- Add clear data on exit flag
- Add flag to disable WebRTC until a UI can be implemented (See discussion). This flag is enabled by default
- Add a fix for Note9 on Android 8 (Thanks to @uazo)
- Upstream update
- Upstream update
- Upstream update
- Re-enable bookmark import-export
- Disable offline indicator
- Add extra Vanadium enhancements:
- Enable user-agent freeze
- Enable split cache, partitioning connections, strict site isolation
- Other compiling time enhancements
- Upstream update
- Remove FloC setting
- Now using Android SDK 12 r02
- Bookmark import-export is disabled (again)
- Now built with Android SDK rebuilt from s-beta-5 (Android 12 beta) and NDK r23. If you want to know how they are built, see here.
- For some reason the aforementioned public version of Android 12 SDK doesn't have new APIs in them, so they are removed (for now). Will re-investigate when formal version of SDK 12 release.
- Re-enable proxy settings and bookmark import-export
- Upstream update
- Proxy settings and bookmark import-export are temporarily disabled
- Build script can now run with python3
- disable play service fonts
- Upstream update
- Remove DeviceOrientation API related flags. See bromite/bromite/issues/1204.
- Remove FireBase dependencies and move to a separate patch
- Upstream security fixes
- Fix update notification flag
- Add always incognito mode
- Add back 64-bit Trichrome
- Upstream security fixes
- Trichrome is temporarily rolled back to 32-bit. If it works fine 64-bit will be added back next version.
- Trichrome
apksupport can end any time due to Google decided to remove the ability of not using split modules, as well as stripe the ability of buildingapks directly for some time now. After that, you will have to manually install anaabfile usingbundletooland a specificaapt2file. I will try to keep fixing it as long as I can but it can stop working any time from now on.- Adding to their recent move of limiting APIs, I reflect the call from Fedora chromium package maintainer that at this point, if you really value free software as in freedom, you would be better off use something else instead, like
Fennec F-Droid.
- Adding to their recent move of limiting APIs, I reflect the call from Fedora chromium package maintainer that at this point, if you really value free software as in freedom, you would be better off use something else instead, like
- Upstream security fixes
- Add 64-bit webview for Trichrome
- Disable inline update by default
- Remove "Safety Check" and proactive help
- Disable TFLite
- Fix Trichrome
- Upstream security fixes
- Use 64-bit targets for arm64
- Upstream security fixes
- ungoogled-chromium version update
- Include several enhancements from Vanadium
- Add proxy settings, disable AMP on sites
- Add fix for DoH
- Change description for WebGL flag
- Add GPC (Global Privacy Control) support (Warning: turning this on may increase your browser's fingerprint!)
- Add separate
arm64andx86F-Droid repo
-
Upstream important security fix
CVE list
[1138143] High CVE-2021-21149: Stack overflow in Data Transfer. [1172192] High CVE-2021-21150: Use after free in Downloads. [1165624] High CVE-2021-21151: Use after free in Payments. [1166504] High CVE-2021-21152: Heap buffer overflow in Media. [1155974] High CVE-2021-21153: Stack overflow in GPU Process. [1173269] High CVE-2021-21154: Heap buffer overflow in Tab Strip. [1175500] High CVE-2021-21155: Heap buffer overflow in Tab Strip. [1177341] High CVE-2021-21156: Heap buffer overflow in V8. [1170657] Medium CVE-2021-21157: Use after free in Web Sockets.
- Extension version only:
- Fix two bugs related to uninitialized web contents upon restoring the browser activity
- Extension version only:
- Add extension icons to app menu. It is now possible to open the extension popups from main menu. Note: not all functionalities are working.
- Known issue: the icons will not be visible the first time menu is opened after installation or a cold start.
- Extensions that are known to work:
- NoScript
- Privacy Badger
- HTTPS Everywhere
- Decentraleyes
- Cookie AutoDelete
- uBlock Origin (except for logger window)
- uMatrix
- ClearURLs
- Upstream important security fix
- [1170176] High CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens on 2021-01-24
- Due to increasing problems with webview and build time, I will now release the main browser and webviews separately. In case of any problems occur with the builds, the main browser will take precedence.
- Upstream important security fix
- [1169317] Critical CVE-2021-21142: Use after free in Payments . Reported by Khalil Zhani on 2021-01-21
- [1163504] High CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker & Alex Morgan of MU on 2021-01-06
- [1163845] High CVE-2021-21144: Heap buffer overflow in Tab Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab on 2021-01-07
- [1154965] High CVE-2021-21145: Use after free in Fonts. Reported by Anonymous on 2020-12-03
- [1161705] High CVE-2021-21146: Use after free in Navigation. Reported by Alison Huffman and Choongwoo Han of Microsoft Browser Vulnerability Research on 2020-12-24
- [1162942] Medium CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman Starkov on 2021-01-04
- Fix webview build
- Now using SDK 30 (Android 11)
- Fix gradle generation
- Add option to enable
save-dataheader - Add option to force desktop mode
- Add option to force tablet UI
- Extension version only:
- HTTPS Everywhere can now open options page correctly
- Decentraleyes is now functional and can pass their test
- Fix a bug that prevents uBlock Origin from functioning after restart
- Extension page no longer needs manual refresh after installation or switching on/off.
