From fff9cae193f2147d17bda7ced58345c7c77e9fcd Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Sun, 22 Jun 2025 23:29:37 -0400 Subject: [PATCH 01/11] chore: Update add-feature-to-show-puny-code.patch --- patches/add-feature-to-show-puny-code.patch | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/patches/add-feature-to-show-puny-code.patch b/patches/add-feature-to-show-puny-code.patch index 830a27da..c5a21bab 100644 --- a/patches/add-feature-to-show-puny-code.patch +++ b/patches/add-feature-to-show-puny-code.patch @@ -22,7 +22,7 @@ index 63b6e1583a837..a0b8b8c588161 100644 // on a per-component basis. std::u16string out16; diff --git a/url/url_features.cc b/url/url_features.cc -index 584e93ac72bd1..b89fea48914d6 100644 +index 89884ac867..ff2f72cf7c 100644 --- a/url/url_features.cc +++ b/url/url_features.cc @@ -7,6 +7,10 @@ @@ -33,9 +33,9 @@ index 584e93ac72bd1..b89fea48914d6 100644 + "ShowPunycodeDomains", + base::FEATURE_DISABLED_BY_DEFAULT); + - BASE_FEATURE(kUseIDNA2008NonTransitional, - "UseIDNA2008NonTransitional", - base::FEATURE_ENABLED_BY_DEFAULT); + // Kill switch for crbug.com/1416006. + BASE_FEATURE(kStandardCompliantNonSpecialSchemeURLParsing, + "StandardCompliantNonSpecialSchemeURLParsing", diff --git a/url/url_features.h b/url/url_features.h index fa4493a12e9c1..70c5d811122fe 100644 --- a/url/url_features.h From b2bb4fe0c010721903169e63386ffe6f871dccc2 Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Sun, 22 Jun 2025 23:38:12 -0400 Subject: [PATCH 02/11] chore: Update disable-gen-ai-features-and-logging-by-default.patch --- ...isable-gen-ai-features-and-logging-by-default.patch | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/patches/disable-gen-ai-features-and-logging-by-default.patch b/patches/disable-gen-ai-features-and-logging-by-default.patch index f5626ef5..e82d6164 100644 --- a/patches/disable-gen-ai-features-and-logging-by-default.patch +++ b/patches/disable-gen-ai-features-and-logging-by-default.patch @@ -51,15 +51,15 @@ index 9a00400829..91a9b429e3 100644 #if BUILDFLAG(IS_CHROMEOS) diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc -index 3ebb85bbe3..1193f35958 100644 +index e856d9cf62..d41a8b15a2 100644 --- a/chrome/browser/chrome_content_browser_client.cc +++ b/chrome/browser/chrome_content_browser_client.cc -@@ -1666,7 +1666,7 @@ void ChromeContentBrowserClient::RegisterProfilePrefs( +@@ -1505,7 +1505,7 @@ void ChromeContentBrowserClient::RegisterProfilePrefs( prefs::kServiceWorkerToControlSrcdocIframeEnabled, true); registry->RegisterBooleanPref(prefs::kReduceAcceptLanguageEnabled, true); registry->RegisterBooleanPref(policy::policy_prefs::kBuiltInAIAPIsEnabled, - true); + false); - } - - // static + registry->RegisterBooleanPref( + prefs::kClearWindowNameForNewBrowsingContextGroup, true); + registry->RegisterBooleanPref(prefs::kPrefetchWithServiceWorkerEnabled, true); From 246d39d8b41bc630fc55a691a2a70693e9a824af Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Sun, 22 Jun 2025 23:41:03 -0400 Subject: [PATCH 03/11] chore: Update disable-gen-ai-features-and-logging-by-default.patch --- ...-gen-ai-features-and-logging-by-default.patch | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/patches/disable-gen-ai-features-and-logging-by-default.patch b/patches/disable-gen-ai-features-and-logging-by-default.patch index e82d6164..090a2909 100644 --- a/patches/disable-gen-ai-features-and-logging-by-default.patch +++ b/patches/disable-gen-ai-features-and-logging-by-default.patch @@ -63,3 +63,19 @@ index e856d9cf62..d41a8b15a2 100644 registry->RegisterBooleanPref( prefs::kClearWindowNameForNewBrowsingContextGroup, true); registry->RegisterBooleanPref(prefs::kPrefetchWithServiceWorkerEnabled, true); +diff --git a/components/omnibox/browser/omnibox_prefs.cc b/components/omnibox/browser/omnibox_prefs.cc +index b7126a3b53..f1f7b6bec0 100644 +--- a/components/omnibox/browser/omnibox_prefs.cc ++++ b/components/omnibox/browser/omnibox_prefs.cc +@@ -50,8 +50,8 @@ void RegisterProfilePrefs(PrefRegistrySimple* registry) { + // TODO(crbug.com/422744656): Remove `kAIModeSearchSuggestSettings` pref once + // `kAIModeSettings` is implemented. + registry->RegisterIntegerPref(omnibox::kAIModeSearchSuggestSettings, +- kAIModeSearchSuggestAllowed); +- registry->RegisterIntegerPref(omnibox::kAIModeSettings, kAIModeAllowed); ++ 1); ++ registry->RegisterIntegerPref(omnibox::kAIModeSettings, 1); + } + + void SetUserPreferenceForZeroSuggestCachedResponse( + From 91e1c37846891bc6736e319aa8251f4339391389 Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Sun, 22 Jun 2025 23:43:32 -0400 Subject: [PATCH 04/11] chore: Update disable-infobar-for-builds-without-api-key.patch --- ...e-infobar-for-builds-without-api-key.patch | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/patches/disable-infobar-for-builds-without-api-key.patch b/patches/disable-infobar-for-builds-without-api-key.patch index 8ba25ea4..271f6b02 100644 --- a/patches/disable-infobar-for-builds-without-api-key.patch +++ b/patches/disable-infobar-for-builds-without-api-key.patch @@ -1,15 +1,15 @@ diff --git a/chrome/browser/ui/startup/infobar_utils.cc b/chrome/browser/ui/startup/infobar_utils.cc -index d3ad537ab2055..1fcf5da985d74 100644 +index d52ef581ac..d4e328ea32 100644 --- a/chrome/browser/ui/startup/infobar_utils.cc +++ b/chrome/browser/ui/startup/infobar_utils.cc -@@ -154,10 +154,6 @@ void AddInfoBarsIfNecessary(Browser* browser, - infobars::ContentInfoBarManager* infobar_manager = - infobars::ContentInfoBarManager::FromWebContents(web_contents); +@@ -171,10 +171,6 @@ void AddInfoBarsIfNecessary(Browser* browser, + infobars::ContentInfoBarManager* infobar_manager = + infobars::ContentInfoBarManager::FromWebContents(web_contents); -- if (!google_apis::HasAPIKeyConfigured()) { -- GoogleApiKeysInfoBarDelegate::Create(infobar_manager); -- } +- if (!google_apis::HasAPIKeyConfigured()) { +- GoogleApiKeysInfoBarDelegate::Create(infobar_manager); +- } - - if (ObsoleteSystem::IsObsoleteNowOrSoon()) { - PrefService* local_state = g_browser_process->local_state(); - if (!local_state || + if (ObsoleteSystem::IsObsoleteNowOrSoon()) { + PrefService* local_state = g_browser_process->local_state(); + if (!local_state || From daa2a0314c3e2014ab6e6ac85baf9f34726053d0 Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Sun, 22 Jun 2025 23:47:41 -0400 Subject: [PATCH 05/11] chore: Update disable-global-shortcuts-portal.patch --- patches/disable-global-shortcuts-portal.patch | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/patches/disable-global-shortcuts-portal.patch b/patches/disable-global-shortcuts-portal.patch index 67c836c4..7b0d3463 100644 --- a/patches/disable-global-shortcuts-portal.patch +++ b/patches/disable-global-shortcuts-portal.patch @@ -1,13 +1,13 @@ diff --git a/ui/base/accelerators/global_accelerator_listener/global_accelerator_listener_ozone.cc b/ui/base/accelerators/global_accelerator_listener/global_accelerator_listener_ozone.cc -index c98ecc3600..e4a772c18a 100644 +index b6985bd63a..c8f0e2e960 100644 --- a/ui/base/accelerators/global_accelerator_listener/global_accelerator_listener_ozone.cc +++ b/ui/base/accelerators/global_accelerator_listener/global_accelerator_listener_ozone.cc -@@ -23,7 +23,7 @@ namespace { +@@ -25,7 +25,7 @@ namespace { #if BUILDFLAG(IS_LINUX) && BUILDFLAG(USE_DBUS) BASE_FEATURE(kGlobalShortcutsPortal, "GlobalShortcutsPortal", - base::FEATURE_ENABLED_BY_DEFAULT); + base::FEATURE_DISABLED_BY_DEFAULT); - #endif - } // namespace + constexpr char kChannelEnvVar[] = "CHROME_VERSION_EXTRA"; + #if BUILDFLAG(GOOGLE_CHROME_BRANDING) From 30d9caf73a9336d1b8cb85174d85f8c15de32cfd Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Sun, 22 Jun 2025 23:52:54 -0400 Subject: [PATCH 06/11] Delete patches/revert-upstream-Revert-clearing-javascript-JIT-site-settings.patch --- ...learing-javascript-JIT-site-settings.patch | 103 ------------------ 1 file changed, 103 deletions(-) delete mode 100644 patches/revert-upstream-Revert-clearing-javascript-JIT-site-settings.patch diff --git a/patches/revert-upstream-Revert-clearing-javascript-JIT-site-settings.patch b/patches/revert-upstream-Revert-clearing-javascript-JIT-site-settings.patch deleted file mode 100644 index 8d00f3cb..00000000 --- a/patches/revert-upstream-Revert-clearing-javascript-JIT-site-settings.patch +++ /dev/null @@ -1,103 +0,0 @@ -# This is ripped from a Vanadium patch to achieve the same thing -diff --git a/components/content_settings/core/browser/content_settings_default_provider.cc b/components/content_settings/core/browser/content_settings_default_provider.cc -index 3a7d5b3d4a6ab..13cce26bec510 100644 ---- a/components/content_settings/core/browser/content_settings_default_provider.cc -+++ b/components/content_settings/core/browser/content_settings_default_provider.cc -@@ -62,7 +62,7 @@ const char kObsoletePpapiBrokerDefaultPref[] = - constexpr char kObsoleteFederatedIdentityDefaultPref[] = - "profile.default_content_setting_values.fedcm_active_session"; - --#if !BUILDFLAG(IS_IOS) -+#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - // This setting was accidentally bound to a UI surface intended for a different - // setting (https://crbug.com/364820109). It should not have been settable - // except via enterprise policy, so it is temporarily cleaned up here to revert -@@ -72,7 +72,7 @@ constexpr char kBug364820109DefaultSettingToClear[] = - "profile.default_content_setting_values.javascript_jit"; - constexpr char kBug364820109AlreadyWorkedAroundPref[] = - "profile.did_work_around_bug_364820109_default"; --#endif // !BUILDFLAG(IS_IOS) -+#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - - ContentSetting GetDefaultValue(const WebsiteSettingsInfo* info) { - const base::Value& initial_default = info->initial_default_value(); -@@ -152,10 +152,10 @@ void DefaultProvider::RegisterProfilePrefs( - #endif // !BUILDFLAG(IS_IOS) - registry->RegisterIntegerPref(kObsoleteFederatedIdentityDefaultPref, 0); - --#if !BUILDFLAG(IS_IOS) -+#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - // TODO(https://crbug.com/367181093): clean this up. - registry->RegisterBooleanPref(kBug364820109AlreadyWorkedAroundPref, false); --#endif // !BUILDFLAG(IS_IOS) -+#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - } - - DefaultProvider::DefaultProvider(PrefService* prefs, -@@ -396,13 +396,13 @@ void DefaultProvider::DiscardOrMigrateObsoletePreferences() { - #endif // !BUILDFLAG(IS_IOS) - prefs_->ClearPref(kObsoleteFederatedIdentityDefaultPref); - --#if !BUILDFLAG(IS_IOS) -+#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - // TODO(https://crbug.com/367181093): clean this up. - if (!prefs_->GetBoolean(kBug364820109AlreadyWorkedAroundPref)) { - prefs_->ClearPref(kBug364820109DefaultSettingToClear); - prefs_->SetBoolean(kBug364820109AlreadyWorkedAroundPref, true); - } --#endif // !BUILDFLAG(IS_IOS) -+#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - } - - void DefaultProvider::RecordHistogramMetrics() { -diff --git a/components/content_settings/core/browser/content_settings_pref_provider.cc