Releases
Each Cefrium version, the CEF and Chromium upstream it tracks, and what changed. Tap a release to expand its notes.
Cefrium tracks upstream CEF release branches. Each release is built from a specific CEF branch and the Chromium revision it pins, so the Chromium security fixes in that revision are present in the corresponding Cefrium release. Upstream security updates are incorporated into the next release rather than backported. Maintained best-effort, in the tradition of upstream CEF; no SLA beyond what is stated here.
0.6.0 CEF 7871 Chromium 150.0.7871.46 2026-07-05 Fixes CVE-2026-13789 Maven
- **Engine updated to Chromium 150.0.7871.46** (from 149.0.7827.102), tracking Debian's security upload for CVE parity (includes the CVE-2026-13789 V8 fix and the rest of the 150 security roll-up). The Android port was rebased onto CEF branch 7871 and adapted to the Chromium 150 API: permission-prompt embedder seam regenerated, Android autofill client
HideAutofillSuggestions->HideSuggestions,RenderWidgetHostView::Show()->ShowWithVisibility(), non-final R viaapp_as_shared_lib, and the payments Javaservice_impl_javadep. No SDK API changes for consumers -- a drop-in engine/security refresh.
com.cefrium:cefrium-sdk:0.6.0
0.5.9 CEF 7827 Chromium 149.0.7827.102 2026-07-03 superseded
- **FedCM crash on federated sign-in pages.** The Gradle plugin now generates the R class for
org.chromium.chrome.browser.ui.android.webid; without it, a page that invoked the FedCM account chooser (AccountSelectionBridge.getBrandIconIdealSize) threwNoClassDefFoundError webid/R$dimenand crashed the browser process. Only reproduced on CERTIFIED devices (where FedCM runs). Validated on Redmi/HyperOS.
- **Incognito (private) browsing.**
CefriumBrowser.createWithSurface(activity, incognito)+isIncognito(); ComposeCefriumViewState(incognito = true)/rememberCefriumViewState(url, incognito). Incognito browsers share one off-the-record request context (isolated from normal tabs, in-memory) that is cleared when the last incognito browser closes. Validated on device: cookie isolation normal<->incognito and clear-on-close.
com.cefrium:cefrium-sdk:0.5.9
0.5.8 CEF 7827 Chromium 149.0.7827.102 2026-07-03 superseded
- Tab/session restore now loads the page instead of showing a blank tab (or crashing on some devices).
CefriumViewState(navigationState = ...)restore deferred its load to the wrong moment:Restore()ran while the initial about:blank navigation was still pending (so nothing loaded -> blank), and forcing the load inOnAfterCreatednavigated before the on-screen surface + overscroll handler existed, crashing the overscroll controller on the RenderFrameHost swap. NowrestoreNavigationStaterebuilds the stack without loading and schedules the surface connect (which restored tabs previously never did -- onlyloadUrldid); the load is triggered once, fromconnectWebContentsInternal, after the surface and handler are set up. Validated on a Redmi/W90 (Android 16, arm64) and rooted API-33/36 emulators, single- and multi-tab.
com.cefrium:cefrium-sdk:0.5.8
0.5.7 CEF 7827 Chromium 149.0.7827.102 2026-07-03 superseded
- Native pull-to-refresh: an overscroll-down gesture at the top of a page reloads it. Opt-in via CefriumBrowser.setPullToRefreshEnabled(true) (CefriumNavigator.setPullToRefreshEnabled in Compose); the handler binds once when the WebContents connects.
com.cefrium:cefrium-sdk:0.5.7
0.5.6 CEF 7827 Chromium 149.0.7827.102 2026-07-02 superseded
- Tab back/forward history restore.
CefriumBrowser.serializeNavigationState()/restoreNavigationState(byte[])capture and rebuild a tab's full navigation stack (each entry's URL and page state), andCefriumViewState(navigationState = ...)restores it. A tab restored after the app is killed can navigate back through its history, not just show its current page.
com.cefrium:cefrium-sdk:0.5.6
0.5.5 CEF 7827 Chromium 149.0.7827.102 2026-07-02 superseded
- Background audio now keeps playing reliably when the app is minimized or the screen is off. The media foreground service is driven by actual WebContents playback instead of the media session's controllability signal (which could flicker), so the process stays alive while audio plays rather than being reclaimed after about a minute.
com.cefrium:cefrium-sdk:0.5.5
0.5.4 CEF 7827 Chromium 149.0.7827.102 2026-07-02 superseded
- New host API
stopMediaSession()(onCefriumBrowserand the ComposeCefriumNavigator): stops the page's media session and dismisses its media notification. It operates at the WebContents level, so it also reaches media inside cross-origin iframes (e.g. a YouTube embed) that page JavaScript cannot pause. - Hardware and Bluetooth media keys (play/pause) now control in-page media playback.
