Changes in version 142.0.7444.158.0:

• update to Chromium 142.0.7444.158

A full list of changes from the previous release (version 142.0.7444.138.1) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 142.0.7444.138.1...142.0.7444.158.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

I don't use apps like whatsapp or skype because they sell my data and don't trust them.

I was hoping for a foss alternative to talk to my parents, regular folk who need something easy to set up on their android devices, ideally through fdroid.

I don't want to reveal a real phone number because I don't want ads from nobody.

I don't need to see my parent's faces, I just need to talk to them and maybe send files and lines of text.

Tags:

• 2025110800 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025110600 release:

• adevtool: fully automate handling SoC and radio firmware image backports, which resolves an issue with a version string mismatch in the previous release for the initial installation process which resulted in us cancelling the Stable channel release
• Vanadium: update to version 142.0.7444.138.1

All of the Android 16 security patches from the current December 2025, January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025110801 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48631, CVE-2026-0006
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2025-22420, CVE-2025-22432, CVE-2025-26447, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634, CVE-2026-0005, CVE-2026-0007, CVE-2026-0008

2025110801 provides at least the full 2025-12-01 Android security patch level (a Pixel Update Bulletin for November 2025 hasn't been released could have fixes we don't get early, although it's likely empty) but will remain marked as providing 2025-11-01.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Changes in version 142.0.7444.138.1:

• revert our addition of Mullvad Leta since it's being shut down on November 27
• disable Chrome Tips cards for the New Tab Page as many are inappropriate for Vanadium due to the removal of Google service integration and other changes

A full list of changes from the previous release (version 142.0.7444.138.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 142.0.7444.138.0...142.0.7444.138.1 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Both of the November 2025 patches have been provided in our regular non-security-preview releases for over a month, so we've already had the 2025-11-05 Android security patch level for over a month. Our patch level is set based on providing both the Android and Pixel security patches, so we're leaving it at 2025-11-01 until the Pixel stock OS release and Pixel Update Bulletin are published. The stock Pixel OS also included both November 2025 patches in early September. We expect they made a 2nd October release to ship the November carrier changes and will make a release in mid-November with patches from future Android Security Bulletins.

Tags:

• 2025110600 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025102800 release:

• raise declared patch level to 2025-11-01 which has already been provided in GrapheneOS since our regular 2025090200 release (not a security preview) since the patches were included in the September security preview and were then pushed to AOSP despite not being listed in the bulletin
• kernel (6.1): update to latest GKI LTS branch revision
• kernel (6.1): keep POSIX_MQUEUE disabled to avoid increasing attack surface
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.114
• kernel (6.12): update to latest GKI LTS branch revision
• adevtool: switch to obtaining Android 16 QPR1 backports from the latest October releases for 7th/8th/9th gen Pixels (6th gen Pixels did not have an October release) for very minor radio carrier configuration changes (no code changes)
• Settings: add 1 second delay for approving device admin activation to mitigate tapjacking (this matches the 1 second delay we add to both permission prompts and ADB authorization prompts which is currently not configurable)
• Vanadium: update to version 142.0.7444.138.0

All of the Android 16 security patches from the December 2025, January 2026, February 2026 and March 2026 Android Security Bulletins are included in the 2025110601 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48631, CVE-2026-0006
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2025-22420, CVE-2025-22432, CVE-2025-26447, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634, CVE-2026-0005, CVE-2026-0007, CVE-2026-0008

2025110601 provides at least the full 2025-12-01 Android security patch level (a Pixel Update Bulletin for November 2025 hasn't been released could have fixes we don't get early, although it's likely empty) but will remain marked as providing 2025-11-01.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Changes in version 142.0.7444.138.0:

• update to Chromium 142.0.7444.138

A full list of changes from the previous release (version 142.0.7444.48.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 142.0.7444.48.0...142.0.7444.138.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Both patches in the November 2025 Android Security Bulletin have been included since our September 2nd release. It's now known that our 2025090200 and later releases provided the 2025-11-05 Android security patch level early due to shipping extra patches.

source.android.com/docs/securi…

It's because these two patches were included in the full September 2025 bulletin patches we shipped but were made optional until November 2025.

Later in September, we started our security preview releases able to provide Android Security Bulletin patches around 2-3 months early.

