Releases

Each Cefrium version, the CEF and Chromium upstream it tracks, and what changed. Tap a release to expand its notes.

Cefrium tracks upstream CEF release branches. Each release is built from a specific CEF branch and the Chromium revision it pins, so the Chromium security fixes in that revision are present in the corresponding Cefrium release. Upstream security updates are incorporated into the next release rather than backported. Maintained best-effort, in the tradition of upstream CEF; no SLA beyond what is stated here.

0.6.0 CEF 7871 Chromium 150.0.7871.46 2026-07-05 Fixes CVE-2026-13789 Maven
Changed
  • **Engine updated to Chromium 150.0.7871.46** (from 149.0.7827.102), tracking Debian's security upload for CVE parity (includes the CVE-2026-13789 V8 fix and the rest of the 150 security roll-up). The Android port was rebased onto CEF branch 7871 and adapted to the Chromium 150 API: permission-prompt embedder seam regenerated, Android autofill client HideAutofillSuggestions -> HideSuggestions, RenderWidgetHostView::Show() -> ShowWithVisibility(), non-final R via app_as_shared_lib, and the payments Java service_impl_java dep. No SDK API changes for consumers -- a drop-in engine/security refresh.
0.5.9 CEF 7827 Chromium 149.0.7827.102 2026-07-03 superseded
Fixed
  • **FedCM crash on federated sign-in pages.** The Gradle plugin now generates the R class for org.chromium.chrome.browser.ui.android.webid; without it, a page that invoked the FedCM account chooser (AccountSelectionBridge.getBrandIconIdealSize) threw NoClassDefFoundError webid/R$dimen and crashed the browser process. Only reproduced on CERTIFIED devices (where FedCM runs). Validated on Redmi/HyperOS.
Added
  • **Incognito (private) browsing.** CefriumBrowser.createWithSurface(activity, incognito) + isIncognito(); Compose CefriumViewState(incognito = true) / rememberCefriumViewState(url, incognito). Incognito browsers share one off-the-record request context (isolated from normal tabs, in-memory) that is cleared when the last incognito browser closes. Validated on device: cookie isolation normal<->incognito and clear-on-close.
0.5.8 CEF 7827 Chromium 149.0.7827.102 2026-07-03 superseded
Fixed
  • Tab/session restore now loads the page instead of showing a blank tab (or crashing on some devices). CefriumViewState(navigationState = ...) restore deferred its load to the wrong moment: Restore() ran while the initial about:blank navigation was still pending (so nothing loaded -> blank), and forcing the load in OnAfterCreated navigated before the on-screen surface + overscroll handler existed, crashing the overscroll controller on the RenderFrameHost swap. Now restoreNavigationState rebuilds the stack without loading and schedules the surface connect (which restored tabs previously never did -- only loadUrl did); the load is triggered once, from connectWebContentsInternal, after the surface and handler are set up. Validated on a Redmi/W90 (Android 16, arm64) and rooted API-33/36 emulators, single- and multi-tab.
0.5.7 CEF 7827 Chromium 149.0.7827.102 2026-07-03 superseded
Notes
  • Native pull-to-refresh: an overscroll-down gesture at the top of a page reloads it. Opt-in via CefriumBrowser.setPullToRefreshEnabled(true) (CefriumNavigator.setPullToRefreshEnabled in Compose); the handler binds once when the WebContents connects.
0.5.6 CEF 7827 Chromium 149.0.7827.102 2026-07-02 superseded
Added
  • Tab back/forward history restore. CefriumBrowser.serializeNavigationState() / restoreNavigationState(byte[]) capture and rebuild a tab's full navigation stack (each entry's URL and page state), and CefriumViewState(navigationState = ...) restores it. A tab restored after the app is killed can navigate back through its history, not just show its current page.
0.5.5 CEF 7827 Chromium 149.0.7827.102 2026-07-02 superseded
Fixed
  • Background audio now keeps playing reliably when the app is minimized or the screen is off. The media foreground service is driven by actual WebContents playback instead of the media session's controllability signal (which could flicker), so the process stays alive while audio plays rather than being reclaimed after about a minute.
0.5.4 CEF 7827 Chromium 149.0.7827.102 2026-07-02 superseded
Highlights
  • New host API stopMediaSession() (on CefriumBrowser and the Compose CefriumNavigator): stops the page's media session and dismisses its media notification. It operates at the WebContents level, so it also reaches media inside cross-origin iframes (e.g. a YouTube embed) that page JavaScript cannot pause.
  • Hardware and Bluetooth media keys (play/pause) now control in-page media playback.
Fixed
  • The system media notification now appears reliably for media documents (navigating directly to an audio/video URL) and for pages that wire navigator.mediaSession after load. Previously it could fail to appear depending on when the media session was created.
0.5.3 CEF 7827 Chromium 149.0.7827.102 2026-06-24 superseded
Highlights
  • Web NFC (NDEFReader read/write) works end-to-end -- validated with a physical NDEF tag (read + write round-trip).
  • Renderer-termination callback: get told when a renderer process for your browser dies (e.g. the OEM low-memory killer reclaims it) so you can show a reload affordance instead of a silent blank page.
Added
  • CefriumBrowser.setOnRenderProcessTerminatedListener((status, errorCode) -> ...) with TERMINATION_* status constants. Compose: observe the hoisted CefriumViewState.rendererTermination or pass onRenderProcessTerminated to CefriumWebView.
  • CefriumBrowser.PERMISSION_NFC -- grant Web NFC via your setPermissionHandler or pre-authorize an origin with setContentSetting(url, PERMISSION_NFC, SETTING_ALLOW).
Fixed
  • Web NFC was previously wired but every scan/write was denied or hung. Three engine fixes: CEF mapped the NFC permission to an ungrantable type (added CEF_PERMISSION_TYPE_NFC); NfcBlocklist read a variations field-trial param whose JNI is absent in CEF and threw (guarded); and the consumer also needs android.permission.VIBRATE.