- The system media notification now appears reliably for media documents (navigating directly to an audio/video URL) and for pages that wire
navigator.mediaSessionafter load. Previously it could fail to appear depending on when the media session was created.
com.cefrium:cefrium-sdk:0.5.4
0.5.3 CEF 7827 Chromium 149.0.7827.102 2026-06-24 superseded
- Web NFC (
NDEFReaderread/write) works end-to-end -- validated with a physical NDEF tag (read + write round-trip). - Renderer-termination callback: get told when a renderer process for your browser dies (e.g. the OEM low-memory killer reclaims it) so you can show a reload affordance instead of a silent blank page.
CefriumBrowser.setOnRenderProcessTerminatedListener((status, errorCode) -> ...)withTERMINATION_*status constants. Compose: observe the hoistedCefriumViewState.rendererTerminationor passonRenderProcessTerminatedtoCefriumWebView.CefriumBrowser.PERMISSION_NFC-- grant Web NFC via yoursetPermissionHandleror pre-authorize an origin withsetContentSetting(url, PERMISSION_NFC, SETTING_ALLOW).
- Web NFC was previously wired but every scan/write was denied or hung. Three
engine fixes: CEF mapped the NFC permission to an ungrantable type (added
CEF_PERMISSION_TYPE_NFC);NfcBlocklistread a variations field-trial param whose JNI is absent in CEF and threw (guarded); and the consumer also needsandroid.permission.VIBRATE. - Renderer terminations Android reports as
OOM_PROTECTED/EVICTED_FOR_MEMORY(the common OEM low-memory-kill path) now reachOnRenderProcessTerminatedasTS_PROCESS_OOM-- the callback previously never fired for the most common Android renderer death. - Surface-mode crash on close: a deferred WebContents-connect callback could
fire after the browser was torn down and dereference a stale pointer
(
SIGSEGV). It now short-circuits once the browser is closed.
- Web NFC consumers must declare
android.permission.NFCandandroid.permission.VIBRATEin their manifest. - Do NOT declare your own
SandboxedProcessServiceentries -- the AAR provides them (40 isolated slots); a consumer-side count both fails the manifest merge and caps the pool. See the Memory & process model guide.
- Redmi Note 13 Pro 5G / HyperOS: Web NFC read + write round-trip on a physical tag; renderer-termination on a real OEM low-memory kill.
- W90: instrumented suite 41/41 on device before publish.
com.cefrium:cefrium-sdk:0.5.3
0.5.2 CEF 7827 Chromium 149.0.7827.102 2026-06-16 superseded
- Renderer lifetime & memory: showing many pages over time -- e.g. a
CefriumBrowserPoolof pages, each with a cross-origin iframe -- no longer leaks renderers or crashes on process-per-browser devices (HyperOS / Android 16).
- Closing/evicting a browser now completes Chromium's window-destruction
handshake on Android (
CloseHostWindow->WindowDestroyed), so theWebContentsand every subframe renderer (host page + cross-origin iframe) are actually destroyed. - 40 sandboxed render-process slots (was 5); the visible browser is marked IMPORTANT and detached pooled ones MODERATE, so the OS reclaims idle renderers first and never the active one.
- Accessibility: apps with an accessibility service active (TalkBack, Switch
Access) no longer crash with
NoClassDefFoundError SelectionCompatwhen the a11y tree queries a CEFWebContents.
CefriumBrowser.setCookie(url, name, value, secure, httpOnly, sameSite)and the ComposeCefriumNavigatorparity overload -- explicit Secure / HttpOnly / SameSite (NONE / LAX / STRICT / UNSPECIFIED). The 3-argsetCookieis unchanged.- Diagnostics:
closedBrowserCount(),activeRenderProcessCount(),totalRenderFrameHostCount(),zeroFrameRenderProcessCount(),liveBrowserCount().
- Do NOT declare your own
SandboxedProcessServiceentries -- the AAR provides them; a lower count caps the pool. See the Memory & process model guide. - Inline YouTube via
loadHtmlWithBaseUrlloads the real player, but YouTube's server-side integrity check rejects locally-injected documents (Error 152, same as WebView'sloadDataWithBaseURL). To embed YouTube inline, serve the embed HTML from a real HTTP(S)/localhost origin and useloadUrl().
