Google on 2026-04-17

[N/A][503958940] High CVE-2026-10941: Out of bounds memory access in Skia. Reported by Google on 2026-04-18

[N/A][504104263] High CVE-2026-10942: Insufficient validation of untrusted input in UI. Reported by Google on 2026-04-18

[TBD][504194151] High CVE-2026-10943: Use after free in WebRTC. Reported by Rayyan Kadar on 2026-04-20

[N/A][504215814] High CVE-2026-10944: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-19

[N/A][504417768] High CVE-2026-10945: Use after free in PDF. Reported by Google on 2026-04-20

[N/A][504587797] High CVE-2026-10946: Heap buffer overflow in Media. Reported by Google on 2026-04-20

[N/A][504597736] High CVE-2026-10947: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][504599749] High CVE-2026-10948: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][504644843] High CVE-2026-10949: Heap buffer overflow in Video. Reported by Google on 2026-04-20

[N/A][505123022] High CVE-2026-10950: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-21

[N/A][505191883] High CVE-2026-10951: Use after free in Autofill. Reported by Google on 2026-04-22

[N/A][505231370] High CVE-2026-10952: Use after free in Chrome for iOS. Reported by Google on 2026-04-22

[N/A][506147564] High CVE-2026-10953: Use after free in Core. Reported by Google on 2026-04-24

[N/A][506150628] High CVE-2026-10954: Use after free in Actor. Reported by Google on 2026-04-24

[N/A][506374676] High CVE-2026-10955: Type Confusion in ANGLE. Reported by Google on 2026-04-25

[N/A][506375731] High CVE-2026-10956: Use after free in MimeHandlerView. Reported by Google on 2026-04-25

[N/A][506377279] High CVE-2026-10957: Use after free in Glic. Reported by Google on 2026-04-25

[N/A][507251069] High CVE-2026-10958: Use after free in Chrome for iOS. Reported by Google on 2026-04-28

[N/A][507258648] High CVE-2026-10959: Use after free in Input. Reported by Google on 2026-04-28

[N/A][507258786] High CVE-2026-10960: Uninitialized Use in Codecs. Reported by Google on 2026-04-28

[N/A][508281950] High CVE-2026-10961: Use after free in Chrome for iOS. Reported by Google on 2026-04-30

[N/A][511006880] High CVE-2026-10962: Type Confusion in Media. Reported by Google on 2026-05-08

[N/A][511218177] High CVE-2026-10963: Integer overflow in V8. Reported by Google on 2026-05-08

[N/A][511228272] High CVE-2026-10964: Integer overflow in V8. Reported by Google on 2026-05-08

[N/A][511290038] High CVE-2026-10965: Integer overflow in DevTools. Reported by Google on 2026-05-08

[N/A][511713779] High CVE-2026-10966: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-05-10

[N/A][511714900] High CVE-2026-10967: Use after free in SurfaceCapture. Reported by Google on 2026-05-10

[N/A][511758373] High CVE-2026-10968: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-10

[N/A][511765713] High CVE-2026-10969: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-10

[N/A][512772489] High CVE-2026-10970: Insufficient validation of untrusted input in InterestGroups. Reported by Google on 2026-05-13

[N/A][513005991] High CVE-2026-10971: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-05-14

[N/A][513006660] High CVE-2026-10972: Use after free in Ozone. Reported by Google on 2026-05-14

[N/A][513042859] High CVE-2026-10973: Uninitialized Use in Dawn. Reported by Google on 2026-05-14

[N/A][513135862] High CVE-2026-10974: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-14

[N/A][513154132] High CVE-2026-10975: Use after free in WebRTC. Reported by Google on 2026-05-14

[N/A][513249847] High CVE-2026-10976: Uninitialized Use in Dawn. Reported by Google on 2026-05-14

[N/A][513340227] High CVE-2026-10977: Uninitialized Use in Skia. Reported by Google on 2026-05-14

[N/A][513394258] High CVE-2026-10978: Use after free in Chromoting. Reported by Google on 2026-05-15

[N/A][513468021] High CVE-2026-10979: Out of bounds read in ANGLE. Reported by Google on 2026-05-15

[N/A][513713927] High CVE-2026-10980: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-05-16

[N/A][513762354] High CVE-2026-10981: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-05-16

[N/A][513774197] High CVE-2026-10982: Use after free in WebXR. Reported by Google on 2026-05-16

[N/A][513947609] High CVE-2026-10983: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-05-17

[N/A][514022635] High CVE-2026-10984: Inappropriate implementation in Accessibility. Reported by Google on 2026-05-17

[N/A][514082801] High CVE-2026-10985: Out of bounds read in Skia. Reported by Google on 2026-05-17

[N/A][514744613] High CVE-2026-10986: Integer overflow in Media. Reported by Google on 2026-05-19

[N/A][515431687] High CVE-2026-10987: Integer overflow in V8. Reported by Google on 2026-05-21

[N/A][515465685] High CVE-2026-10988: Use after free in Views. Reported by Google on 2026-05-21

[N/A][516311623] High CVE-2026-10989: Inappropriate implementation in V8. Reported by Google on 2026-05-25

[$4000][506311914] Medium CVE-2026-10990: Use after free in Glic. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-25

[$3000][503553614] Medium CVE-2026-10991: Use after free in V8. Reported by Alisa Esage (@alisaesage) on 2026-04-17

[$2000][493534964] Medium CVE-2026-10992: Insufficient data validation in Animation. Reported by heapracer (@heapracer) on 2026-03-17

[$2000][504160794] Medium CVE-2026-10993: Heap buffer overflow in Skia. Reported by M. Fauzan Wijaya (Gh05t666nero) on 2026-04-19

[$2000][504820809] Medium CVE-2026-10994: Uninitialized Use in ANGLE. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-04-21

[$2000][505371980] Medium CVE-2026-10995: Heap buffer overflow in TabStrip. Reported by Sven Dysthe (@svn-dys) on 2026-04-22

[TBD][40051700] Medium CVE-2026-10996: Inappropriate implementation in Workers. Reported by Jayateertha Guruprasad on 2024-12-23

[TBD][464217867] Medium CVE-2026-10997: Insufficient policy enforcement in Extensions. Reported by djallalakira@gmail.com on 2025-11-28

[TBD][486536242] Medium CVE-2026-10998: Out of bounds read in Media. Reported by Ameen Basha M K on 2026-02-22

[TBD][489369089] Medium CVE-2026-10999: Out of bounds memory access in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04

[TBD][492374380] Medium CVE-2026-11000: Use after free in Fonts. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-13

[N/A][493691489] Medium CVE-2026-11001: Incorrect security UI in Payments. Reported by Google on 2026-03-18

[TBD][494740162] Medium CVE-2026-11002: Use after free in Autofill. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-21

[TBD][494823867] Medium CVE-2026-11003: Use after free in WebRTC. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2026-03-21

[TBD][494823889] Medium CVE-2026-11004: Out of bounds read in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-22

[TBD][495052581] Medium CVE-2026-11005: Out of bounds read in ANGLE. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-22

[N/A][495489174] Medium CVE-2026-11006: Out of bounds read in Dawn. Reported by Google on 2026-03-23

[N/A][495834228] Medium CVE-2026-11007: Insufficient validation of untrusted input in WebView. Reported by Google on 2026-03-24

[N/A][495864099] Medium CVE-2026-11008: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-24

[N/A][496233132] Medium CVE-2026-11009: Use after free in USB. Reported by Google on 2026-03-25

[TBD][496266444] Medium CVE-2026-11010: Use after free in WebShare. Reported by David Sievers on 2026-03-26

[N/A][496702621] Medium CVE-2026-11011: Insufficient policy enforcement in Password Manager. Reported by Google on 2026-03-26

[N/A][497000161] Medium CVE-2026-11012: Use after free in Serial. Reported by Google on 2026-03-27

[N/A][497056412] Medium CVE-2026-11013: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-28

[N/A][497058611] Medium CVE-2026-11014: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-28

[TBD][497183443] Medium CVE-2026-11015: Out of bounds read in WebGPU. Reported by Yuma Takeuchi on 2026-03-29

[N/A][497278395] Medium CVE-2026-11016: Insufficient validation of untrusted input in Network. Reported by Google on 2026-03-28

[N/A][497336872] Medium CVE-2026-11017: Inappropriate implementation in Link Preview. Reported by Google on 2026-03-29

[N/A][497342466] Medium CVE-2026-11018: Insufficient policy enforcement in Actor. Reported by Google on 2026-03-29

[N/A][497344640] Medium CVE-2026-11019: Inappropriate implementation in Payments. Reported by Google on 2026-03-29

[N/A][497440270] Medium CVE-2026-11020: Inappropriate implementation in Extensions. Reported by Google on 2026-03-29

[N/A][497487755] Medium CVE-2026-11021: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-29

[N/A][497532918] Medium CVE-2026-11022: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-03-29

[N/A][497538899] Medium CVE-2026-11023: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-03-29

[N/A][497591594] Medium CVE-2026-11024: Stack buffer overflow in Skia. Reported by Google on 2026-03-30

[N/A][497595264] Medium CVE-2026-11025: Insufficient policy enforcement in Navigation. Reported by Google on 2026-03-30

[N/A][497599683] Medium CVE-2026-11026: Insufficient policy enforcement in Extensions. Reported by Google on 2026-03-30

[N/A][497604407] Medium CVE-2026-11027: Insufficient validation of untrusted input in Glic. Reported by Google on 2026-03-30

[N/A][497627277] Medium CVE-2026-11028: Use after free in Media. Reported by Google on 2026-03-30

[N/A][497651688] Medium CVE-2026-11029: Insufficient validation of untrusted input in Drag and Drop. Reported by Google on 2026-03-30

[N/A][497722502] Medium CVE-2026-11030: Use after free in Network. Reported by Google on 2026-03-30

[N/A][497748760] Medium CVE-2026-11031: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-03-30

[N/A][497831111] Medium CVE-2026-11032: Insufficient data validation in Password Manager. Reported by Google on 2026-03-30

[N/A][497926664] Medium CVE-2026-11033: Uninitialized Use in WebML. Reported by Google on 2026-03-30

[N/A][497934980] Medium CVE-2026-11034: Insufficient validation of untrusted input in Tab Group Sync. Reported by Google on 2026-03-30

[N/A][497936421] Medium CVE-2026-11035: Insufficient validation of untrusted input in Custom Tabs. Reported by Google on 2026-03-30

[N/A][497964917] Medium CVE-2026-11036: Inappropriate implementation in DOM. Reported by Google on 2026-03-30

[N/A][497971287] Medium CVE-2026-11037: Out of bounds write in Codecs. Reported by Google on 2026-03-31

[N/A][498080391] Medium CVE-2026-11038: Insufficient validation of untrusted input in Subresource Integrity. Reported by Google on 2026-03-31

[N/A][498204112] Medium CVE-2026-11039: Uninitialized Use in Skia. Reported by Google on 2026-03-31

[N/A][498371085] Medium CVE-2026-11040: Use after free in ANGLE. Reported by Google on 2026-04-01

[N/A][498700369] Medium CVE-2026-11041: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-01

[N/A][498720094] Medium CVE-2026-11042: Use after free in Views. Reported by Google on 2026-04-01

[N/A][498721316] Medium CVE-2026-11043: Out of bounds write in ANGLE. Reported by Google on 2026-04-01

[N/A][498724803] Medium CVE-2026-11044: Integer overflow in ANGLE. Reported by Google on 2026-04-01

[N/A][498727111] Medium CVE-2026-11045: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-01