  • Renderer terminations Android reports as OOM_PROTECTED / EVICTED_FOR_MEMORY (the common OEM low-memory-kill path) now reach OnRenderProcessTerminated as TS_PROCESS_OOM -- the callback previously never fired for the most common Android renderer death.
  • Surface-mode crash on close: a deferred WebContents-connect callback could fire after the browser was torn down and dereference a stale pointer (SIGSEGV). It now short-circuits once the browser is closed.
Notes
  • Web NFC consumers must declare android.permission.NFC and android.permission.VIBRATE in their manifest.
  • Do NOT declare your own SandboxedProcessService entries -- the AAR provides them (40 isolated slots); a consumer-side count both fails the manifest merge and caps the pool. See the Memory & process model guide.
Validated
  • Redmi Note 13 Pro 5G / HyperOS: Web NFC read + write round-trip on a physical tag; renderer-termination on a real OEM low-memory kill.
  • W90: instrumented suite 41/41 on device before publish.
0.5.2 CEF 7827 Chromium 149.0.7827.102 2026-06-16 superseded
Highlights
  • Renderer lifetime & memory: showing many pages over time -- e.g. a CefriumBrowserPool of pages, each with a cross-origin iframe -- no longer leaks renderers or crashes on process-per-browser devices (HyperOS / Android 16).
Fixed
  • Closing/evicting a browser now completes Chromium's window-destruction handshake on Android (CloseHostWindow -> WindowDestroyed), so the WebContents and every subframe renderer (host page + cross-origin iframe) are actually destroyed.
  • 40 sandboxed render-process slots (was 5); the visible browser is marked IMPORTANT and detached pooled ones MODERATE, so the OS reclaims idle renderers first and never the active one.
  • Accessibility: apps with an accessibility service active (TalkBack, Switch Access) no longer crash with NoClassDefFoundError SelectionCompat when the a11y tree queries a CEF WebContents.
Added
  • CefriumBrowser.setCookie(url, name, value, secure, httpOnly, sameSite) and the Compose CefriumNavigator parity overload -- explicit Secure / HttpOnly / SameSite (NONE / LAX / STRICT / UNSPECIFIED). The 3-arg setCookie is unchanged.
  • Diagnostics: closedBrowserCount(), activeRenderProcessCount(), totalRenderFrameHostCount(), zeroFrameRenderProcessCount(), liveBrowserCount().
Notes
  • Do NOT declare your own SandboxedProcessService entries -- the AAR provides them; a lower count caps the pool. See the Memory & process model guide.
  • Inline YouTube via loadHtmlWithBaseUrl loads the real player, but YouTube's server-side integrity check rejects locally-injected documents (Error 152, same as WebView's loadDataWithBaseURL). To embed YouTube inline, serve the embed HTML from a real HTTP(S)/localhost origin and use loadUrl().
Validated
  • Redmi Note 13 Pro 5G / HyperOS: 40 pages, maxAlive=3, inline cross-origin YouTube video -- bounded and crash-free.
0.5.1 CEF 7827 Chromium 149.0.7827.102 2026-06-14 superseded
Added
  • loadHtmlWithBaseUrl / loadDataWithBaseUrl on CefriumBrowser and the Compose CefriumNavigator -- load an HTML string with a real base-URL origin and referrer (like Android WebView's loadDataWithBaseURL), so string-loaded content can host embeds that validate their parent origin (no Error 153).
Fixed
  • Startup crash on Xiaomi MIUI / HyperOS (DeviceFormFactor resource-resolver guard).
  • Native-FCM FirebaseMessaging.getToken() -- declares androidx.datastore-preferences for the vendored Firebase token path.
  • The chrome PasswordManager no longer terminates the renderer on a loadDataWithBaseURL data: form (which had left the surface blank).
Packaging
  • Orphaned okio classes stripped from the AAR (consumer's Gradle provides the single copy) -- no checkDuplicateClasses collisions.
Validated
  • On device, both codecs and libre variants.
0.5.0 CEF 7827 Chromium 149.0.7827.102 2026-06-10 superseded
Highlights
  • Major web-platform expansion: WebAuthn / passkeys, Web Bluetooth / USB / Serial device choosers, Payment Request (Google Pay), Contact Picker, File System Access, file upload, WebOTP, Web Speech recognition, Web NFC, screen capture, generic sensors, WebRTC, OPFS, and more -- inherits essentially the full Chromium web platform.
Fixed
  • File-picker result routing.
  • Modal-dialog host.
  • Video Picture-in-Picture made crash-safe.
Validated
  • Exhaustively on device.
0.4.1 CEF 7827 Chromium 149.0.7827.102 2026-06-09 superseded
Security
  • Chromium security respin: fixes CVE-2026-11645 (out-of-bounds memory access in V8, exploited in the wild) plus the other CVEs in 149.0.7827.102.
  • User-Agent now reports the real engine version.
0.4.0 CEF 7827 Chromium 149.0.7827.53 2026-06-08 superseded
Engine
  • Chromium engine bump 148 -> 149 (149.0.7827.53, CEF branch 7827) for CVE parity with Debian Chromium. 20 Android patches; multi-ABI AAR (arm64 + x86_64).
Validated
  • On device: CefInitialize, multi-process renderer, OnPaint off-screen render.
0.3.2 CEF 7778 Chromium 148.0.7778.167 2026-06-08 superseded
Added
  • Web Notifications (service-worker showNotification) to the Android shade.
  • Native FCM push (bring-your-own Firebase).
  • Per-origin permission via setContentSetting (View + Compose).
0.3.1 CEF 7778 Chromium 148.0.7778.167 2026-06-06 superseded
Added
  • Maven-consumable fat AAR (self-contained resources + manifest).
  • Zero-config init (no Application boilerplate).
  • SSL cert-error and HTTP-auth handlers (WebView parity).
0.3.0 CEF 7778 Chromium 148.0.7778.167 2026-06-05 superseded
Added
  • Web permissions, getUserMedia, system media controls, print-to-PDF, cookie and dynamic-settings APIs.
0.2.1 CEF 7778 Chromium 148.0.7778.167 2026-06-04 superseded
Packaging
  • First multi-ABI artifact (arm64-v8a + x86_64 in one AAR).
0.2.0 CEF 7778 Chromium 148.0.7778.167 2026-06-04 superseded
Packaging
  • Per-architecture artifacts; superseded the same day by 0.2.1 (multi-ABI).
0.1.0 CEF 7778 Chromium 148.0.7778.167 2026-05-26 superseded
Milestone
  • Early validation release.