Our security preview releases currently have the December 2025 and January 2026 patches.

December 2025 has a huge set of patches due to being a quarterly patch level. January 2026 will likely be empty.

We should have quarterly March 2026 patches to ship within a couple weeks.

Due to having early access to the patches which we can use for our security preview releases, we've been able to determine that a subset were pushed to AOSP and other projects prior to the official embargo ending which means we'll be including those in our regular releases soon.

Our security preview releases shipped all available December 2025 security patches in September 2025 and have continued adding the remaining patches. It should be frozen soon, but most of the patches have remained the same since September. Some were deferred to future bulletins.

The new security patch system being used by Android is confusing for users and bad for the security of anyone not using GrapheneOS with our security preview releases. We could have set the patch level string to 2025-11-01 in early September but in this case we didn't do that.

Tags:

• 2025102800 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025102600 release:

• Sandboxed Google Play compatibility layer: temporarily limit system service override infrastructure added for GmsFontProvider shim to Pixel Camera to work around certain banking apps detecting it as tampering (we can change the approach to avoid this to enable it for all apps using the Google Play client libraries again, especially since we want to expand it to improve app compatibility without Play services installed)
• kernel (6.1): update to latest GKI LTS branch revision
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.112
• kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.53

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102801 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48593, CVE-2025-48631
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634

2025102801 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Tags:

• 2025102600 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025102300 release:

• Sandboxed Google Play compatibility layer: add shim implementation of GmsFontProvider to prevent crashes of apps depending on Play services when it's missing or disabled (restores support for using Pixel Camera without Play services)
• Sandboxed Google Play compatibility layer: extend shim for background service starts to address edge cases where a foreground service is required
• Sandboxed Google Play compatibility layer: fix NoOpPrewarmService chain crash in Pixel Camera caused by lack of privileged OS integration
• kernel (6.6): update to latest GKI LTS branch revision
• Vanadium: update to version 142.0.7444.48.0

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102601 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48593, CVE-2025-48631
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634

2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Changes in version 101:

• fix a font preloading crash caused by the GmsFontProvider shim introduced in the previous release

A full list of changes from the previous release (version 100) is available through the Git commit log between the releases.

GmsCompatLib is a core component of the GrapheneOS sandboxed Google Play compatibility layer.

This update is available to GrapheneOS users via our app repository and and will be obsoleted by the next OS release including the changes in the base package.

Comparing lib-100...lib-101 · GrapheneOS/platform_packages_apps_GmsCompat

Contribute to GrapheneOS/platform_packages_apps_GmsCompat development by creating an account on GitHub.

^GitHub

Pixel Camera recently added a hard dependency on Google Play services. It still works on GrapheneOS, but started requiring sandboxed Google Play services.

GmsCompatLib version 100 for GrapheneOS 2025102300 or later restores support for Pixel Camera without Play services:

grapheneos.social/@GrapheneOS/…

Changes in version 100:

• add shim implementation of GmsFontProvider to prevent crashes of apps depending on Play services when it's missing or disabled (restores support for using Pixel Camera without Play services with recent Pixel Camera versions depending on it for this)
• extend shim for background service starts to address edge cases where a foreground service is required
• fix NoOpPrewarmService chain crash in Pixel Camera caused by lack of privileged OS integration

A full list of changes from the previous release (GrapheneOS version 2025102300) is available through the Git commit log between the releases.

GmsCompatLib is a core component of the GrapheneOS sandboxed Google Play compatibility layer.

This update is available to GrapheneOS users via our app repository and and will be obsoleted by the next OS release including the changes in the base package.

Comparing 2025102300...lib-100 · GrapheneOS/platform_packages_apps_GmsCompat

Contribute to GrapheneOS/platform_packages_apps_GmsCompat development by creating an account on GitHub.

^GitHub

While we greatly appreciate businesses seeing value in our work, selling devices with GrapheneOS preinstalled or being a business in the privacy/security space, recognising our users buying services/products, and so donating to us. GrapheneOS has no official direct affiliations.

Unless mentioned by the project account no team members make any recommendations on behalf of the project for any app/product/service, any that may be linked, are personal recommendations or just to make users aware they exist for them to decide for themselves.