[N/A][498728857] Medium CVE-2026-11046: Insufficient validation of untrusted input in Media. Reported by Google on 2026-04-01

[N/A][498768132] Medium CVE-2026-11047: Insufficient validation of untrusted input in Base. Reported by Google on 2026-04-02

[N/A][498808432] Medium CVE-2026-11048: Inappropriate implementation in Extensions. Reported by Google on 2026-04-02

[N/A][498815068] Medium CVE-2026-11049: Use after free in Password Manager. Reported by Google on 2026-04-02

[N/A][498818402] Medium CVE-2026-11050: Use after free in V8. Reported by Google on 2026-04-02

[TBD][498828605] Medium CVE-2026-11051: Out of bounds read in ANGLE. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-02

[N/A][498834967] Medium CVE-2026-11052: Type Confusion in GPU. Reported by Google on 2026-04-02

[N/A][498841456] Medium CVE-2026-11053: VULNERABILITY in WebRTC. Reported by Google on 2026-04-02

[N/A][498845284] Medium CVE-2026-11054: Use after free in WebRTC. Reported by Google on 2026-04-02

[N/A][498881735] Medium CVE-2026-11055: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498887785] Medium CVE-2026-11056: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-04-02

[N/A][498951946] Medium CVE-2026-11057: Uninitialized Use in Skia. Reported by Google on 2026-04-02

[N/A][498986406] Medium CVE-2026-11058: Integer overflow in CredentialProvider. Reported by Google on 2026-04-02

[N/A][498991983] Medium CVE-2026-11059: Use after free in Blink. Reported by Google on 2026-04-02

[N/A][499018355] Medium CVE-2026-11060: Use after free in Media. Reported by Google on 2026-04-02

[N/A][499031961] Medium CVE-2026-11061: Out of bounds read in ANGLE. Reported by Google on 2026-04-02

[N/A][499033012] Medium CVE-2026-11062: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-02

[N/A][499051067] Medium CVE-2026-11063: Insufficient validation of untrusted input in WebNN. Reported by Google on 2026-04-02

[N/A][499075743] Medium CVE-2026-11064: Uninitialized Use in GPU. Reported by Google on 2026-04-02

[N/A][499093536] Medium CVE-2026-11065: Use after free in ANGLE. Reported by Google on 2026-04-03

[N/A][499124128] Medium CVE-2026-11066: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-03

[N/A][499140183] Medium CVE-2026-11067: Uninitialized Use in Dawn. Reported by Google on 2026-04-03

[N/A][499194333] Medium CVE-2026-11068: Use after free in WebSockets. Reported by Google on 2026-04-03

[N/A][499213367] Medium CVE-2026-11069: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-04-03

[N/A][499225384] Medium CVE-2026-11070: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-03

[N/A][499227659] Medium CVE-2026-11071: Use after free in Base. Reported by Google on 2026-04-03

[N/A][499238195] Medium CVE-2026-11072: Use after free in WebView. Reported by Google on 2026-04-03

[N/A][499365904] Medium CVE-2026-11073: Use after free in WebGL. Reported by Google on 2026-04-03

[TBD][499587071] Medium CVE-2026-11074: Use after free in WebRTC. Reported by boboliverfrancishoward@gmail.com on 2026-04-05

[TBD][499659070] Medium CVE-2026-11075: Out of bounds read in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab on 2026-04-06

[N/A][499784386] Medium CVE-2026-11076: Type Confusion in CSS. Reported by Google on 2026-04-05

[TBD][499908918] Medium CVE-2026-11077: Out of bounds read in Dawn. Reported by Anonymous on 2026-04-06

[TBD][499917177] Medium CVE-2026-11078: Insufficient validation of untrusted input in FileSystem. Reported by Eran Rom of Palo Alto Networks on 2026-04-06

[N/A][500028989] Medium CVE-2026-11079: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-06

[N/A][500032538] Medium CVE-2026-11080: Use after free in WebView. Reported by Google on 2026-04-06

[N/A][500076131] Medium CVE-2026-11081: Policy bypass in Canvas. Reported by Google on 2026-04-06

[N/A][500079715] Medium CVE-2026-11082: Use after free in GPU. Reported by Google on 2026-04-06

[N/A][500095743] Medium CVE-2026-11083: Inappropriate implementation in Password Manager. Reported by Google on 2026-04-06

[N/A][500124500] Medium CVE-2026-11084: Inappropriate implementation in Password Manager. Reported by Google on 2026-04-06

[N/A][500132379] Medium CVE-2026-11085: Integer overflow in GPU. Reported by Google on 2026-04-06

[N/A][500140111] Medium CVE-2026-11086: Insufficient validation of untrusted input in Dawn. Reported by Google on 2026-04-07

[N/A][500140149] Medium CVE-2026-11087: Uninitialized Use in ANGLE. Reported by Google on 2026-04-07

[N/A][500144879] Medium CVE-2026-11088: Integer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500154880] Medium CVE-2026-11089: Uninitialized Use in Media. Reported by Google on 2026-04-07

[N/A][500161302] Medium CVE-2026-11090: Uninitialized Use in ANGLE. Reported by Google on 2026-04-07

[N/A][500162791] Medium CVE-2026-11091: Inappropriate implementation in Dawn. Reported by Google on 2026-04-07

[N/A][500170887] Medium CVE-2026-11092: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-07

[N/A][500172365] Medium CVE-2026-11093: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-04-07

[N/A][500174874] Medium CVE-2026-11094: Use after free in Codecs. Reported by Google on 2026-04-07

[N/A][500293394] Medium CVE-2026-11095: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-07

[N/A][500296311] Medium CVE-2026-11096: Out of bounds read in WebRTC. Reported by Google on 2026-04-07

[N/A][500311718] Medium CVE-2026-11097: Inappropriate implementation in WebView. Reported by Google on 2026-04-07

[N/A][500315455] Medium CVE-2026-11098: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-07

[N/A][500414865] Medium CVE-2026-11099: Vulnerability in Skia. Reported by Google on 2026-04-07

[N/A][500416901] Medium CVE-2026-11100: Use after free in File Input. Reported by Google on 2026-04-07

[N/A][500443031] Medium CVE-2026-11101: Uninitialized Use in Dawn. Reported by Google on 2026-04-07

[N/A][500468338] Medium CVE-2026-11102: Inappropriate implementation in Isolated Web Apps. Reported by Google on 2026-04-07

[N/A][500483038] Medium CVE-2026-11103: Inappropriate implementation in Installer. Reported by Google on 2026-04-07

[N/A][500501226] Medium CVE-2026-11104: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500505339] Medium CVE-2026-11105: Insufficient validation of untrusted input in WebUI. Reported by Google on 2026-04-08

[N/A][500508725] Medium CVE-2026-11106: Inappropriate implementation in Media. Reported by Google on 2026-04-08

[N/A][500510384] Medium CVE-2026-11107: Inappropriate implementation in Downloads. Reported by Google on 2026-04-08

[N/A][500517053] Medium CVE-2026-11108: Inappropriate implementation in NFC. Reported by Google on 2026-04-08

[N/A][500524833] Medium CVE-2026-11109: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500528864] Medium CVE-2026-11110: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500530720] Medium CVE-2026-11111: Out of bounds read in ANGLE. Reported by Google on 2026-04-08

[N/A][500541413] Medium CVE-2026-11112: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-08

[N/A][500560764] Medium CVE-2026-11113: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-08

[N/A][501360342] Medium CVE-2026-11114: Use after free in Device Trust. Reported by Google on 2026-04-10

[N/A][501370283] Medium CVE-2026-11115: Use after free in Updater. Reported by Google on 2026-04-10

[N/A][501376612] Medium CVE-2026-11116: Use after free in Chromoting. Reported by Google on 2026-04-10

[N/A][501403820] Medium CVE-2026-11117: Use after free in Views. Reported by Google on 2026-04-10

[N/A][501424047] Medium CVE-2026-11118: Use after free in WebRTC. Reported by Google on 2026-04-10

[N/A][501461853] Medium CVE-2026-11119: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-04-10

[N/A][501467566] Medium CVE-2026-11120: Insufficient validation of untrusted input in Enterprise Reporting. Reported by Google on 2026-04-10

[N/A][501483855] Medium CVE-2026-11121: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-04-10

[N/A][501485453] Medium CVE-2026-11122: Inappropriate implementation in Keyboard. Reported by Google on 2026-04-10

[N/A][501505198] Medium CVE-2026-11123: Uninitialized Use in ANGLE. Reported by Google on 2026-04-10

[N/A][501511299] Medium CVE-2026-11124: Heap buffer overflow in Skia. Reported by Google on 2026-04-10

[N/A][501517520] Medium CVE-2026-11125: Use after free in Compositing. Reported by Google on 2026-04-10

[N/A][501528031] Medium CVE-2026-11126: Insufficient validation of untrusted input in DevTools. Reported by Google on 2026-04-10

[N/A][501535295] Medium CVE-2026-11127: Inappropriate implementation in WebAPKs. Reported by Google on 2026-04-10

[N/A][501541341] Medium CVE-2026-11128: Insufficient validation of untrusted input in Web Share. Reported by Google on 2026-04-10

[N/A][501541962] Medium CVE-2026-11129: Inappropriate implementation in Extensions. Reported by Google on 2026-04-10

[N/A][501546443] Medium CVE-2026-11130: Use after free in Media. Reported by Google on 2026-04-11

[N/A][501561644] Medium CVE-2026-11131: Use after free in Autofill. Reported by Google on 2026-04-11

[N/A][501597365] Medium CVE-2026-11132: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501606085] Medium CVE-2026-11133: Insufficient policy enforcement in Paint. Reported by Google on 2026-04-11

[N/A][501640084] Medium CVE-2026-11134: Insufficient data validation in Media. Reported by Google on 2026-04-11

[N/A][501644835] Medium CVE-2026-11135: Insufficient policy enforcement in Autofill. Reported by Google on 2026-04-11

[TBD][501646327] Medium CVE-2026-11136: Use after free in Canvas. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-04-11

[N/A][501647943] Medium CVE-2026-11137: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][501650354] Medium CVE-2026-11138: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][501650594] Medium CVE-2026-11139: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501659253] Medium CVE-2026-11140: Insufficient validation of untrusted input in Chromecast. Reported by Google on 2026-04-11

[N/A][501667839] Medium CVE-2026-11141: Uninitialized Use in Audio. Reported by Google on 2026-04-11

[N/A][501668745] Medium CVE-2026-11142: Policy bypass in Paint. Reported by Google on 2026-04-11

[N/A][501674219] Medium CVE-2026-11143: Heap buffer overflow in Extensions. Reported by Google on 2026-04-11

[N/A][501676175] Medium CVE-2026-11144: Use after free in Media. Reported by Google on 2026-04-11

[N/A][501683745] Medium CVE-2026-11145: Race in Geolocation. Reported by Google on 2026-04-11

[N/A][501709220] Medium CVE-2026-11146: Insufficient validation of untrusted input in Chromoting. Reported by Google on 2026-04-11

[N/A][501731689] Medium CVE-2026-11147: Use after free in WebML. Reported by Google on 2026-04-11

[N/A][501738451] Medium CVE-2026-11148: Inappropriate implementation in Payments. Reported by Google on 2026-04-11

[N/A][501739206] Medium CVE-2026-11149: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-04-11

[N/A][501740299] Medium CVE-2026-11150: Inappropriate implementation in XML. Reported by Google on 2026-04-11

[N/A][501740323] Medium CVE-2026-11151: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-04-11

[N/A][501762953] Medium CVE-2026-11152: Object lifecycle issue in Dawn. Reported by Google on 2026-04-11

