This release adds 6 notable features for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
Summary
AI summaryUpdates What changed, Verification, and Asset across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Low |
Defaults Linux sandboxes to a coherent profile unless Windows font pack configured. Defaults Linux sandboxes to a coherent profile unless Windows font pack configured. Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Feature | Low |
Adds profile/font-dir validation and Linux Fontconfig setup for bundled fonts. Adds profile/font-dir validation and Linux Fontconfig setup for bundled fonts. Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Feature | Low |
Adds seeded Network Information values for navigator.connection (rtt, downlink, effectiveType, saveData). Adds seeded Network Information values for navigator.connection (rtt, downlink, effectiveType, saveData). Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Feature | Low |
Adds opt‑in WebRTC proxy-coherent policy using Chromium's non‑proxied UDP disable switches. Adds opt‑in WebRTC proxy-coherent policy using Chromium's non‑proxied UDP disable switches. Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Feature | Low |
Bumps auto-download release pointer to chromium‑v148.0.7778.96‑stealth4 for fresh installs. Bumps auto-download release pointer to chromium‑v148.0.7778.96‑stealth4 for fresh installs. Source: llm_adapter@2026-05-28 Confidence: high |
— |
| Bugfix | Medium |
Verifies Notification.permission and permissions.query checks in smoke coverage. Verifies Notification.permission and permissions.query checks in smoke coverage. Source: llm_adapter@2026-05-28 Confidence: high |
— |
Full changelog
Stealth4 Linux binary
Built on an AWS c7i.8xlarge runner with CLARK_BROWSER_TARGET=chrome. The tarball keeps the rollback headless_shell launcher while making chrome the primary Linux binary.
What changed
- Bumps the auto-download release pointer to
chromium-v148.0.7778.96-stealth4, so fresh installs fetch this build. - Defaults Linux sandboxes to a Linux-coherent profile unless a Windows font pack is explicitly configured.
- Adds profile/font-dir validation and Linux Fontconfig setup for bundled font profiles.
- Verifies direct
Notification.permission === "default"pluspermissions.query({ name: "notifications" }) === "prompt"in smoke coverage. - Adds seeded Network Information values for
navigator.connection(rtt,downlink,effectiveType,saveData). - Adds opt-in WebRTC
proxy-coherentpolicy using Chromium's non-proxied UDP disable switches. - Documents WebGPU coherence: unsupported is intentional in the headless profile; if enabled, adapter identity must match the GPU profile.
Verification
python3 -m pytest tests/test_imports.py-> 39 passed.- c7 build completed
ninja -C out/Default -j 32 chromeand packagedclark-browser-linux-x64.tar.gz. - In-container Linux smoke passed all JS-surface checks, including notification, Linux font profile, network information, UA/UA-CH, WebGPU absence, and audio seed differential.
- Pulled package smoke passed for both
chromeand rollbackheadless_shelllaunchers. - WebRTC proxy smoke used a real local HTTP proxy; proxy-coherent mode exposed no private/local IPs and no non-proxy public route. The raw control gathered no candidates in the AWS Docker network, so the smoke reports that as a warning unless
CLARK_WEBRTC_REQUIRE_RAW_CANDIDATES=1is set.
Asset
clark-browser-linux-x64.tar.gz- SHA256:
30cca952d11d94ca3424ac184b100c88ba686bfb87f2aaf4668ac5767562bd67
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About Clark-Browser
All releases →Related context
Related tools
Beta — feedback welcome: [email protected]