Changes in version 142.0.7444.48.0:

• update to Chromium 142.0.7444.48
• allow registration of passkeys regardless of residentKey value

A full list of changes from the previous release (version 141.0.7390.122.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 141.0.7390.122.0...142.0.7444.48.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Tags:

• 2025102300 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025102200 release:

• fix signing the GmsCompatLib package with a dedicated cross-device key, which was added in the last release but wasn't being replaced by a release key and blocked moving the last release past Alpha
• kernel (6.12): update to latest GKI LTS branch revision

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102301 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48593, CVE-2025-48631
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634

2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Tags:

• 2025102200 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025100900 release:

• adevtool: add satellite eSIM overlays to avoid the special Skylo eSIM on 9th/10th gen Pixels being listed as a regular eSIM and being possible to erase with the regular eSIM erase functionality
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.111
• kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.52
• System Updater: prevent reboot and security preview notifications from timing out after 3 days which is standard behavior since Android 15 QPR1
• System Updater: mark notification permission as fixed to prevent disabling overall notifications, but enable blocking progress, failure and already up to date notification channels
• Sandboxed Google Play compatibility layer: add support for overriding BinderProxy transactions
• Sandboxed Google Play compatibility layer: add support for out-of-band updates to GmsCompatLib
• Vanadium: update to version 141.0.7390.111.0
• Vanadium: update to version 141.0.7390.122.0
• raise emulator super / dynamic partition size due to reaching the limit in some cases
• adevtool: prefer prebuilt AOSP JDK 21

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102201 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48593, CVE-2025-48631
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634

2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Changes in version 141.0.7390.122.0:

• update to Chromium 141.0.7390.122

A full list of changes from the previous release (version 141.0.7390.111.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 141.0.7390.111.0...141.0.7390.122.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Changes in version 141.0.7390.111.0:

• update to Chromium 141.0.7390.111
• enable origin keyed processes by default for improved site isolation sandboxing
• drop unnecessary code related to our search engine changes
• replace enabling local network checks feature in Vanadium Config via the browser again (this was enabled upstream so we dropped our patch but then they disabled it again which we dealt with via Vanadium Config)

A full list of changes from the previous release (version 141.0.7390.70.0) is available through the Git commit log between the releases.

This update is available to GrapheneOS users via our app repository and will also be bundled into the next OS release. Vanadium isn't yet officially available for users outside GrapheneOS, although we plan to do that eventually. It won't be able to provide the WebView outside GrapheneOS and will have missing hardening and other features.

Comparing 141.0.7390.70.0...141.0.7390.111.0 · GrapheneOS/Vanadium

Privacy and security enhanced releases of Chromium for GrapheneOS. Vanadium provides the WebView and standard user-facing browser on GrapheneOS. It depends on hardening in other GrapheneOS reposito...

^GitHub

Our security preview releases provide early access to Android Security Bulletin patches prior to the official disclosure. Our current security preview releases provide the current revision of the November 2025 and December 2025 patches for the Android Open Source Project. We recommend enabling this.

The only difference between our regular releases and security preview releases are the future Android Security Bulletin patches being applied with any conflicts resolved. The downside of security preview releases is we cannot provide the sources for the patches until the official disclosure date.

The delay for being able to publish the sources is why we're now going through the significant effort of building 2 variants of each release. Our most recent 3 releases have both a regular and security preview variant:

2025092500 and 20250925012025092700 and 20250927012025100300 and 2025100301

You can enable security preview releases via Settings > System > System update > Receive security preview releases.

Our plan is to keep it off-by-default with a new page added to the Setup Wizard which will have it toggled on as a recommendation. We'll prompt users on existing installs to choose.

We're maintaining the upcoming Android security patches in a private repository where we've resolved the conflicts. Each of our security preview releases is tagged in this private repository. Our plan is to publish what we used once the embargo ends, so it will still be open source, but delayed.

The new security update Android is using provides around 3 months of early access to OEMs with permission to make binary-only releases from the beginning. As far as we know, GrapheneOS is the first to take advantage of this and ship the patches early. Even the stock Pixel OS isn't doing this yet.

During the initial month, many patches are added or changed. By around the end of the month, the patches are finalized with nothing else being added or changed. Our 2025092500 release was made on the day the December 2025 patches were finalized, but we plan to ship the March 2026 patches earlier.