[N/A][501779840] Medium CVE-2026-11153: Side-channel information leakage in Forms. Reported by Google on 2026-04-12

[N/A][501789156] Medium CVE-2026-11154: Use after free in Dawn. Reported by Google on 2026-04-12

[N/A][501801823] Medium CVE-2026-11155: Insufficient policy enforcement in CSS. Reported by Google on 2026-04-12

[N/A][501810226] Medium CVE-2026-11156: Inappropriate implementation in CSS. Reported by Google on 2026-04-12

[N/A][501823385] Medium CVE-2026-11157: Script injection in Accessibility. Reported by Google on 2026-04-12

[N/A][501844153] Medium CVE-2026-11158: Insufficient validation of untrusted input in Downloads. Reported by Google on 2026-04-12

[N/A][501861921] Medium CVE-2026-11159: Uninitialized Use in Skia. Reported by Google on 2026-04-12

[N/A][501862016] Medium CVE-2026-11160: Out of bounds read in Input. Reported by Google on 2026-04-12

[N/A][501920294] Medium CVE-2026-11161: Insufficient data validation in DataTransfer. Reported by Google on 2026-04-12

[N/A][502035074] Medium CVE-2026-11162: Insufficient policy enforcement in CSS. Reported by Google on 2026-04-13

[N/A][502072755] Medium CVE-2026-11163: Use after free in Messages. Reported by Google on 2026-04-13

[N/A][502089411] Medium CVE-2026-11164: Use after free in Blink. Reported by Google on 2026-04-13

[N/A][502099949] Medium CVE-2026-11165: Use after free in WebMIDI. Reported by Google on 2026-04-13

[N/A][502118936] Medium CVE-2026-11166: Inappropriate implementation in SVG. Reported by Google on 2026-04-13

[N/A][502228856] Medium CVE-2026-11167: Inappropriate implementation in WebView. Reported by Google on 2026-04-13

[N/A][502256049] Medium CVE-2026-11168: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-13

[N/A][502285273] Medium CVE-2026-11169: Inappropriate implementation in XML. Reported by Google on 2026-04-13

[N/A][502322596] Medium CVE-2026-11170: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-13

[N/A][502322843] Medium CVE-2026-11171: Integer overflow in Blink. Reported by Google on 2026-04-13

[TBD][502328201] Medium CVE-2026-11172: Incorrect security UI in Contact Picker. Reported by mochazril.ti@gmail.com on 2026-04-14

[N/A][502337304] Medium CVE-2026-11173: Out of bounds write in V8. Reported by Google on 2026-04-14

[N/A][502348223] Medium CVE-2026-11174: Insufficient policy enforcement in Site Isolation. Reported by Google on 2026-04-14

[N/A][502368088] Medium CVE-2026-11175: Incorrect security UI in Messages. Reported by Google on 2026-04-14

[N/A][502371717] Medium CVE-2026-11176: Inappropriate implementation in Media. Reported by Google on 2026-04-14

[TBD][502449864] Medium CVE-2026-11177: Use after free in Omnibox. Reported by gevakun on 2026-04-14

[N/A][502501810] Medium CVE-2026-11178: Policy bypass in WebView. Reported by Google on 2026-04-14

[N/A][502615170] Medium CVE-2026-11179: Inappropriate implementation in ORB. Reported by Google on 2026-04-14

[N/A][502631225] Medium CVE-2026-11180: Policy bypass in SVG. Reported by Google on 2026-04-14

[N/A][502633299] Medium CVE-2026-11181: Inappropriate implementation in Media Session. Reported by Google on 2026-04-14

[N/A][502651014] Medium CVE-2026-11182: Inappropriate implementation in SVG. Reported by Google on 2026-04-14

[N/A][502768780] Medium CVE-2026-11183: Out of bounds read in GWP-ASan. Reported by Google on 2026-04-15

[N/A][502777516] Medium CVE-2026-11184: Insufficient policy enforcement in Actor. Reported by Google on 2026-04-15

[N/A][502784366] Medium CVE-2026-11185: Use after free in V8. Reported by Google on 2026-04-15

[N/A][502805170] Medium CVE-2026-11186: Inappropriate implementation in CSS. Reported by Google on 2026-04-15

[N/A][502819675] Medium CVE-2026-11187: Insufficient policy enforcement in Glic. Reported by Google on 2026-04-15

[N/A][502959826] Medium CVE-2026-11188: Use after free in USB. Reported by Google on 2026-04-15

[TBD][503197481] Medium CVE-2026-11189: Insufficient validation of untrusted input in DevTools. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab on 2026-04-16

[N/A][503375371] Medium CVE-2026-11190: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-16

[N/A][503392431] Medium CVE-2026-11191: Out of bounds memory access in ANGLE. Reported by Google on 2026-04-16

[N/A][503490678] Medium CVE-2026-11192: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-04-17

[N/A][503642586] Medium CVE-2026-11193: Insufficient policy enforcement in Password Manager. Reported by Google on 2026-04-17

[N/A][503719488] Medium CVE-2026-11194: Inappropriate implementation in Network. Reported by Google on 2026-04-17

[N/A][503865896] Medium CVE-2026-11195: Inappropriate implementation in MHTML. Reported by Google on 2026-04-17

[N/A][503879106] Medium CVE-2026-11196: Type Confusion in XML. Reported by Google on 2026-04-17

[TBD][504073872] Medium CVE-2026-11197: Insufficient policy enforcement in Workers. Reported by VEZEKA on 2026-04-19

[N/A][504395300] Medium CVE-2026-11198: Insufficient validation of untrusted input in Codecs. Reported by Google on 2026-04-20

[N/A][504572664] Medium CVE-2026-11199: Insufficient validation of untrusted input in WebRTC. Reported by Google on 2026-04-20

[N/A][504579798] Medium CVE-2026-11200: Inappropriate implementation in WebRTC. Reported by Google on 2026-04-20

[TBD][505068950] Medium CVE-2026-11201: Use after free in ServiceWorker. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-22

[N/A][505144022] Medium CVE-2026-11202: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-22

[N/A][505192638] Medium CVE-2026-11203: Policy bypass in GPU. Reported by Google on 2026-04-22

[N/A][505200733] Medium CVE-2026-11204: Inappropriate implementation in Signin. Reported by Google on 2026-04-22

[N/A][505290253] Medium CVE-2026-11205: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google on 2026-04-22

[TBD][505427216] Medium CVE-2026-11206: Policy bypass in ServiceWorker. Reported by David Bors, Catalin Iovita on 2026-04-23

[N/A][506127858] Medium CVE-2026-11207: Insufficient validation of untrusted input in Autofill. Reported by Google on 2026-04-24

[N/A][506387278] Medium CVE-2026-11208: Use after free in Codecs. Reported by Google on 2026-04-25

[N/A][506391032] Medium CVE-2026-11209: Insufficient policy enforcement in Passwords. Reported by Google on 2026-04-25

[N/A][506473226] Medium CVE-2026-11210: Insufficient policy enforcement in Safe Browsing. Reported by Google on 2026-04-25

[N/A][506629455] Medium CVE-2026-11211: Integer overflow in V8. Reported by Google on 2026-04-26

[N/A][507216833] Medium CVE-2026-11212: Insufficient policy enforcement in DevTools. Reported by Google on 2026-04-28

[N/A][507382702] Medium CVE-2026-11213: Insufficient validation of untrusted input in Reading Mode. Reported by Google on 2026-04-28

[N/A][508257850] Medium CVE-2026-11214: Inappropriate implementation in Chrome for iOS. Reported by Google on 2026-04-30

[N/A][513446116] Medium CVE-2026-11215: Inappropriate implementation in Cronet. Reported by Google on 2026-05-15

[$3000][474583539] Low CVE-2026-11216: Incorrect security UI in File Input. Reported by Azza Tegar Naufal Ataullah on 2026-01-10

[$3000][487564032] Low CVE-2026-11217: Insufficient policy enforcement in Fenced Frames. Reported by Tianyi Hu on 2026-02-25

[$2000][476862276] Low CVE-2026-11218: Inappropriate implementation in PlatformIntegration. Reported by Han Liu (Xi’an Jiaotong University, School of Cyber Science and Engineering)
on 2026-01-19

[$2000][480074849] Low CVE-2026-11219: Insufficient data validation in Navigation. Reported by Bharat (mrnoob) on 2026-01-30

[$2000][487300831] Low CVE-2026-11220: Insufficient validation of untrusted input in Navigation. Reported by Tianyi Hu on 2026-02-24

[$1500][492211919] Low CVE-2026-11221: Insufficient validation of untrusted input in PointerLock. Reported by mihalis.haatainen@bountyy.fi on 2026-03-12

[$1000][458442542] Low CVE-2026-11222: Incorrect security UI in Tab Strip. Reported by Hafiizh on 2025-11-07

[$1000][494800494] Low CVE-2026-11223: Insufficient validation of untrusted input in Network. Reported by Tianyi Hu on 2026-03-21

[$500][502461760] Low CVE-2026-11224: Use after free in Chromoting. Reported by David Bors, Catalin Iovita on 2026-04-14

[$500][503346647] Low CVE-2026-11225: Incorrect security UI in WebUI. Reported by Tareq Ahamed - itztrq on 2026-04-16

[N/A][385662278] Low CVE-2026-11226: Insufficient policy enforcement in PreviewTab. Reported by Google on 2020-03-05

[TBD][448421954] Low CVE-2026-11227: Incorrect security UI in Tab Hover Cards. Reported by Hafiizh on 2025-10-01

[TBD][454484864] Low CVE-2026-11228: Incorrect security UI in File Input. Reported by Umar Farooq on 2025-10-23

[TBD][482713603] Low CVE-2026-11229: Insufficient policy enforcement in Enterprise. Reported by Povcfe of Tencent Security Xuanwu Lab on 2026-02-08

[N/A][493225428] Low CVE-2026-11230: Use after free in Extensions. Reported by Google on 2026-03-16

[N/A][495840862] Low CVE-2026-11231: Inappropriate implementation in Safe Browsing. Reported by Google on 2026-03-24

[N/A][495981782] Low CVE-2026-11232: Inappropriate implementation in TabGroups. Reported by Google on 2026-03-25

[N/A][496088449] Low CVE-2026-11233: Insufficient validation of untrusted input in FoldableAPIs. Reported by Google on 2026-03-25

[N/A][496095145] Low CVE-2026-11234: Insufficient policy enforcement in FoldableAPIs. Reported by Google on 2026-03-25

[N/A][496419374] Low CVE-2026-11235: Insufficient validation of untrusted input in Compositing. Reported by Google on 2026-03-26

[N/A][496427030] Low CVE-2026-11236: Insufficient policy enforcement in Web Bluetooth. Reported by Google on 2026-03-26

[N/A][496617698] Low CVE-2026-11237: Insufficient validation of untrusted input in Media. Reported by Google on 2026-03-26

[N/A][496705691] Low CVE-2026-11238: Inappropriate implementation in DevTools. Reported by Google on 2026-03-26

[N/A][497025738] Low CVE-2026-11239: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-03-27

[N/A][497030032] Low CVE-2026-11240: Insufficient validation of untrusted input in Loader. Reported by Google on 2026-03-27

[N/A][497203741] Low CVE-2026-11241: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-03-28

[N/A][497385823] Low CVE-2026-11242: Insufficient validation of untrusted input in Plugins. Reported by Google on 2026-03-29

[N/A][497394061] Low CVE-2026-11243: Incorrect security UI in Downloads. Reported by Google on 2026-03-29

[N/A][497609145] Low CVE-2026-11244: Insufficient validation of untrusted input in WebAuthentication. Reported by Google on 2026-03-30

