Releases: GrapheneOS/Vanadium
128.0.6613.146.0
Changes in version 128.0.6613.146.0:
- update to Chromium 128.0.6613.146
A full list of changes from the previous release (version 128.0.6613.127.0) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
128.0.6613.127.0
Changes in version 128.0.6613.127.0:
- update to Chromium 128.0.6613.127
- mark Vanadium Config as forceQueryable to support reading the configuration from apps using the WebView for feature flags
A full list of changes from the previous release (version 128.0.6613.99.0) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
128.0.6613.99.0
Changes in version 128.0.6613.99.0:
- update to Chromium 128.0.6613.99
- backport upstream implementation of enforcing blob URL partitioning
- enforce dynamic code execution restrictions with seccomp-bpf when JIT is disabled (prevent creating executable anonymous mappings, writable and executable file mappings or marking a non-executable mapping executable)
- explicitly declare queries to Vanadium Config package for both the WebView and browser
A full list of changes from the previous release (version 128.0.6613.88.1) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
128.0.6613.88.1
Changes in version 128.0.6613.88.1:
- rebuild to resolve regression caused by x86_64 build used for the emulator being done with the arm64 configuration
A full list of changes from the previous release (version 128.0.6613.88.0) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
128.0.6613.88.0
Changes in version 128.0.6613.88.0:
- update to Chromium 128.0.6613.88
A full list of changes from the previous release (version 127.0.6533.104.3) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
127.0.6533.104.3
Changes in version 127.0.6533.104.3:
- temporarily disable Shadow Call Stack due to causing app compatibility issue with Discover Mobile despite the main compatibility issues being resolved
A full list of changes from the previous release (version 127.0.6533.104.2) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
127.0.6533.104.2
Changes in version 127.0.6533.104.2:
- enable Shadow Call Stack on 64-bit ARM in addition to pointer authentication since pointer authentication is probabilistic and only supported on ARMv9 devices such as 8th/9th generation Pixels
- keep stack canaries enabled via
-fstack-protector-strong
when Shadow Call Stack is enabled as we already do in the kernel to preserve the minor security benefits it still provides and to work around crashes occurring in certain apps using the WebView with it disabled
A full list of changes from the previous release (version 127.0.6533.104.1) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
127.0.6533.104.1
Changes in version 127.0.6533.104.1:
- temporarily disable Shadow Call Stack due to causing app compatibility issues with certain apps using the WebView
A full list of changes from the previous release (version 127.0.6533.104.0) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
127.0.6533.104.0
Changes in version 127.0.6533.104.0:
- update to Chromium 127.0.6533.104 (no changes from 127.0.6533.103)
- enable Shadow Call Stack on 64-bit ARM in addition to pointer authentication since pointer authentication is probabilistic and only supported on ARMv9 devices such as 8th/9th generation Pixels
- respect GrapheneOS dynamic code execution toggle
- improve support for 64-bit-only build targets
- disable predictive back gesture globally since it breaks Incognito lock privacy
A full list of changes from the previous release (version 127.0.6533.103.0) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.
127.0.6533.103.0
Changes in version 127.0.6533.103.0:
- update to Chromium 127.0.6533.103.0
- enable -fstack-clash-protection on arm64 with the standard 64kiB stack probes since GrapheneOS raises the secondary stack guard size to 64kiB and Vanadium only currently supports GrapheneOS (AOSP should do this too, but it's not our problem)
- use 64-bit toolchain for generating resource allowlist
A full list of changes from the previous release (version 127.0.6533.84.0) is available through the Git commit log between the releases.
This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.