Previously, Android had monthly security patches with a 1 month embargo not permitting early releases. For GrapheneOS users enabling security preview releases, you'll get patches significantly earlier than before. We'd greatly prefer 3 day embargoes over 3 month embargoes but it's not our decision.

Security preview releases currently increment the build date and build number of the regular release by 1. You can upgrade from 2025100300 to 2025100301 but not vice versa. For now, you can switch back to regular releases without reinstalling such as 2025092701 to 2025100300, but this may change.

One of the changes in this release should result in Google Messages RCS working for users receiving a verification error caused by Play Store checking for an emulator with an easy to bypass check. It was already working for many users without this but this should get it working for everyone else.

Tags:

• 2025100900 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)

Changes since the 2025100300 release:

• raise security patch level to 2025-10-05 since it's already provided without applying any additional patches
• System Updater, Setup Wizard: integrate support for recommending opting into security preview releases during the initial Owner user setup and for existing users via a persistent notification which is disabled after making an explicit choice on whether to use security preview releases (this is necessary to inform all users about the option with an explicit choice)
• Settings: add support for forcing VoWiFi availability
• Settings: improve the carrier configuration override by improving the summaries, adding detailed descriptions and using clarifying the options force features to be available since there are also toggles for directly enabling/disabling the features in the main SIM settings screen
• Sandboxed Google Play compatibility layer: fix a Google Messages RCS compatibility issue by removing the error string for the missing privileged permission from SurfaceFlinger::doDump() to make a DroidGuard check pass
• Sandboxed Google Play compatibility layer: make Play Store ignore app auto-install config
• Sandboxed Google Play compatibility layer: fix Build.getSerial() shim to fix an Android Auto issue
• Sandboxed Google Play compatibility layer: add stub for TelephonyManager.getImei()
• Sandboxed Google Play compatibility layer: add stub for Window.setHideOverlayWindows() to replace reliance on a feature flag override via GmsCompatConfig
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.155
• update test suite to handle our carrier overrides support
• Vanadium: update to version 141.0.7390.70.0
• Camera: update to version 90

All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025100901 security preview release. List of additional fixed CVEs:

• Critical: CVE-2025-48593
• High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48544, CVE-2025-48555, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48581, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48607, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629

CVE-2025-48595 was fixed in the regular GrapheneOS 2025100300 release and is no longer listed.

CVE-2025-48611 patch was retracted.

2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.

For detailed information on security preview releases, see our post about it.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Android Security Bulletin (ASB) for October 2025 is empty:

source.android.com/docs/securi…

However, you can see Samsung has a list of ASB patches for their October 2025 release exclusive to flagships:

security.samsungmobile.com/sec…

It's a small subset of the December 2025 patches.

Android now discloses patches around 3 months prior to their inclusion in a bulletin requiring them to raise the Android security patch level. However, OEMs are allowed to ship the patches as soon as they're receive. We're doing this in our security preview release, but with the full set of patches.

Our initial security preview release on September 25th with the November/December patches included 1 Critical severity patch and 54 High severity patches, which is the full subset applicable to Android 16. In the past couple days, 5 patches applicable to Android 16 were added and 1 was retracted.

December 2025 patches from the past couple days have been included and the January 2026 preview is now available.

Our next release coming today provides a choice to use our security preview releases in the initial setup wizard with a notification for existing users. Opting into it is recommended.

discuss.grapheneos.org/d/27068… provides more information on our security preview releases. The reason we're providing both regular and security preview releases is because we're required to wait to the embargo end date to publish the source code for the patches in the future bulletins.

GrapheneOS security preview releases - GrapheneOS Discussion Forum

GrapheneOS discussion forum

^{GrapheneOS Discussion Forum}

Ahoj, jsme skupina rodičů a na začátku září chceme spustit výzvu rodičům, aby odkládali věk, kdy svým dětem dají chytré telefony a přístup k sociálním sítím. Inspirujeme se mj. zde: smartphonefreechildhood.org/pa…. Hledáme někoho, kdo nám pomůže vybrat vhodný nástroj na sběr podpisů a práci s kontakty. Jsme schopni se složit na odměnu. Těšíme se na zprávu!

Discuss this on our forum.