[N/A][497610654] Low CVE-2026-11245: Inappropriate implementation in Payments. Reported by Google on 2026-03-30

[N/A][497660733] Low CVE-2026-11246: Insufficient validation of untrusted input in IndexedDB. Reported by Google on 2026-03-30

[N/A][497865734] Low CVE-2026-11247: Insufficient policy enforcement in CustomTabs. Reported by Google on 2026-03-30

[N/A][497946941] Low CVE-2026-11248: Policy bypass in Google Lens. Reported by Google on 2026-03-30

[N/A][497989379] Low CVE-2026-11249: Use after free in Network. Reported by Google on 2026-03-31

[N/A][498281224] Low CVE-2026-11250: Inappropriate implementation in DevTools. Reported by Google on 2026-03-31

[N/A][498301853] Low CVE-2026-11251: Insufficient validation of untrusted input in Password Manager. Reported by Google on 2026-03-31

[N/A][498373018] Low CVE-2026-11252: Policy bypass in Content Settings. Reported by Google on 2026-04-01

[N/A][498397912] Low CVE-2026-11253: Race in Permissions. Reported by Google on 2026-04-01

[N/A][498405554] Low CVE-2026-11254: Inappropriate implementation in Permissions. Reported by Google on 2026-04-01

[N/A][498417152] Low CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API. Reported by Google on 2026-04-01

[N/A][498856565] Low CVE-2026-11256: Out of bounds read in GPU. Reported by Google on 2026-04-02

[N/A][499051898] Low CVE-2026-11257: Inappropriate implementation in Browser. Reported by Google on 2026-04-02

[N/A][499078161] Low CVE-2026-11258: Inappropriate implementation in File System Access. Reported by Google on 2026-04-02

[N/A][499215943] Low CVE-2026-11259: Insufficient validation of untrusted input in Cast. Reported by Google on 2026-04-03

[N/A][499257860] Low CVE-2026-11260: Policy bypass in Permissions. Reported by Google on 2026-04-03

[N/A][499262832] Low CVE-2026-11261: Insufficient validation of untrusted input in PDF. Reported by Google on 2026-04-03

[N/A][499386363] Low CVE-2026-11262: Use after free in TabStrip. Reported by Google on 2026-04-03

[N/A][500044225] Low CVE-2026-11263: Insufficient policy enforcement in WebAuthentication. Reported by Google on 2026-04-06

[N/A][500099106] Low CVE-2026-11264: Policy bypass in Content Security Policy. Reported by Google on 2026-04-06

[N/A][500262869] Low CVE-2026-11265: Insufficient data validation in Autofill. Reported by Google on 2026-04-07

[N/A][500521311] Low CVE-2026-11266: Policy bypass in SafeBrowsing. Reported by Google on 2026-04-08

[N/A][500528267] Low CVE-2026-11267: Insufficient policy enforcement in Extensions. Reported by Google on 2026-04-08

[N/A][500528706] Low CVE-2026-11268: Uninitialized Use in ANGLE. Reported by Google on 2026-04-08

[N/A][500551122] Low CVE-2026-11269: Inappropriate implementation in Extensions. Reported by Google on 2026-04-08

[N/A][501504245] Low CVE-2026-11270: Inappropriate implementation in UI. Reported by Google on 2026-04-10

[N/A][501685207] Low CVE-2026-11271: Incorrect security UI in Passwords. Reported by Google on 2026-04-11

[N/A][501747321] Low CVE-2026-11272: Insufficient validation of untrusted input in Reading List. Reported by Google on 2026-04-11

[N/A][501757688] Low CVE-2026-11273: Insufficient validation of untrusted input in Omnibox. Reported by Google on 2026-04-11

[N/A][501760514] Low CVE-2026-11274: Inappropriate implementation in DOM Distiller. Reported by Google on 2026-04-11

[N/A][501763121] Low CVE-2026-11275: Insufficient policy enforcement in Page Info. Reported by Google on 2026-04-11

[N/A][501780338] Low CVE-2026-11276: Inappropriate implementation in Cast. Reported by Google on 2026-04-12

[N/A][501839664] Low CVE-2026-11277: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-12

[N/A][501859865] Low CVE-2026-11278: Inappropriate implementation in CustomTabs. Reported by Google on 2026-04-12

[N/A][501878477] Low CVE-2026-11279: Out of bounds read in DevTools. Reported by Google on 2026-04-12

[N/A][501892820] Low CVE-2026-11280: Insufficient validation of untrusted input in Signin. Reported by Google on 2026-04-12

[N/A][501900366] Low CVE-2026-11281: Integer overflow in Chromoting. Reported by Google on 2026-04-12

[N/A][502023400] Low CVE-2026-11282: Policy bypass in Sandbox. Reported by Google on 2026-04-13

[N/A][502069297] Low CVE-2026-11283: Policy bypass in Shortcuts. Reported by Google on 2026-04-13

[N/A][502073069] Low CVE-2026-11284: Side-channel information leakage in PerformanceAPIs. Reported by Google on 2026-04-13

[N/A][502090914] Low CVE-2026-11285: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-13

[N/A][502110170] Low CVE-2026-11286: Insufficient validation of untrusted input in Wallet. Reported by Google on 2026-04-13

[N/A][502173136] Low CVE-2026-11287: Insufficient validation of untrusted input in Navigation. Reported by Google on 2026-04-13

[N/A][502231588] Low CVE-2026-11288: Policy bypass in CSS. Reported by Google on 2026-04-13

[N/A][502239897] Low CVE-2026-11289: Side-channel information leakage in Paint. Reported by Google on 2026-04-13

[N/A][502264647] Low CVE-2026-11290: Integer overflow in WebView. Reported by Google on 2026-04-13

[N/A][502346855] Low CVE-2026-11291: Policy bypass in Android Autofill. Reported by Google on 2026-04-14

[N/A][502358901] Low CVE-2026-11292: Policy bypass in Blink. Reported by Google on 2026-04-14

[TBD][502362260] Low CVE-2026-11293: Use after free in Input. Reported by Weipeng Jiang (@Krace) of VRI on 2026-04-14

[N/A][502403953] Low CVE-2026-11294: Inappropriate implementation in Passwords. Reported by Google on 2026-04-14

[N/A][502444677] Low CVE-2026-11295: Inappropriate implementation in WebView. Reported by Google on 2026-04-14

[N/A][502493950] Low CVE-2026-11296: Inappropriate implementation in ImageCapture. Reported by Google on 2026-04-14

[N/A][502502017] Low CVE-2026-11297: Insufficient validation of untrusted input in Reader Mode. Reported by Google on 2026-04-14

[N/A][502503860] Low CVE-2026-11298: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-14

[TBD][502598424] Low CVE-2026-11299: Out of bounds read in Fonts. Reported by sharadboni@gmail.com on 2026-04-14

[N/A][503614310] Low CVE-2026-11300: Inappropriate implementation in Permissions. Reported by Google on 2026-04-17

[N/A][504180386] Low CVE-2026-11301: Out of bounds read in LiveCaption. Reported by Google on 2026-04-19

[N/A][504196549] Low CVE-2026-11302: Insufficient policy enforcement in Chrome for iOS. Reported by Google on 2026-04-19

[N/A][504416752] Low CVE-2026-11303: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504418475] Low CVE-2026-11304: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504545544] Low CVE-2026-11305: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504548949] Low CVE-2026-11306: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504551617] Low CVE-2026-11307: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][505945112] Low CVE-2026-11308: Inappropriate implementation in Extensions. Reported by Google on 2026-04-24

[N/A][506392934] Low CVE-2026-11309: Insufficient policy enforcement in History. Reported by Google on 2026-04-25

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

Dopamine 3.0.5

Dopamine

Door: digimezzo

31 Mei 2026 om 21:51

Added

Added an Adwaita theme, because GNU/Linux deserves some love.
Added Windows taskbar media controls accessible by hovering over the app icon in the taskbar
Added a "Refresh now" button to the main menu
Added ReplayGain support
Added option to show album name on the now playing page
Added possibility to edit the album cover

Changed

Discord Rich Presence says "Listening to" instead of "Playing"
Improved scaling of different parts of the user interface
Updated the Czech translation
Updated the German translation
Updated the Hebrew translation
Updated the Russian translation
Updated the Vietnamese translation

Fixed

Saving a rating to an MP3 file could create an ID3v1 tag, causing genres to be stored and displayed as their numeric ID3v1 code (e.g. "Eurodance" becoming "54")
It is not possible to edit songs from the Songs screen
There is no scroll bar in the smart playlist editor
Loop one does not work correctly when using gapless or crossfading playback
When exiting Dopamine, the Discord status doesn't disappear.
It's not always clear when Dopamine is refreshing the collection

P.S.: If you enjoy Dopamine, please consider donating via PayPal or buying me a coffee. Your support keeps the music going!

Early Stable Update for Desktop

Google Chrome

29 Mei 2026 om 21:52

The Stable channel has been updated to 149.0.7827.53/.54 for Windows and Mac as part of our early stable release to a small percentage of users. A full list of changes in this build is available in the log.

You can find more details about early Stable releases here.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

The paint.net domain has been secured

Paint.net

Door: Rick Brewster

29 Mei 2026 om 20:27

I just tweeted about this, but here’s the blog post version:

I GOT THE DOMAIN! I FINALLY GOT IT!!!!!!!!!!!!!

https://paint.net is now the website for Paint.NET! Well, once I get content migrated and redirects set up, etc. For the moment it’s just a “hey go over here to getpaint.net” redirect page.

Read the tweets for the rest of the story

Flowblade 2.24.2

Flowblade

Door: jliljebl

29 Mei 2026 om 08:36

Fixes crash with MLT version 7.38.

Stable Channel Update for Desktop

Google Chrome

29 Mei 2026 om 00:12

The Stable channel has been updated to 148.0.7778.216/217 for Windows and 148.0.7778.215/216 Mac and 148.0.7778.215 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

This update includes 151 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$43000][505077859] Critical CVE-2026-9872: Out of bounds write in GPU. Reported by cinzinga on 2026-04-21

[$43000][507365348] Critical CVE-2026-9873: Use after free in Network. Reported by cinzinga on 2026-04-28

[$11000][500609038] Critical CVE-2026-9874: Use after free in Dawn. Reported by Anonymous on 2026-04-08

[$5000][507508103] Critical CVE-2026-9875: Out of bounds read in WebGL. Reported by Anonymous on 2026-04-29

[TBD][493747593] Critical CVE-2026-9876: Use after free in WebGL. Reported by happy2me on 2026-03-18

[N/A][496445460] Critical CVE-2026-9877: Use after free in ANGLE. Reported by Google on 2026-03-26

[N/A][499054245] Critical CVE-2026-9878: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][499129768] Critical CVE-2026-9879: Out of bounds write in ANGLE. Reported by Google on 2026-04-03

[N/A][503615025] Critical CVE-2026-9880: Insufficient validation of untrusted input in WebGL. Reported by Google on 2026-04-17

[N/A][505140741] Critical CVE-2026-9881: Use after free in Bluetooth. Reported by Google on 2026-04-22

[N/A][506375217] Critical CVE-2026-9882: Integer overflow in ANGLE. Reported by Google on 2026-04-25

[N/A][506477192] Critical CVE-2026-9883: Use after free in Base. Reported by Google on 2026-04-25

[N/A][508289938] Critical CVE-2026-9884: Use after free in Browser. Reported by Google on 2026-04-30

[N/A][508452241] Critical CVE-2026-9885: Insufficient validation of untrusted input in UI. Reported by Google on 2026-05-01

