Latest Vanadium release contains a backport early patch for CVE-2024-4671. Update if yours has not been already. #GrapheneOS

#GrapheneOS version 2024050700 released: While it appears the patch level is older, this is due to Google not releasing the full SPL until later. - full 2024-05-05 security patch level rebased onto AP1A.240505.005 Android Open Source Project release - update our backports of mainline APEX Health Fitness patches - kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.213 - kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.151 - TalkBack (screen reader): update dependencies - Vanadium: update to version 124.0.6367.159.0 - PDF Viewer: update to version 18

Releases | GrapheneOS

We've pre-ordered a Pixel 8a for our official device testing farm. They push the Android Open Source Project tags and stock OS factory images on the official release day. Should take us a couple hours to add support for it. We'll build, test and make an official release quickly. #GrapheneOS

Pixel 8a is official

Ars Technica

The $499 Google Pixel 8a is official, with 120 Hz display, 7 years of updates

The new Pixel 8a looks like a mid-range champion.

#GrapheneOS receives third Android Security Acknowledgement from Google this year. This time for a high-severity Bluetooth vulnerability: Google has listed the CVE-2024-23694 vulnerability we reported in the security acknowledgements for May 2024:

Android Open Source Project

Android security acknowledgements | Android Open Source Project

This is the Bluetooth issue we found with memory tagging which they assigned a High severity. We fixed this on March 9th. This vulnerability isn't listed in the baseline Android Security Bulletin despite being an Android Open Source Project issue. It will likely be listed in the Pixel Update Bulletin which should be today with the monthly update of AOSP and the Pixel OS. This vulnerability only impacts Android 14 QPR2 and later. It's possible they only list issues impacting the initial release of Android 14 in Android Security Bulletins and put the rest in Pixel bulletins. It's odd how Pixel bulletins are mostly issues impacting other devices. Last month, Pixels fixed 2 vulnerabilities we reported which were both classified as High severity and were both exploited in the wild by forensic companies to extract data on smartphones. Both also impact non-Pixels but were only fixed for Pixels and listed in the Pixel bulletin. We understand why they didn't list those firmware patches in the Android Security Bulletin (ASB) since other devices with the same issues need their own unique firmware patches for them. The AOSP 14 QPR2 Bluetooth big not being listed means ASB is less complete than we thought though.

Android monthly security backports were released this Monday. We expect the full monthly release to be released much later today (Tuesday). It's what happened last month, but last time we expected the monthly release to be delayed a week so we did an early release with backports. Monthly/quarterly/yearly releases include Low/Moderate severity patches not backported to older releases and are needed for Pixel firmware/driver patches. Those aren't published/disclosed for May yet. We'll do an early release with the ASB backports if it's not released today. We've reviewed the backports and can easily ship them if needed. We've included the next set of Linux kernel GKI LTS updates too. We'll have mitigations for the 3rd party VPN app DNS leaks discovered by our community soon, but likely not today's release.

#GrapheneOS version 2024050300 released. This update contains various hardening additions, fixes Google Fi eSIM activation (again) and changes OS infrastructure to prepare for an upcoming App Communication Scopes feature. See the changes: - remove special handling of the resolver activity ("Open with..." dialog) which was added to Android in order to support instant apps as preparation for our in-development App Communication Scopes feature - fix Google Fi eSIM activation - improve isolation of the eSIM activation apps - improve GrapheneOS infrastructure for per-app state - enable heap memory tagging for vendor processes by default, remove the user-facing toggle in the Settings and restrict toggling the value to debug builds - disable most handling for instant apps in the package manager as attack surface reduction - disable out-of-band APEX updates as attack surface reduction - only allow first party app source and shell to update system packages - improve robustness of original-package handling - Settings: hide GNSS SUPL and PSDS settings on devices without GNSS hardware - fix regression from our Android 14 QPR2 port causing Storage/Contact Scopes link to disappear after going back to the permissions screen - improve setup wizard theme to more closely match the stock Pixel OS configuration - backport mainline APEX module patches for Android Health, Media Provider, Network Stack, and Wi-Fi - kernel (5.10): update to latest GKI LTS branch revision including update to 5.10.212 - kernel (5.15): update to latest GKI LTS branch revision including update to 5.15.150 - kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.80 - Log Viewer: use human readable UTC time for logcat timestamps - GmsCompatConfig: update to version 109 - Vanadium: update to version 124.0.6367.113.0 - Apps: update to version 23 - work around our app repository client taking ownership of updates for the debug toggle we use to test new Android Auto releases - fix debug build option for testing same versionCode package updates

If I had a dollar for every time someone made GrapheneOS anime girl fanart I'd have about 10,000 sats And no, AI doesn't count.

Vivaldi UI and features with Brave state partitioning, anti-fingerprinting and content blocking would kill the browser game