Rodičovská iniciativa Dětství bez mobilu a sítí hledá pomoc s IT zázemím pro spuštění výzvy rodičům

Ahoj, jsme skupina rodičů a na začátku září chceme spustit výzvu rodičům, aby odkládali věk, kdy svým dětem dají chytré telefony a přístup k sociálním sítím. Inspirujeme se mj. zde: Sign the Parent Pact.

^{Diskutuj.Digital}

Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

(Credit and/or blame to David Gerard for starting this. Also, happy 4th July in advance...I guess.)

Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

(Credit and/or blame to David Gerard for starting this.)

BlueMonday1984

2025-05-04 23:00:08

Stubsack: weekly thread for sneers not worth an entire post, week ending 11th May 2025

Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

(Credit and/or blame to David Gerard for starting this.)

https://apnews.com/article/medicaid-cuts-trump-tax-cuts-bill-1e2b12a91a3d12ceb0420ce7053de58e

Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful you’ll near-instantly regret.

Any awful.systems sub may be subsneered in this subthread, techtakes or no.

If your sneer seems higher quality than you thought, feel free to cut’n’paste it into its own post — there’s no quota for posting and the bar really isn’t that high.

The post Xitter web has spawned soo many “esoteric” right wing freaks, but there’s no appropriate sneer-space for them. I’m talking redscare-ish, reality challenged “culture critics” who write about everything but understand nothing. I’m talking about reply-guys who make the same 6 tweets about the same 3 subjects. They’re inescapable at this point, yet I don’t see them mocked (as much as they should be)

Like, there was one dude a while back who insisted that women couldn’t be surgeons because they didn’t believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I can’t escape them, I would love to sneer at them.

(Credit and/or blame to David Gerard for starting this.)

The best way to install them is through the F-Droid store, which is a catalogue of FOSS software for Android. It's installable by downloading the .apk file linked on the front page of the F-Droid projec'ts website. The mentioned apps from the Karlsruhe Institute of Technology can then be found by searching for "SECUSO", which is the name of the research project behind them all.

Alternatively, you can also get them through the Google Play Store under this link or again by searching for "SECUSO".

In particular, I recommend getting the QR code reader, because many of the free-to-use scanners route everything you scan through their servers, so they're obviously collecting your data on their servers, wherever these may be located.

F-Droid - Free and Open Source Android App Repository

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

^f-droid.org

ArcaneChat 1.56.1 is already available in Google Play and should be available in f-droid in the upcoming days, for other download options check arcanechat.me/

🔮 What's new?

★ ignore click in info-messages from deleted in-chat apps

★ data saving: do not send messages to the server if user is the only member of the chat in single-device usage

★ protect metadata: encrypt message's sent date

★ do not fail to send messages in groups if some encryption keys are missing

★ synchronize contact name changes across devices

★ fix changing group names that was not working in some situations

★ fix: do not show outdated message text in "Message Info" of an edited message

★ some more small bug fixes and updated translations

★ update app core to 1.158.0

💜 Show your love and support ArcaneChat development: arcanechat.me/#contribute

ArcaneChat

Private chats for the family

^{arcanechat.me}

Ahojte, viem, že nás tu je málo ale pre srandu to môžeme skúsiť 🙂

Je to reakcia na túto správu: jlai.lu/post/16058178

Navrhnite teda nejakú pesničku ktorú by sme poslali na Lemmyvision 2. V skratke:

• Musí byť z minulého alebo tohoto roku (vydaná po 1. januári 2024)
• Nesmie byť medzinárodný hit (toho sa asi báť nemusíme)

A pridám aj subjektíny nápad odomňa:

• myslime na to, že pesničku bude počúvať a hodnotiť medzinárodné publikum. Možno by teda bolo lepšie, aby pesnička nestavala len na silnom texte ale musí to proste zaujať aj bez znalosti slovenského jazyka. Vžime sa do toho, čo si z tej ktorej pesničky vezme Nemec, Švéd či Portugalec

The whole site is down and I can't upload any changesets. It doesn't appear maintenance related.

You can see some stats here:

prometheus.openstreetmap.org/d…

en.osm.town/@osm_tech/11365487…

Hopefully this is not another purposeful attack on OSM.

Edit: Site is up now, but the database is read-only. See: en.osm.town/@osm_tech/11365663…

kofola.sk

Unfortunately, it seems they removed the original posts, and made them again without this image, but it still lives on the website.
Apparently they were getting hateful comments because of it.