[N/A][508456788] Critical CVE-2026-9886: Use after free in Base. Reported by Google on 2026-05-01

[N/A][511249104] Critical CVE-2026-9887: Use after free in Proxy. Reported by Google on 2026-05-08

[N/A][511715166] Critical CVE-2026-9888: Use after free in WebView. Reported by Google on 2026-05-10

[N/A][511727159] Critical CVE-2026-9889: Out of bounds read and write in Dawn. Reported by Google on 2026-05-10

[N/A][513135985] Critical CVE-2026-9890: Use after free in XR. Reported by Google on 2026-05-14

[N/A][513508128] Critical CVE-2026-9891: Use after free in Extensions. Reported by Google on 2026-05-15

[N/A][513948178] Critical CVE-2026-9892: Inappropriate implementation in Skia. Reported by Google on 2026-05-16

[N/A][513972075] Critical CVE-2026-9893: Use after free in Skia. Reported by Google on 2026-05-17

[$25000][507707838] High CVE-2026-9894: Use after free in GPU. Reported by tohafrit on 2026-04-29

[$3000][491685406] High CVE-2026-9895: Out of bounds read in GPU. Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-11

[$500][508811474] High CVE-2026-9896: Out of bounds write in V8. Reported by 303f06e3 on 2026-05-02

[N/A][496271580] High CVE-2026-9897: Use after free in DOM. Reported by Google on 2026-03-25

[N/A][496282591] High CVE-2026-9898: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-25

[N/A][497533569] High CVE-2026-9899: Use after free in ANGLE. Reported by Google on 2026-03-29

[N/A][497637277] High CVE-2026-9900: Out of bounds write in ANGLE. Reported by Google on 2026-03-30

[N/A][497737770] High CVE-2026-9901: Use after free in ANGLE. Reported by Google on 2026-03-30

[N/A][498205735] High CVE-2026-9902: Use after free in Accessibility. Reported by Google on 2026-03-31

[N/A][498783665] High CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation. Reported by Google on 2026-04-02

[N/A][498804020] High CVE-2026-9904: Use after free in ANGLE. Reported by Google on 2026-04-02

[N/A][498883610] High CVE-2026-9905: Use after free in Accessibility. Reported by Google on 2026-04-02

[N/A][499005260] High CVE-2026-9906: Out of bounds write in GPU. Reported by Google on 2026-04-02

[N/A][499091269] High CVE-2026-9907: Out of bounds read in Dawn. Reported by Google on 2026-04-03

[N/A][499091328] High CVE-2026-9908: Out of bounds read in ANGLE. Reported by Google on 2026-04-03

[N/A][499152771] High CVE-2026-9909: Integer overflow in Skia. Reported by Google on 2026-04-03

[N/A][499176133] High CVE-2026-9910: Out of bounds memory access in ANGLE. Reported by Google on 2026-04-03

[N/A][499205491] High CVE-2026-9911: Integer overflow in ANGLE. Reported by Google on 2026-04-03

[N/A][499873765] High CVE-2026-9912: Inappropriate implementation in GPU. Reported by Google on 2026-04-06

[N/A][500046096] High CVE-2026-9913: Inappropriate implementation in ANGLE. Reported by Google on 2026-04-06

[N/A][500047428] High CVE-2026-9914: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-06

[N/A][500063836] High CVE-2026-9915: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-06

[N/A][500080303] High CVE-2026-9916: Out of bounds write in ANGLE. Reported by Google on 2026-04-06

[N/A][500095304] High CVE-2026-9917: Uninitialized Use in WebGL. Reported by Google on 2026-04-06

[N/A][500099471] High CVE-2026-9918: Inappropriate implementation in Tint. Reported by Google on 2026-04-06

[N/A][500114058] High CVE-2026-9919: Out of bounds read in WebGL. Reported by Google on 2026-04-06

[N/A][500138014] High CVE-2026-9920: Uninitialized Use in GPU. Reported by Google on 2026-04-07

[N/A][500150338] High CVE-2026-9921: Uninitialized Use in WebGL. Reported by Google on 2026-04-07

[N/A][500187083] High CVE-2026-9922: Use after free in GPU. Reported by Google on 2026-04-07

[N/A][500393328] High CVE-2026-9923: Use after free in Skia. Reported by Google on 2026-04-07

[N/A][500398345] High CVE-2026-9924: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-07

[N/A][500536458] High CVE-2026-9925: Use after free in ANGLE. Reported by Google on 2026-04-08

[N/A][500540748] High CVE-2026-9926: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-08

[N/A][500540958] High CVE-2026-9927: Use after free in ANGLE. Reported by Google on 2026-04-08

[TBD][501125002] High CVE-2026-9928: Out of bounds read in ANGLE. Reported by Jeff Muizelaar - Mozilla on 2026-04-09

[N/A][501367791] High CVE-2026-9929: Inappropriate implementation in WebGL. Reported by Google on 2026-04-10

[N/A][501499832] High CVE-2026-9930: Out of bounds write in Dawn. Reported by Google on 2026-04-10

[N/A][501524262] High CVE-2026-9931: Use after free in GPU. Reported by Google on 2026-04-10

[N/A][501563323] High CVE-2026-9932: Use after free in ANGLE. Reported by Google on 2026-04-11

[N/A][501575979] High CVE-2026-9933: Use after free in Input. Reported by Google on 2026-04-11

[N/A][501576946] High CVE-2026-9934: Use after free in Aura. Reported by Google on 2026-04-11

[N/A][501584689] High CVE-2026-9935: Uninitialized Use in ANGLE. Reported by Google on 2026-04-11

[N/A][502104354] High CVE-2026-9936: Use after free in GFX. Reported by Google on 2026-04-13

[N/A][502112506] High CVE-2026-9937: Use after free in UI. Reported by Google on 2026-04-13

[N/A][502300817] High CVE-2026-9938: Inappropriate implementation in V8. Reported by Google on 2026-04-13

[N/A][502735235] High CVE-2026-9939: Heap buffer overflow in WebCodecs. Reported by Google on 2026-04-15

[N/A][502738003] High CVE-2026-9940: Heap buffer overflow in ANGLE. Reported by Google on 2026-04-15

[N/A][502812366] High CVE-2026-9941: Use after free in ANGLE. Reported by Google on 2026-04-15

[N/A][503438092] High CVE-2026-9942: Uninitialized Use in ANGLE. Reported by Google on 2026-04-16

[N/A][503464551] High CVE-2026-9943: Out of bounds read in WebGL. Reported by Google on 2026-04-16

[N/A][503471286] High CVE-2026-9944: Uninitialized Use in ANGLE. Reported by Google on 2026-04-16

[N/A][503565293] High CVE-2026-9945: Use after free in Media. Reported by Google on 2026-04-17

[N/A][503596863] High CVE-2026-9946: Use after free in ANGLE. Reported by Google on 2026-04-17

[N/A][503627446] High CVE-2026-9947: Use after free in XML. Reported by Google on 2026-04-17

[N/A][503790201] High CVE-2026-9948: Use after free in Views. Reported by Google on 2026-04-17

[N/A][503793153] High CVE-2026-9949: Use after free in Core. Reported by Google on 2026-04-17

[N/A][503862359] High CVE-2026-9950: Insufficient validation of untrusted input in iOS. Reported by Google on 2026-04-17

[N/A][503873388] High CVE-2026-9951: Use after free in UI. Reported by Google on 2026-04-17

[N/A][503929476] High CVE-2026-9952: Use after free in WebAudio. Reported by Google on 2026-04-18

[N/A][503985322] High CVE-2026-9953: Out of bounds read in ANGLE. Reported by Google on 2026-04-18

[TBD][504175497] High CVE-2026-9954: Use after free in TabStrip. Reported by yueliu of Microsoft on 2026-04-19

[N/A][504184408] High CVE-2026-9955: Inappropriate implementation in iOS. Reported by Google on 2026-04-19

[N/A][504195132] High CVE-2026-9956: Use after free in iOS. Reported by Google on 2026-04-19

[N/A][504516117] High CVE-2026-9957: Use after free in PDF. Reported by Google on 2026-04-20

[N/A][504555886] High CVE-2026-9958: Use after free in PDFium. Reported by Google on 2026-04-20

[N/A][504557432] High CVE-2026-9959: Race in WebRTC. Reported by Google on 2026-04-20

[N/A][504573260] High CVE-2026-9960: Integer overflow in PDFium. Reported by Google on 2026-04-20

[N/A][504710769] High CVE-2026-9961: Use after free in SurfaceCapture. Reported by Google on 2026-04-20

[N/A][504716948] High CVE-2026-9962: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][505143241] High CVE-2026-9963: Uninitialized Use in iOS. Reported by Google on 2026-04-22

[N/A][505190999] High CVE-2026-9964: Use after free in Bluetooth. Reported by Google on 2026-04-22

[N/A][506377574] High CVE-2026-9965: Out of bounds write in ANGLE. Reported by Google on 2026-04-25

[N/A][506388321] High CVE-2026-9966: Integer overflow in XML. Reported by Google on 2026-04-25

[N/A][506414791] High CVE-2026-9967: Out of bounds write in GPU. Reported by Google on 2026-04-25

[N/A][506499280] High CVE-2026-9968: Integer overflow in V8. Reported by Google on 2026-04-25

[N/A][506550494] High CVE-2026-9969: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-04-26

[TBD][506653647] High CVE-2026-9970: Use after free in WebGL. Reported by TFGC on 2026-04-26

[N/A][508448586] High CVE-2026-9971: Inappropriate implementation in iOS. Reported by Google on 2026-05-01

[N/A][508463705] High CVE-2026-9972: Uninitialized Use in Gamepad. Reported by Google on 2026-05-01

[TBD][509268941] High CVE-2026-9973: Out of bounds write in V8. Reported by amyb of OpenAI on 2026-05-04

[N/A][511710468] High CVE-2026-9974: Out of bounds write in GPU. Reported by Google on 2026-05-10

[N/A][511719039] High CVE-2026-9975: Out of bounds read and write in ANGLE. Reported by Google on 2026-05-10

[N/A][511732828] High CVE-2026-9976: Inappropriate implementation in USB. Reported by Google on 2026-05-10

[N/A][511741173] High CVE-2026-9977: Insufficient validation of untrusted input in WebShare. Reported by Google on 2026-05-10

[N/A][511741396] High CVE-2026-9978: Use after free in Glic. Reported by Google on 2026-05-10

[N/A][511742228] High CVE-2026-9979: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-10

[N/A][511776372] High CVE-2026-9980: Insufficient validation of untrusted input in Printing. Reported by Google on 2026-05-10

[N/A][512995705] High CVE-2026-9981: Inappropriate implementation in Skia. Reported by Google on 2026-05-13

[N/A][513001247] High CVE-2026-9982: Insufficient validation of untrusted input in ANGLE. Reported by Google on 2026-05-13

[N/A][513001309] High CVE-2026-9983: Type Confusion in Skia. Reported by Google on 2026-05-14

[N/A][513002543] High CVE-2026-9984: Use after free in UI. Reported by Google on 2026-05-14

[N/A][513019760] High CVE-2026-9985: Insufficient validation of untrusted input in Media. Reported by Google on 2026-05-14

[N/A][513028160] High CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide. Reported by Google on 2026-05-14

[N/A][513046475] High CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google on 2026-05-14

[N/A][513049286] High CVE-2026-9988: Use after free in WebRTC. Reported by Google on 2026-05-14

[N/A][513054053] High CVE-2026-9989: Inappropriate implementation in Media. Reported by Google on 2026-05-14

[N/A][513128608] High CVE-2026-9990: Use after free in WebAppInstalls. Reported by Google on 2026-05-14