- Potentially fix a bug with developer mode loading on Android 10+
- Known problem: extensions will not work on the first tab from a cold start (e.g. when you have restarted the device). Close the tab and open a new one fixes the problem.
- Every new file created in the patchset is now marked with GNU GPL notice
- Prevent Google connections from DRM preprovisioning (ungoogled-chromium/issues/1297)
- Remove sites on new page
- Add DoH patch back
- There is a problem about leaking connections. It is being investigated.
- Custom DoH setting is removed since it is supported natively.
ChromeModernPublicis also generated from bundle file now since Google removed theapktarget.- Add a fix for android-sdk building tools thanks to @Niek
- Other minor fixes.
- Note: apk signatures are changed as I lost access to my
keystorefile during my move, so it is normal to seeWrong signaturewhile installing. GPG keys for signing binary releases are still valid.
- Upstream update
- All versions:
- Update building targets. Now the two versions will be one for Android 5.0+ and one for Android 10+. Note that
Trichromeproduce two apks, you need to install both. - Remove Google related UI elements.
- Remove first run screen.
- Fix safe browsing error for v85.
- Update building targets. Now the two versions will be one for Android 5.0+ and one for Android 10+. Note that
- All versions:
- Upstream update
- All versions:
- The apks are now signed with a custom signing key, instead of the default debug key coming with chromium source code. This will prevent miraculous attacks which debug keys are used to install miraculous apks. Note: this is a breaking change. You will need to uninstall the current version on your phone!
- Add import/export bookmarks
- Users on Android KitKat: API level 19-20 are deprecated by Chromium team. See this link.
- Interval of checking update is now fixed to once every 2 days
- Extension version:
- Fix a possible cause of #51
- Add extension removal prompt
- Fix bug with update notification keeps sending pings
- Add update notification (resolve #22). Note: this is disabled by default since it will ping my server at uc.droidware.info. To enable, change
#enable-inline-update-flowtoEnabled.- Update: the functionality currently has a bug that will make it send continuous bursts of requests to my server. Please DO NOT enable it for now. This will be fixed in the next version.
- Reverse the removal of flags
#enable-process-sharing-with-default-site-instancesand#enable-process-sharing-with-strict-site-instances. - Extension version:
chromium-webstoreis now bundled with extension version- Resolve #45
- Extension version:
- Fix a bug preventing non Android 10 phones from installing extensions from url
- Website for
ungoogled-chromium-androidis now online at https://uc.droidware.info.
- Extension version:
- Add direct install through url
- Update README#Limitations, README#Reporting and Contributing, README#Extensions and SUPPORT.
- Add extension-support version
- This version is highly experimental and is not intended for daily usage yet! See README#Extensions
- Extension removal is not implemented yet
- The package will have a name
org.ungoogled.chromium.extensions
- Resolve #20, #23
- Partially resolve #19, #21
- Add migration for WebRTC
- Fix a crash with incognito tab
- Minor fix for extension patches. From next release,
chrome/armtarget will include a beta version with extension support.
- Fix a bug with bookmark add new folder activity.
- Add new fix of #9.
- This is an important security release that fix three vulnerabilities. All previous versions should update as soon as possible.
- [1044570] High: Integer overflow in ICU. Reported by André Bargull (with thanks to Jeff Walden from Mozilla) on 2020-01-22
- [1045931] High CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov of Google Project Zero on 2020-01-27
- [1053604] High CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18 (actively exploited in the wild)
- Fix video crash on Android P on certain machines
- Port some privacy related functionality from
Bromite, including:- flag to disable WebGL
- flag to disable motion sensors
- exit button and do not persist option
- use blank page as homepage
- setting for DNS-over-HTTPS (DoH)
- flag to disable pull-to-refresh
- Disable contextual search in native code instead of Java
- Disable lite mode prompt
- Disable download articles over Wi-fi
- Build time change (not affecting users):
- Exclude unit tests from domain substitution
- Using system JDK instead of bundled one. Requires both Java-8 and Java-10 on Arch Linux.
- Now build with SDK 29
- Add ChromePublic target (API 19)
- Fix build failure for safe browsing
- Update
README
- Update NDK to r20b
- Remove split installer dependencies (Google Play), disable DFM
- Other source fixes
- Known issue:
some pages, including(Fixed)chrome://flags,chrome://gpuare not working
- Update scripts and patches to new version
- Merge patches from Bromite and Unobtainium
- New dependencies: nodejs binaries, lib files from ndk
- Update patches to new version
- Update GN to latest commit
- Minor fixes
- No change
- Change default setting of contextual search to false
- Add WebView builds
- Since
aaptno longer works, bundledaapt2will be used until a rebuild of SDK 29 exists - Minor bug fixes
- Remove all Google Play related libraries
- Uncheck "Send statistics" on first run
- Fix #3
- Disable resource obfuscation
- Add arm build
- Change package name to avoid conflict with chromium
- Reduce downloaded dependencies on gclient sync
- Prune more binaries
- Build gcm-client, eu-strip, closure-compiler from source; change error-prone to Maven version
- Domain substitution on all non-binary files
- First release