- Redmi Note 13 Pro 5G / HyperOS: 40 pages,
maxAlive=3, inline cross-origin YouTube video -- bounded and crash-free.
com.cefrium:cefrium-sdk:0.5.2
0.5.1 CEF 7827 Chromium 149.0.7827.102 2026-06-14 superseded
loadHtmlWithBaseUrl/loadDataWithBaseUrlonCefriumBrowserand the ComposeCefriumNavigator-- load an HTML string with a real base-URL origin and referrer (like Android WebView'sloadDataWithBaseURL), so string-loaded content can host embeds that validate their parent origin (no Error 153).
- Startup crash on Xiaomi MIUI / HyperOS (DeviceFormFactor resource-resolver guard).
- Native-FCM
FirebaseMessaging.getToken()-- declaresandroidx.datastore-preferencesfor the vendored Firebase token path. - The chrome PasswordManager no longer terminates the renderer on a
loadDataWithBaseURLdata:form (which had left the surface blank).
- Orphaned okio classes stripped from the AAR (consumer's Gradle provides the
single copy) -- no
checkDuplicateClassescollisions.
- On device, both codecs and libre variants.
0.5.0 CEF 7827 Chromium 149.0.7827.102 2026-06-10 superseded
- Major web-platform expansion: WebAuthn / passkeys, Web Bluetooth / USB / Serial device choosers, Payment Request (Google Pay), Contact Picker, File System Access, file upload, WebOTP, Web Speech recognition, Web NFC, screen capture, generic sensors, WebRTC, OPFS, and more -- inherits essentially the full Chromium web platform.
- File-picker result routing.
- Modal-dialog host.
- Video Picture-in-Picture made crash-safe.
- Exhaustively on device.
0.4.1 CEF 7827 Chromium 149.0.7827.102 2026-06-09 superseded
- Chromium security respin: fixes CVE-2026-11645 (out-of-bounds memory access in V8, exploited in the wild) plus the other CVEs in 149.0.7827.102.
- User-Agent now reports the real engine version.
0.4.0 CEF 7827 Chromium 149.0.7827.53 2026-06-08 superseded
- Chromium engine bump 148 -> 149 (149.0.7827.53, CEF branch 7827) for CVE parity with Debian Chromium. 20 Android patches; multi-ABI AAR (arm64 + x86_64).
- On device: CefInitialize, multi-process renderer, OnPaint off-screen render.
0.3.2 CEF 7778 Chromium 148.0.7778.167 2026-06-08 superseded
- Web Notifications (service-worker
showNotification) to the Android shade. - Native FCM push (bring-your-own Firebase).
- Per-origin permission via
setContentSetting(View + Compose).
0.3.1 CEF 7778 Chromium 148.0.7778.167 2026-06-06 superseded
- Maven-consumable fat AAR (self-contained resources + manifest).
- Zero-config init (no
Applicationboilerplate). - SSL cert-error and HTTP-auth handlers (WebView parity).
0.3.0 CEF 7778 Chromium 148.0.7778.167 2026-06-05 superseded
- Web permissions,
getUserMedia, system media controls, print-to-PDF, cookie and dynamic-settings APIs.
0.2.1 CEF 7778 Chromium 148.0.7778.167 2026-06-04 superseded
- First multi-ABI artifact (arm64-v8a + x86_64 in one AAR).
0.2.0 CEF 7778 Chromium 148.0.7778.167 2026-06-04 superseded
- Per-architecture artifacts; superseded the same day by 0.2.1 (multi-ABI).
0.1.0 CEF 7778 Chromium 148.0.7778.167 2026-05-26 superseded
- Early validation release.
Each release above is a source tag with notes -- the permanent parity and
security record. The consumable .aar artifacts that Gradle resolves are
published separately to the
Codeberg Maven registry. See the
Quickstart for the repository and coordinates, e.g.
com.cefrium:cefrium-sdk:0.5.2. This list is the history and never loses an
entry, even after an artifact is pruned.
Artifact retention
During early validation the Maven registry serves only the latest version, to
respect Codeberg's donation-funded storage. Superseded versions are not retained as
binaries; each is reproducible from its source tag (see the build process in
BUILD-GUIDE), and every release carries a SHA256SUMS of the
artifacts as published for verification. This policy will be revisited before
1.0 / first production adopters.
The SHA256SUMS file is GPG-signed (SHA256SUMS.asc,
detached) with the maintainer's key, fingerprint
2A84 0ED0 0DE6 69F4 219B 8B33 02A7 9E3B 8215 1695. To verify a download:
gpg --recv-keys 02A79E3B82151695 # once, to fetch the public key
gpg --verify SHA256SUMS.asc SHA256SUMS # checks the signature
sha256sum -c SHA256SUMS # checks the artifacts against it
Versioning: a release that adds public API is a minor bump; a
fixes-only release is a patch; CEF/Chromium engine bumps are recorded regardless. See
VERSIONING-CEFRIUM.md.