[N/A][513173565] High CVE-2026-9991: Inappropriate implementation in Media. Reported by Google on 2026-05-14

[N/A][513177826] High CVE-2026-9992: Use after free in Network. Reported by Google on 2026-05-14

[N/A][513208588] High CVE-2026-9993: Use after free in Views. Reported by Google on 2026-05-14

[N/A][513235131] High CVE-2026-9994: Use after free in Core. Reported by Google on 2026-05-14

[N/A][513256572] High CVE-2026-9995: Use after free in WebXR. Reported by Google on 2026-05-14

[N/A][513268100] High CVE-2026-9996: Out of bounds read in WebRTC. Reported by Google on 2026-05-14

[N/A][513324041] High CVE-2026-9997: Use after free in Input. Reported by Google on 2026-05-14

[N/A][513337118] High CVE-2026-9998: Integer overflow in Skia. Reported by Google on 2026-05-14

[N/A][513364480] High CVE-2026-9999: Inappropriate implementation in ANGLE. Reported by Google on 2026-05-15

[N/A][513505608] High CVE-2026-10000: Use after free in Passwords. Reported by Google on 2026-05-15

[N/A][513505927] High CVE-2026-10001: Use after free in PerformanceManager. Reported by Google on 2026-05-15

[N/A][513536416] High CVE-2026-10002: Use after free in PDFium. Reported by Google on 2026-05-15

[N/A][513609324] High CVE-2026-10003: Use after free in Views. Reported by Google on 2026-05-15

[N/A][513730012] High CVE-2026-10004: Insufficient validation of untrusted input in Passwords. Reported by Google on 2026-05-16

[N/A][513750089] High CVE-2026-10005: Use after free in WebAppInstalls. Reported by Google on 2026-05-16

[N/A][513750691] High CVE-2026-10006: Race in WebAudio. Reported by Google on 2026-05-16

[N/A][513754619] High CVE-2026-10007: Use after free in SVG. Reported by Google on 2026-05-16

[N/A][513768979] High CVE-2026-10008: Uninitialized Use in GPU. Reported by Google on 2026-05-16

[N/A][513973560] High CVE-2026-10009: Integer overflow in Skia. Reported by Google on 2026-05-17

[N/A][513995565] High CVE-2026-10010: Inappropriate implementation in Input. Reported by Google on 2026-05-17

[N/A][514017326] High CVE-2026-10011: Inappropriate implementation in Skia. Reported by Google on 2026-05-17

[N/A][514063977] High CVE-2026-10012: Use after free in Skia. Reported by Google on 2026-05-17

[N/A][514715455] High CVE-2026-10013: Use after free in WebCodecs. Reported by Google on 2026-05-19

[N/A][514742327] High CVE-2026-10014: Use after free in WebMIDI. Reported by Google on 2026-05-19

[N/A][514746176] High CVE-2026-10015: Integer overflow in WTF. Reported by Google on 2026-05-19

[TBD][515155946] High CVE-2026-10016: Use after free in DOM. Reported by pwn2addr on 2026-05-20

[$3000][504156069] Medium CVE-2026-10017: Out of bounds read in Headless. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-04-19

[$2000][504175501] Medium CVE-2026-10018: Integer overflow in ANGLE. Reported by Rahul Raj on 2026-04-19

[$2000][505056913] Medium CVE-2026-10019: Integer overflow in ANGLE. Reported by Mufeed VH from Winfunc Research (winfunc.com) on 2026-04-21

[N/A][496565479] Medium CVE-2026-10020: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-03-26

[N/A][497327715] Medium CVE-2026-10021: Insufficient validation of untrusted input in USB. Reported by Google on 2026-03-29

[TBD][513289241] Medium CVE-2026-10022: Type Confusion in V8. Reported by ggwhyp on 2026-05-14

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

30.0.4

Draw.io

Door: github-actions[bot]

27 Mei 2026 om 19:35

Releases Notes for 30.0.4

Windows Installer
Windows No Installer (zip)
macOS - Universal
Linux - deb, AppImage or rpm

Windows intel x32 releases are marked -ia32-

ChangeLog:

Uses electron 42.3.0
Updates to draw.io core 30.0.4.

Firefox

Mozilla Firefox

11 Juni 2026 om 16:15

Fixed

Fixed an issue on macOS where smart cards and security keys could fail to load certificates automatically. (Bug 2041208)
Fixed an issue where adding another tab to an existing Split View could unexpectedly close it. (Bug 2039795)
Fixed an issue where Split View would close instead of switching tabs when using the "Switch to Tab" option from the address bar. (Bug 2039787)
Fixed a crash on Windows that occurred when using the Sogou input method to type Simplified Chinese. (Bug 2039203)
Fixed an issue where Firefox stopped caching new content once the disk cache was full, causing pages and resources to be re-downloaded from the network on every visit. (Bug 2031577)
Fixed an issue where some websites could render incorrectly or fail to load when they used JavaScript to insert WebKit-specific style rules. (Bug 2040693)
Fixed an issue where clicking and selecting text in some input fields and text areas did not work on pages that styled them with certain CSS rules. (Bug 2039504)
Fixed an issue where the up and down buttons on number input fields could overlap and hide the value when sites sized the field to fit its contents. (Bug 2039315)
Fixed an issue where sorting strings that include numbers could produce an incorrect order on some websites and web applications. (Bug 2027078)
Fixed an issue where dropdown menus would not open for <select> elements created inside an iframe and then moved into the parent page. (Bug 2041720)

Reference link to 151.0.1 release notes.

Paint.NET 5.2 Alpha (build 9641)

Paint.net

Door: Rick Brewster

25 Mei 2026 om 22:49

This is an updated alpha build for 5.2 that fixes a handful of issues and crashes.

You can read more about 5.2 and what it includes by reading the release notes for the first alpha.

Change Log

Changes since 5.2 Alpha (build 9625):

The selection will no longer be tinted when opening an effect or adjustment.
Improved the latency of the brush tool “preview cursor” by 1 frame.
Added some extra digits past the decimal place for the zoom level in the status bar.
Shortened the length of the animations used when closing an image or deleting a layer.
Fixed Edit -> Paste into New Image not setting the color profile, resulting in it always being sRGB.
Fixed a rare crash with the brush tools when adjusting the brush size. This crash could only be reproduced with external automation (e.g. macro record/playback with AutoHotKey).
Fixed copy/paste sometimes adding an extra row or column of pixels around the edge of the image due to bad rounding after floating point precision drift.
Fixed a crash when pasting images that are CMYK, or which have a LUT-based color profile, or a mismatched color profile (e.g. CMYK profile on RGB image).
Fixed some issues with copy/paste of indexed (e.g. 8-bit palettized) images.
Fixed not being able to use new Effect plugins compiled against the 5.2 Alpha (build 9625) binaries.
Changed the package ZIPs so that they use forward slashes instead of backslashes, which simplifies working with these outside of Windows (e.g. for WINE porting effort).

Download and Install

This build is available via the built-in updater as long as you have opted-in to pre-release updates. From within Settings -> Updates, enable “Also check for pre-release (beta) versions of paint.net” and then click on the Check Now button. You can also use the links below to download an offline installer or portable ZIP.

You can also download the installer here (for any supported CPU and OS), which is also where you can find downloads for offline installers, portable ZIPs, and deployable MSIs.

CPU-Z 2.20.1

CPU-Z

15 Mei 2026 om 00:00

AMD Ryzen 7 7700X3D (Raphael) (2.20.1).
AMD Ryzen AI Max+ 495, 492, 488 (Gorgon Halo).
AMD Ryzen AI Max 490, 485 (Gorgon Halo).
AMD Ryzen AI Max PRO 495, 490, 485, 480 (Gorgon Halo).
AMD Ryzen 9 9950X3D2 (Granite Ridge).
AMD Ryzen 9 PRO 9965X3D, PRO 9945 (Granite Ridge).
AMD Ryzen 7 PRO 9755, PRO 9745 (Granite Ridge).
AMD Ryzen 5 PRO 9645 (Granite Ridge).
AMD Ryzen AI 7/PRO 450G/GE (Gorgon Point 2).
AMD Ryzen AI 5/PRO 440G/GE (Gorgon Point 2).
AMD Ryzen AI 5/PRO 435G/GE (Gorgon Point 3).
AMD Ryzen AI Max+ 392 (Strix Halo).
Intel Core Ultra 5 250KF Plus (Arrow Lake Refresh).
Intel Core 7 360 and 350 (Wildcat Lake).
Intel Core 5 330, 320 and 315 (Wildcat Lake).
Intel Core 3 304 (Wildcat Lake).
Intel Core 9 273PQE, 273PTE, 273PE (Bartlett Lake).
Intel Core 7 253PQE, 253PTE, 253PE, 251TE, 251E (Bartlett Lake).
Intel Core 5 223PQE, 223PTE, 223PE, 221TE, 221E, 213PTE, 213PE, 211TE, 211E (Bartlett Lake).
Intel Core 3 201TE, 201E (Bartlett Lake).
Intel Arc Pro B70 and B65 (BMG-G31).
Intel Arc Pro B60 and B50 (BMG-G21).
Support of HUDIMM and HSODIMM memory modules.

Firefox

Mozilla Firefox

11 Juni 2026 om 16:15

Fixed

Fixed a crash experienced by users with Intel Raptor Lake CPUs. (Bug 1950764)
Fixed an issue on Windows where some websites using WebSerial to flash device firmware could fail unexpectedly. (Bug 2040754)

Reference link to 151.0 release notes.

Early Stable Update for Desktop

Google Chrome

21 Mei 2026 om 17:47

The Stable channel has been updated to 149.0.7827.22/.23 for Windows and Mac (149.0.7827.29/.30) ,as part of our early stable release to a small percentage of users. A full list of changes in this build is available in the log.

You can find more details about early Stable releases here.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

Stable Channel Update for Desktop

Google Chrome

20 Mei 2026 om 21:09

The Stable channel has been updated to 148.0.7778.178/179 for Windows/Mac and 148.0.7778.178 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 16 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[N/A][504551032] Critical CVE-2026-9111: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][503551154] Critical CVE-2026-9110: Inappropriate implementation in UI. Reported by Google on 2026-04-20

[$11000][489791425] High CVE-2026-9112: Use after free in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-05

[$3000][489585044] High CVE-2026-9113: Out of bounds read in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04

[N/A][495798630] High CVE-2026-9114: Use after free in QUIC. Reported by Google on 2026-03-24

[N/A][495999481] High CVE-2026-9115: Insufficient policy enforcement in Service Worker. Reported by Google on 2026-03-25

[N/A][497436273] High CVE-2026-9116: Insufficient policy enforcement in ServiceWorker. Reported by Google on 2026-03-29

[N/A][497542537] High CVE-2026-9117: Type Confusion in GFX. Reported by Google on 2026-04-01

[N/A][498702233] High CVE-2026-9118: Use after free in XR. Reported by Google on 2026-04-14

[N/A][502661101] High CVE-2026-9119: Heap buffer overflow in WebRTC. Reported by Google on 2026-04-17

[N/A][504620824] High CVE-2026-9120: Use after free in WebRTC. Reported by Google on 2026-04-20

[N/A][496280532] Medium CVE-2026-9126: Use after free in DOM. Reported by Google on 2026-03-25

[TBD][488064108] Medium CVE-2026-9121: Out of bounds read in GPU. Reported by David Korczynski (Adalogics) on 2026-02-26

[TBD][489579953] Medium CVE-2026-9122: Out of bounds read in GPU. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-04