Each release above is a source tag with notes -- the permanent parity and security record. The consumable .aar artifacts that Gradle resolves are published separately to the Codeberg Maven registry. See the Quickstart for the repository and coordinates, e.g. com.cefrium:cefrium-sdk:0.5.2. This list is the history and never loses an entry, even after an artifact is pruned.

Artifact retention

During early validation the Maven registry serves only the latest version, to respect Codeberg's donation-funded storage. Superseded versions are not retained as binaries; each is reproducible from its source tag (see the build process in BUILD-GUIDE), and every release carries a SHA256SUMS of the artifacts as published for verification. This policy will be revisited before 1.0 / first production adopters.

The SHA256SUMS file is GPG-signed (SHA256SUMS.asc, detached) with the maintainer's key, fingerprint 2A84 0ED0 0DE6 69F4 219B 8B33 02A7 9E3B 8215 1695. To verify a download:

gpg --recv-keys 02A79E3B82151695        # once, to fetch the public key
gpg --verify SHA256SUMS.asc SHA256SUMS  # checks the signature
sha256sum -c SHA256SUMS                 # checks the artifacts against it

Versioning: a release that adds public API is a minor bump; a fixes-only release is a patch; CEF/Chromium engine bumps are recorded regardless. See VERSIONING-CEFRIUM.md.