Skip to content

Releases: GrapheneOS/Vanadium

127.0.6533.104.2

17 Aug 21:47
@thestinger thestinger
127.0.6533.104.2
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
ea8709b
Compare
Choose a tag to compare
127.0.6533.104.2

Changes in version 127.0.6533.104.2:

  • enable Shadow Call Stack on 64-bit ARM in addition to pointer authentication since pointer authentication is probabilistic and only supported on ARMv9 devices such as 8th/9th generation Pixels
  • keep stack canaries enabled via -fstack-protector-strong when Shadow Call Stack is enabled as we already do in the kernel to preserve the minor security benefits it still provides and to work around crashes occurring in certain apps using the WebView with it disabled

A full list of changes from the previous release (version 127.0.6533.104.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading

127.0.6533.104.1

15 Aug 03:04
@thestinger thestinger
127.0.6533.104.1
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
8c54767
Compare
Choose a tag to compare
127.0.6533.104.1

Changes in version 127.0.6533.104.1:

  • temporarily disable Shadow Call Stack due to causing app compatibility issues with certain apps using the WebView

A full list of changes from the previous release (version 127.0.6533.104.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading

127.0.6533.104.0

14 Aug 19:05
@thestinger thestinger
127.0.6533.104.0
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
ab78bb8
Compare
Choose a tag to compare
127.0.6533.104.0

Changes in version 127.0.6533.104.0:

  • update to Chromium 127.0.6533.104 (no changes from 127.0.6533.103)
  • enable Shadow Call Stack on 64-bit ARM in addition to pointer authentication since pointer authentication is probabilistic and only supported on ARMv9 devices such as 8th/9th generation Pixels
  • respect GrapheneOS dynamic code execution toggle
  • improve support for 64-bit-only build targets
  • disable predictive back gesture globally since it breaks Incognito lock privacy

A full list of changes from the previous release (version 127.0.6533.103.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading

127.0.6533.103.0

06 Aug 18:58
@thestinger thestinger
127.0.6533.103.0
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
5d06d5e
Compare
Choose a tag to compare
127.0.6533.103.0

Changes in version 127.0.6533.103.0:

  • update to Chromium 127.0.6533.103.0
  • enable -fstack-clash-protection on arm64 with the standard 64kiB stack probes since GrapheneOS raises the secondary stack guard size to 64kiB and Vanadium only currently supports GrapheneOS (AOSP should do this too, but it's not our problem)
  • use 64-bit toolchain for generating resource allowlist

A full list of changes from the previous release (version 127.0.6533.84.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading

127.0.6533.84.0

30 Jul 23:51
@thestinger thestinger
127.0.6533.84.0
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
f0577a9
Compare
Choose a tag to compare
127.0.6533.84.0

Changes in version 127.0.6533.84.0:

  • update to Chromium 127.0.6533.84

A full list of changes from the previous release (version 127.0.6533.64.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading

127.0.6533.64.1

27 Jul 05:23
@thestinger thestinger
127.0.6533.64.1
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
810c741
Compare
Choose a tag to compare
127.0.6533.64.1

Changes in version 127.0.6533.64.1:

  • enable per-site isolation for sandboxed iframes instead of per-origin isolation
  • avoid rare uncaught exception from attempting to load content filters from the Vanadium Config app when native code isn't loaded yet

A full list of changes from the previous release (version 127.0.6533.64.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading

127.0.6533.64.0

23 Jul 16:50
@thestinger thestinger
127.0.6533.64.0
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
b727d26
Compare
Choose a tag to compare
127.0.6533.64.0

Changes in version 127.0.6533.64.0:

  • update to Chromium 127.0.6533.64
  • enable visited link partitioning

A full list of changes from the previous release (version 126.0.6478.186.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading

126.0.6478.186.0

16 Jul 21:17
@thestinger thestinger
126.0.6478.186.0
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
813f476
Compare
Choose a tag to compare
126.0.6478.186.0

Changes in version 126.0.6478.186.0:

  • update to Chromium 126.0.6478.186
  • reimplement reading content filtering rules from config app to avoid upstream memory corruption bug caught by hardware memory tagging

A full list of changes from the previous release (version 126.0.6478.122.3) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading

126.0.6478.122.3

07 Jul 21:19
@thestinger thestinger
126.0.6478.122.3
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
7e908e3
Compare
Choose a tag to compare
126.0.6478.122.3

Changes in version 126.0.6478.122.3:

  • switch to using API 35 (Android 15) SDK and build tools
  • set target API level to 35 (Android 15) to support providing the WebView on Android 15
  • add support for newer protobuf versions
  • switch to 64-bit-only builds for x86_64 since the only supported x86_64 build targets for GrapheneOS are 64-bit-only

A full list of changes from the previous release (version 126.0.6478.122.2) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading

126.0.6478.122.2

01 Jul 00:06
@thestinger thestinger
126.0.6478.122.2
This tag was signed with the committer’s verified signature.
thestinger Daniel Micay
SSH Key Fingerprint: AhgHif0mei+9aNyKLfMZBh2yptHdw/aN7Tlh/j2eFwM Learn about vigilant mode.
289a18a
Compare
Choose a tag to compare
126.0.6478.122.2

Users will need to enable JavaScript JIT compilation for sites requiring WebAssembly again via the permission menu next to the URL due to us reverting the upstream security regression which resulted in this working by default. Unfortunately, Chromium still doesn't have a WebAssembly interpreter like Edge and got this working by rolling back the security of the API used to disable JIT compilation for their desktop V8 Optimizer toggle.

This is a rebuild of the 126.0.6478.122.1 code to work around a caching issue which resulted in the new changes not being included.

Changes in version 126.0.6478.122.2:

  • restore fully disabling the JavaScript JIT compiler by default since Chromium changed the definition of disabling the JIT compiler into only disabling the 2 higher tiers of JIT compilation without disabling baseline JIT compilation which does not avoid dynamically creating executable native code
  • add support for language-specific content filters automatically enabled when the language is selected (EasyList Germany has been added to the configuration app for testing the implementation)

A full list of changes from the previous release (version 126.0.6478.122.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Assets 2
Loading