[N/A][495988507] Medium CVE-2026-9123: Heap buffer overflow in Chromecast. Reported by Google on 2026-03-25

[N/A][496375695] Medium CVE-2026-9124: Insufficient validation of untrusted input in Input. Reported by Google on 2026-03-29

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

Firefox

Mozilla Firefox

11 Juni 2026 om 16:15

New

Firefox Home (New Tab) has a fresh, new look and feel. The layout and design will enable upcoming features, from widgets to shortcuts improvements, launching between 151 and 152. Included are some new and exciting Wallpapers, such as the one below. Use the pencil icon in the lower right to check them out.
Private Browsing Mode now allows you to instantly clear all data from your current session without closing the entire window. When you select the End Private Session button (the fire icon) to the right of the URL bar, Firefox will ask you to confirm to clear your session. Once confirmed, it will wipe all of your private browsing data and open a fresh new Private Browsing Mode session for you.
Firefox now strengthens protection against fingerprinting in Standard Enhanced Tracking Protection, making it harder for websites to track you across sites by limiting the amount of information revealed about your device and browser. This reduces the number of users uniquely identifiable by common fingerprinting techniques by an average of ~14%, and by ~49% on macOS.
You can now merge multiple PDFs directly in Firefox PDF. Combine separate PDF files into a single document without ever leaving Firefox or relying on third-party tools.
The Translations page (about:translations) is now accessible through the More Tools section of the Application Menu.
Local Firefox profile backups are now available on Linux in addition to Windows, and you can restore them across platforms.
On macOS, URLs copied from iOS devices using Apple’s Universal Clipboard now paste correctly in Firefox.
On macOS, dropdown menus on web pages now use the native macOS menu style, matching the look and behavior of the rest of the system.
Address Autofill is enabled for users in the Netherlands.
Firefox’s built-in VPN now lets you choose your browsing location, giving you more control over how and where your traffic appears online. You can select from available countries or use Recommended to automatically choose the best connection for your network.

This feature is part of a progressive roll out.

What is a progressive roll out?

Certain new Firefox features are released gradually. This means some users will see the feature before everyone does. This approach helps to get early feedback to catch bugs and improve behavior quickly, meaning more Firefox users overall have a better experience.

Fixed

Fixed incorrect screen resolution reporting to websites in multi-monitor setups.
Fixed an issue on macOS where maximized Firefox windows could reopen on the wrong monitor after relaunching in multi-monitor setups.
Improved color management for copied and pasted images on macOS.
Various security fixes.

Changed

The search bar in Firefox Settings (about:preferences) is now larger and spans the full width of the settings content area, making it easier to find options.
Extensions and Themes installed in a Firefox Desktop profile directory will be restored successfully after the profile directory is moved or restored to a different location or a different operating system.
Geolocation on Windows now respects the user's Windows location permission setting, instead of overriding it, when the user grants location permission to a page. Firefox will ask users to enable the Windows permission if it is needed.

Enterprise

You can find information about policy updates and enterprise-specific bug fixes in the Firefox for Enterprise 151 Release Notes.

Developer

Developer Information

Web Platform

You can now manage microcontrollers that support serial communications in Firefox via the Web Serial API. This lets you program microcontrollers and development boards, such as ESP devices, Raspberry Pi Picos, 3D printers, CNC machines, and other devices. Web Serial can be used in Extensions, but not from moz-extension contexts at this time.
Local network access restrictions are now rolling out to all users. Firefox requires websites to request permission before connecting to devices on your local network or to apps and services on your device. Previously, this protection was limited to users with Enhanced Tracking Protection set to Strict.

This feature is part of a progressive roll out.

What is a progressive roll out?

Certain new Firefox features are released gradually. This means some users will see the feature before everyone does. This approach helps to get early feedback to catch bugs and improve behavior quickly, meaning more Firefox users overall have a better experience.
The new Fullscreen Keyboard Lock API adds an optional argument to requestFullscreen that allows websites to request that while fullscreen, pressing the Escape key will no longer exit fullscreen (instead, a long-press is required), and certain formerly-reserved browser hotkeys are allowed to be default-prevented.
Firefox improves the rendering of absolutely positioned elements across multi-column containers and when printing, producing more accurate positioning and fragmentation.
@container rules now allow specifying a list of container query conditions rather than a single condition.
Firefox now supports container style queries, allowing styles to be applied to an element based on the computed values of its container's custom properties. This can be done by using one or more style() functions inside @container rules.
A new CSSContainerRule.conditions property was introduced, holding an array of all container query conditions. This new property is intended to replace CSSContainerRule.containerName and CSSContainerRule.containerQuery, which only supported a single name and query, making them deprecated.
Updated the behavior of implicit anchors in CSS Anchor Positioning. The position-anchor property now defaults to normal. When using position-area, implicit anchors are applied automatically, while popovers using anchor() or anchor-center now require position-anchor: auto to opt in.
Firefox now supports the Document Picture-in-Picture API, which allows web pages to place content in an always-on-top popup.
Temporary site permissions are now correctly reflected in the Permissions API.
Firefox now supports the declarative definition of slot assignment behavior for shadow roots.

Community Contributions

With the release of Firefox 151, we are pleased to welcome the developers who contributed their first code change to Firefox in this release, 37 of whom were brand new volunteers. Please join us in thanking each of these diligent and enthusiastic individuals, and take a look at their contributions:
- Allison Embrey: 1938268
- any1here: 2031162
- aoia7rz7l: 1978290, 1984679
- Armin Ulrich: 2031598
- Brandon Lucier: 2030631
- Chidimma Okoloigwe: 1901274
- Chukwuka Rosemary: 1846829, 1948019, 2026574, 2028153
- david.nicolson: 2026024
- DrSeed: 1962904, 1968244, 1982888
- EJiro Oghenekome: 1910902, 1938466, 1952061
- gotyaoi: 1807516
- Hailia: 2016934
- Itoro James: 1936929, 2015491
- japandi: 1977741, 1986020, 2015071
- John Iweh: 1997925, 2027867
- jonathancabera: 2012399, 2016058, 2026032
- Keji Bakare: 2006572, 2008756, 2025287, 2031116
- Kevin Doughty: 1984925
- kofoworola shonuyi: 1999012, 2019901, 2028293
- konyhéa: 1856191, 1876108, 1883497, 1891970, 2014334, 2030069
- Mary cathline: 2022115
- Miha Lepej [:lepko]: 2026335, 2029254
- mozilla.7fhrv: 2023374
- Noble Chinonso: 1945835, 1953621, 2019235, 2025701, 2028628
- Okhuomon Ajayi: 2018272, 2026649, 2029684
- Oluwatobi: 1975391, 2019936, 2023913
- Osoble: 1876109
- Philipp Hancke [:fippo]: 1056433, 2028060
- Pranjali Srivastava: 944228, 1874155, 2009917
- Rishan: 2030428
- ROSHAAN: 1997346, 2018276, 2028927
- Sameeksha: 2008178, 2021421
- Sayd Mateen: 2021681
- SuGotLand: 2025558
- tk: 1826983
- Vector: 2008128
- wenzhao: 2031373

30.0.2

Draw.io

Door: github-actions[bot]

18 Mei 2026 om 17:35

Releases Notes for 30.0.2

Windows Installer
Windows No Installer (zip)
macOS - Universal
Linux - deb, AppImage or rpm

Windows intel x32 releases are marked -ia32-

ChangeLog:

Uses electron 42.1.0
Updates to draw.io core 30.0.2.

CPU-Z 2.20

CPU-Z

14 Mei 2026 om 16:00

AMD Ryzen AI Max+ 495, 492, 488 (Gorgon Halo).
AMD Ryzen AI Max 490, 485 (Gorgon Halo).
AMD Ryzen AI Max PRO 495, 490, 485, 480 (Gorgon Halo).
AMD Ryzen 9 9950X3D2 (Granite Ridge).
AMD Ryzen 9 PRO 9965X3D, PRO 9945 (Granite Ridge).
AMD Ryzen 7 PRO 9755, PRO 9745 (Granite Ridge).
AMD Ryzen 5 PRO 9645 (Granite Ridge).
AMD Ryzen AI 7/PRO 450G/GE (Gorgon Point 2).
AMD Ryzen AI 5/PRO 440G/GE (Gorgon Point 2).
AMD Ryzen AI 5/PRO 435G/GE (Gorgon Point 3).
AMD Ryzen AI Max+ 392 (Strix Halo).
Intel Core Ultra 5 250KF Plus (Arrow Lake Refresh).
Intel Core 7 360 and 350 (Wildcat Lake).
Intel Core 5 330, 320 and 315 (Wildcat Lake).
Intel Core 3 304 (Wildcat Lake).
Intel Core 9 273PQE, 273PTE, 273PE (Bartlett Lake).
Intel Core 7 253PQE, 253PTE, 253PE, 251TE, 251E (Bartlett Lake).
Intel Core 5 223PQE, 223PTE, 223PE, 221TE, 221E, 213PTE, 213PE, 211TE, 211E (Bartlett Lake).
Intel Core 3 201TE, 201E (Bartlett Lake).
Intel Arc Pro B70 and B65 (BMG-G31).
Intel Arc Pro B60 and B50 (BMG-G21).
Support of HUDIMM and HSODIMM memory modules.

Stable Channel Update for Desktop

Google Chrome

19 Mei 2026 om 00:10

The Stable channel has been updated to 148.0.7778.167/168 for Windows/Mac and 148.0.7778.167 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log

Security Fixes and Rewards

Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

This update includes 79 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.

[$43000][493310462] Critical CVE-2026-8509: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-03-17

[$25000][502636904] Critical CVE-2026-8510: Integer overflow in Skia. Reported by q@calif.io on 2026-04-14

[N/A][495108488] Critical CVE-2026-8511: Use after free in UI. Reported by Google on 2026-03-22

[N/A][495782021] Critical CVE-2026-8512: Use after free in FileSystem. Reported by Google on 2026-03-24

[N/A][495939973] Critical CVE-2026-8513: Use after free in Input. Reported by Google on 2026-03-25

[N/A][495948109] Critical CVE-2026-8514: Use after free in Aura. Reported by Google on 2026-03-25

[N/A][495999127] Critical CVE-2026-8515: Use after free in HID. Reported by Google on 2026-03-25

[N/A][496393078] Critical CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer. Reported by Google on 2026-03-26

[N/A][497531263] Critical CVE-2026-8517: Object lifecycle issue in WebShare. Reported by Google on 2026-03-29

[N/A][497830330] Critical CVE-2026-8518: Use after free in Blink. Reported by Google on 2026-03-30

[N/A][498400132] Critical CVE-2026-8519: Integer overflow in ANGLE. Reported by Google on 2026-04-01

[N/A][503619813] Critical CVE-2026-8520: Race in Payments. Reported by Google on 2026-04-17

[N/A][504106200] Critical CVE-2026-8521: Use after free in Tab Groups. Reported by Google on 2026-04-18

[N/A][504185107] Critical CVE-2026-8522: Use after free in Downloads. Reported by Google on 2026-04-19

[$25000][483956252] High CVE-2026-8523: Use after free in Mojo. Reported by Paul Seekamp / nullenc0de on 2026-02-12

[$10000][503425922] High CVE-2026-8558: Out of bounds write in Fonts. Reported by Matej Smycka on 2026-04-16

[$7000][499565267] High CVE-2026-8524: Out of bounds write in WebAudio. Reported by Brendan Dolan-Gavitt, XBOW on 2026-04-06

[$2000][497928952] High CVE-2026-8525: Heap buffer overflow in ANGLE. Reported by Nathaniel Oh (@calysteon) on 2026-03-30

[TBD][486536241] High CVE-2026-8526: Out of bounds write in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-22

[TBD][486761172] High CVE-2026-8527: Insufficient validation of untrusted input in Downloads. Reported by rachmat.abdul.ro on 2026-02-23

[N/A][490222151] High CVE-2026-8529: Heap buffer overflow in Codecs. Reported by Google on 2026-03-06

[N/A][491930142] High CVE-2026-8530: Use after free in Network. Reported by Google on 2026-03-11

[TBD][492350403] High CVE-2026-8531: Heap buffer overflow in WebML. Reported by Syn4pse on 2026-03-13

[N/A][492812194] High CVE-2026-8532: Integer overflow in XML. Reported by Google on 2026-03-14

[N/A][495247950] High CVE-2026-8533: Use after free in Accessibility. Reported by Google on 2026-03-23

[N/A][495314407] High CVE-2026-8534: Integer overflow in GPU. Reported by Google on 2026-03-23

[N/A][495530312] High CVE-2026-8535: Out of bounds read in Media. Reported by Google on 2026-03-23

[N/A][495857582] High CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode. Reported by Google on 2026-03-24

[N/A][495890000] High CVE-2026-8537: Insufficient policy enforcement in ViewTransitions. Reported by Google on 2026-03-24

[N/A][496415073] High CVE-2026-8538: Insufficient validation of untrusted input in GPU. Reported by Google on 2026-03-26

[TBD][496524586] High CVE-2026-8539: Script injection in SanitizerAPI. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po) on 2026-03-26

[TBD][496627235] High CVE-2026-8540: Type Confusion in V8. Reported by Google on 2026-03-26

[N/A][496645393] High CVE-2026-8541: Out of bounds read in UI. Reported by Google on 2026-03-26

[N/A][497066659] High CVE-2026-8542: Use after free in Core. Reported by Google on 2026-03-28

[N/A][497095799] High CVE-2026-8543: Out of bounds read in FileSystem. Reported by Google on 2026-03-28

[N/A][497151750] High CVE-2026-8544: Use after free in Media. Reported by Google on 2026-03-28

[N/A][497486030] High CVE-2026-8545: Object corruption in Compositing. Reported by Google on 2026-03-29

[N/A][497531791] High CVE-2026-8546: Out of bounds read in GPU. Reported by Google on 2026-03-29

[N/A][497632199] High CVE-2026-8547: Insufficient policy enforcement in Passwords. Reported by Google on 2026-03-30

[N/A][497821764] High CVE-2026-8548: Out of bounds write in Media. Reported by Google on 2026-03-30

[N/A][497985088] High CVE-2026-8549: Use after free in Media. Reported by Google on 2026-03-31

[N/A][498322453] High CVE-2026-8550: Use after free in Google Lens. Reported by Google on 2026-03-31

[N/A][498376171] High CVE-2026-8551: Use after free in Downloads. Reported by Google on 2026-04-01

[N/A][498706958] High CVE-2026-8552: Heap buffer overflow in GPU. Reported by Google on 2026-04-01

[N/A][498715368] High CVE-2026-8553: Use after free in GPU. Reported by Google on 2026-04-01

[N/A][499131214] High CVE-2026-8554: Type Confusion in ANGLE. Reported by Google on 2026-04-03

[N/A][500033878] High CVE-2026-8555: Use after free in GTK. Reported by Google on 2026-04-06

[N/A][500052361] High CVE-2026-8556: Inappropriate implementation in ANGLE. Reported by Google on 2026-04-06

[N/A][502978647] High CVE-2026-8557: Use after free in Accessibility. Reported by Google on 2026-04-15

[N/A][504629701] High CVE-2026-8559: Integer overflow in Internationalization. Reported by Google on 2026-04-20

[N/A][487795397] Medium CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation. Reported by Google on 2026-02-26

[TBD][328109821] Medium CVE-2026-8560: Heap buffer overflow in SwiftShader. Reported by Cassidy Kim(@cassidy6564) on 2024-03-05

[TBD][343352552] Medium CVE-2026-8561: Incorrect security UI in Fullscreen. Reported by Wolfgang Ettlinger (aff. Certitude Consulting GmbH)
Alexander Hurbean (aff. Certitude Consulting GmbH) on 2024-05-29

[N/A][40057534] Medium CVE-2026-8562: Side-channel information leakage in Navigation. Reported by Google on 2021-10-06

[TBD][40061220] Medium CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox. Reported by Luan Herrera (@lbherrera_) on 2022-10-04

[TBD][418273622] Medium CVE-2026-8564: Incorrect security UI in Downloads. Reported by Alesandro Ortiz https://AlesandroOrtiz.com on 2025-05-16

[TBD][442860473] Medium CVE-2026-8565: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-09-04

[TBD][470646792] Medium CVE-2026-8566: Insufficient policy enforcement in Payments. Reported by Jorian Woltjer on 2025-12-21

[TBD][484986863] Medium CVE-2026-8567: Integer overflow in ANGLE. Reported by cinzinga on 2026-02-16

[TBD][488728570] Medium CVE-2026-8568: Insufficient policy enforcement in AI. Reported by Tianyi Hu on 2026-03-01

[N/A][490229299] Medium CVE-2026-8569: Out of bounds write in Codecs. Reported by Google on 2026-03-06

[N/A][490353576] Medium CVE-2026-8570: Type Confusion in V8. Reported by Google on 2026-03-06

[TBD][491422244] Medium CVE-2026-8571: Insufficient policy enforcement in GPU. Reported by Mark Blaszczyk on 2026-03-10

[N/A][495405493] Medium CVE-2026-8572: Insufficient policy enforcement in Network. Reported by Google on 2026-03-23

[N/A][495417883] Medium CVE-2026-8573: Integer overflow in Codecs. Reported by Google on 2026-03-23

[N/A][495902113] Medium CVE-2026-8574: Use after free in Core. Reported by Google on 2026-03-24

[N/A][496217775] Medium CVE-2026-8575: Use after free in UI. Reported by Google on 2026-03-25

[N/A][496231853] Medium CVE-2026-8576: Inappropriate implementation in CORS. Reported by Google on 2026-03-25

[N/A][496302307] Medium CVE-2026-8577: Integer overflow in Fonts. Reported by Google on 2026-03-25

[N/A][496395450] Medium CVE-2026-8578: Out of bounds read in GPU. Reported by Google on 2026-03-26

[N/A][496526419] Medium CVE-2026-8579: Insufficient validation of untrusted input in Skia. Reported by Google on 2026-03-26

[N/A][496639647] Medium CVE-2026-8580: Use after free in Mojo. Reported by Google on 2026-03-26

[N/A][497292072] Medium CVE-2026-8581: Use after free in GPU. Reported by Google on 2026-03-28

[N/A][497594413] Medium CVE-2026-8582: Object lifecycle issue in Dawn. Reported by Google on 2026-03-30

[N/A][497975477] Medium CVE-2026-8583: Insufficient policy enforcement in WebXR. Reported by Google on 2026-03-31

[N/A][498892595] Medium CVE-2026-8584: Inappropriate implementation in Views. Reported by Google on 2026-04-02

[N/A][499052720] Medium CVE-2026-8585: Inappropriate implementation in Media. Reported by Google on 2026-04-02

[N/A][499154022] Medium CVE-2026-8586: Inappropriate implementation in Chromoting. Reported by Google on 2026-04-03

[TBD][507356235] Medium CVE-2026-8587: Use after free in Extensions. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2026-04-28

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Interested in switching release channels? Find out how here. If you find a new issue, please let us know by filing a bug. The community help forum is also a great place to reach out for help or learn about common issues.

Srinivas Sista

Google Chrome

MediaInfo 26.05

MediaInfo

12 Mei 2026 om 08:00

+ Update Spanish, Chinese, German translations
+ Windows 11 Explorer: Optimize for ShellExt early return.
+ Windows: Add dark icon
+ KDE: Add support for context menu entry on KDE 6
+ iOS GUI: Explicitly release iCloud-downloaded files (feedback requested)
+ iOS GUI: Add dark/tinted icons
+ macOS GUI: Add light/dark icon variant according to the latest macOS guidelines
+ Android GUI: Permission request explanation for media location
+ Android GUI: Improve listing performance with hundreds of files
+ Android GUI: Improve colour contrast of button
+ Android GUI: Slightly reducing release size
+ Amiga .info: Initial and complete support
+ APV: Initial support, raw and in MP4
+ AV2: Initial support, raw and in MP4/AVIF
+ AV1: Support of Annex B (raw) streams
+ JPEG: Support of MotionPhoto
+ PNG: Support of animated PNG
+ HEVC/AV1: Support of HLG+
+ IAMF: Support of IAMF v2.0.0 test files
+ XMP: Support new GContainer format in JPEG files
+ HEVC: Show the precise profile for Format Range generic profile
+ Matroska: support RFC 9559 track flags (SDH, audio description, original, commentary)
+ Matroska: Map Performer, Podcast URL, Genre tags
+ MPEG-4: handle better some malformed stsd compressor names
+ MP4/MOV: handle presence or lack (heuristic) of version/flags in meta boxes
+ VorbisCom & MKV: Map ENCODER_OPTIONS from opusenc
+ APE: Read DISC and DISCSUBTITLE tag
+ WM: Read WM/SetSubTitle and WM/PartOfSet as part and part number
+ MPEG-4: Read the com.apple.iTunes:DISCSUBTITLE tag
+ Vorbis: Read the DISCSUBTITLE tag
+ Vorbis: Write disc numbers into Part/Position and Part/Position_Total
+ ID3v2: Map TSST to Part
+ MZ/PE: Identify presence of Cargo Auditable data
+ SMPTE registers: add more items
+ MZ/PE: Get Extended DLLCharacteristics / CETCOMPAT
+ MZ/PE: Extract SBAT from EFI files
+ MZ/PE: Parse resources, Optional Header and Section Headers
x LXF: fix crashes with buggy files
x ID3v2: fix crashes with buggy content
x Channel splitting: fix crashes with buggy content
x Channel grouping: fix crashes with buggy content
x ID3v2: fix not skipping unknown character encoding
x MPEG-4: does not parse boxes with unknown version
x Filter C0 controls, DEL, and C1 controls
x DLL: Fix missing const in buffer API
x I2561, Dirac: fix freeze with some malformed content
x I2578, Matroska: fix bad behavior with content having more then 126 tracks
x I2557, Matroska: fix false positive cover detection
x I2506, Matroska: fix false positive cover detection
x MPEG-4 Visual: less false-positive detection
x AAC: fix false-positive display of gain_control with corrupted frames
x VP9: fix frame info with RGB content
x DV DIF: fix recorded date century
x ADM: fix potential crash

30.0.1

Draw.io

Door: github-actions[bot]

13 Mei 2026 om 00:47

Releases Notes for 30.0.1

Windows Installer
Windows No Installer (zip)
macOS - Universal
Linux - deb, AppImage or rpm

Windows intel x32 releases are marked -ia32-

ChangeLog:

Uses electron 42.0.1
#2422 , #2425
Updates to draw.io core 30.0.1.

Lees weergave

12.18 - 2026-06-09

⛰️ Features

🚀 Enhancements

🐛 Bug Fixes

🚜 Refactor

Localize

Contributors

New Contributors ❤️

Changes from 2.7.1 to 2.7.2:

New features:

Bugfixes and minor changes:

Added

Changed

Fixed

Releases Notes for 30.0.4

Fixed

Fixed

New

Fixed

Changed

Enterprise

Developer

Web Platform

Community Contributions

Releases Notes for 30.0.2

Releases Notes for 30.0.1