b/components/content_settings/core/browser/content_settings_pref_provider.cc -index 58d8b0db8fd7e..98cdc365086bc 100644 ---- a/components/content_settings/core/browser/content_settings_pref_provider.cc -+++ b/components/content_settings/core/browser/content_settings_pref_provider.cc -@@ -58,7 +58,7 @@ const char - constexpr char kObsoleteFederatedIdentityActiveSesssionExceptionsPref[] = - "profile.content_settings.exceptions.fedcm_active_session"; - --#if !BUILDFLAG(IS_IOS) -+#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - // This setting was accidentally bound to a UI surface intended for a different - // setting (https://crbug.com/364820109). It should not have been settable - // except via enterprise policy, so it is temporarily cleaned up here to revert -@@ -68,7 +68,7 @@ constexpr char kBug364820109ExceptionSettingToClear[] = - "profile.content_settings.exceptions.javascript_jit"; - constexpr char kBug364820109AlreadyWorkedAroundPref[] = - "profile.did_work_around_bug_364820109_exceptions"; --#endif // !BUILDFLAG(IS_IOS) -+#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - - } // namespace - -@@ -106,10 +106,10 @@ void PrefProvider::RegisterProfilePrefs( - kObsoleteGetDisplayMediaSetAutoSelectAllScreensAllowedForUrlsExceptionsPref); - registry->RegisterListPref( - kObsoleteFederatedIdentityActiveSesssionExceptionsPref); --#if !BUILDFLAG(IS_IOS) -+#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - // TODO(https://crbug.com/367181093): clean this up. - registry->RegisterBooleanPref(kBug364820109AlreadyWorkedAroundPref, false); --#endif // !BUILDFLAG(IS_IOS) -+#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - } - - PrefProvider::PrefProvider(PrefService* prefs, -@@ -444,13 +444,13 @@ void PrefProvider::DiscardOrMigrateObsoletePreferences() { - kObsoleteGetDisplayMediaSetAutoSelectAllScreensAllowedForUrlsExceptionsPref); - prefs_->ClearPref(kObsoleteFederatedIdentityActiveSesssionExceptionsPref); - --#if !BUILDFLAG(IS_IOS) -+#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - // TODO(https://crbug.com/367181093): clean this up. - if (!prefs_->GetBoolean(kBug364820109AlreadyWorkedAroundPref)) { - prefs_->ClearPref(kBug364820109ExceptionSettingToClear); - prefs_->SetBoolean(kBug364820109AlreadyWorkedAroundPref, true); - } --#endif // !BUILDFLAG(IS_IOS) -+#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) - } - - void PrefProvider::SetClockForTesting(const base::Clock* clock) { From ac41beaca13b51d47d3f73626de5c3c136ae0077 Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Mon, 23 Jun 2025 00:11:49 -0400 Subject: [PATCH 07/11] chore: Create revert-javascript-jit-clearing.patch --- patches/revert-javascript-jit-clearing.patch | 96 ++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 patches/revert-javascript-jit-clearing.patch diff --git a/patches/revert-javascript-jit-clearing.patch b/patches/revert-javascript-jit-clearing.patch new file mode 100644 index 00000000..bc47c8b7 --- /dev/null +++ b/patches/revert-javascript-jit-clearing.patch @@ -0,0 +1,96 @@ +diff --git a/components/content_settings/core/browser/content_settings_default_provider.cc b/components/content_settings/core/browser/content_settings_default_provider.cc +index 4d550b6b82892..e7503446578b9 100644 +--- a/components/content_settings/core/browser/content_settings_default_provider.cc ++++ b/components/content_settings/core/browser/content_settings_default_provider.cc +@@ -62,7 +62,7 @@ const char kObsoletePpapiBrokerDefaultPref[] = + constexpr char kObsoleteFederatedIdentityDefaultPref[] = + "profile.default_content_setting_values.fedcm_active_session"; + +-#if !BUILDFLAG(IS_IOS) ++#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + // This setting was accidentally bound to a UI surface intended for a different + // setting (https://crbug.com/364820109). It should not have been settable + // except via enterprise policy, so it is temporarily cleaned up here to revert +@@ -70,7 +70,7 @@ constexpr char kObsoleteFederatedIdentityDefaultPref[] = + // TODO(https://crbug.com/367181093): clean this up. + constexpr char kBug364820109AlreadyWorkedAroundPref[] = + "profile.did_work_around_bug_364820109_default"; +-#endif // !BUILDFLAG(IS_IOS) ++#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + + ContentSetting GetDefaultValue(const WebsiteSettingsInfo* info) { + const base::Value& initial_default = info->initial_default_value(); +@@ -123,10 +123,10 @@ void DefaultProvider::RegisterProfilePrefs( + #endif // !BUILDFLAG(IS_IOS) + registry->RegisterIntegerPref(kObsoleteFederatedIdentityDefaultPref, 0); + +-#if !BUILDFLAG(IS_IOS) ++#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + // TODO(https://crbug.com/367181093): clean this up. + registry->RegisterBooleanPref(kBug364820109AlreadyWorkedAroundPref, false); +-#endif // !BUILDFLAG(IS_IOS) ++#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + } + + DefaultProvider::DefaultProvider(PrefService* prefs, +@@ -364,10 +364,10 @@ void DefaultProvider::DiscardOrMigrateObsoletePreferences() { + #endif // !BUILDFLAG(IS_IOS) + prefs_->ClearPref(kObsoleteFederatedIdentityDefaultPref); + +-#if !BUILDFLAG(IS_IOS) ++#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + // TODO(https://crbug.com/367181093): clean this up. + prefs_->ClearPref(kBug364820109AlreadyWorkedAroundPref); +-#endif // !BUILDFLAG(IS_IOS) ++#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + } + + void DefaultProvider::RecordHistogramMetrics() { +diff --git a/components/content_settings/core/browser/content_settings_pref_provider.cc b/components/content_settings/core/browser/content_settings_pref_provider.cc +index c7aeb13ca4211..55bbe4697bb3d 100644 +--- a/components/content_settings/core/browser/content_settings_pref_provider.cc ++++ b/components/content_settings/core/browser/content_settings_pref_provider.cc +@@ -57,7 +57,7 @@ const char + constexpr char kObsoleteFederatedIdentityActiveSesssionExceptionsPref[] = + "profile.content_settings.exceptions.fedcm_active_session"; + +-#if !BUILDFLAG(IS_IOS) ++#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + // This setting was accidentally bound to a UI surface intended for a different + // setting (https://crbug.com/364820109). It should not have been settable + // except via enterprise policy, so it is temporarily cleaned up here to revert +@@ -65,7 +65,7 @@ constexpr char kObsoleteFederatedIdentityActiveSesssionExceptionsPref[] = + // TODO(https://crbug.com/367181093): clean this up. + constexpr char kBug364820109AlreadyWorkedAroundPref[] = + "profile.did_work_around_bug_364820109_exceptions"; +-#endif // !BUILDFLAG(IS_IOS) ++#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + + } // namespace + +@@ -103,10 +103,10 @@ void PrefProvider::RegisterProfilePrefs( + kObsoleteGetDisplayMediaSetAutoSelectAllScreensAllowedForUrlsExceptionsPref); + registry->RegisterListPref( + kObsoleteFederatedIdentityActiveSesssionExceptionsPref); +-#if !BUILDFLAG(IS_IOS) ++#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + // TODO(https://crbug.com/367181093): clean this up. + registry->RegisterBooleanPref(kBug364820109AlreadyWorkedAroundPref, false); +-#endif // !BUILDFLAG(IS_IOS) ++#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + } + + PrefProvider::PrefProvider(PrefService* prefs, +@@ -442,10 +442,10 @@ void PrefProvider::DiscardOrMigrateObsoletePreferences() { + kObsoleteGetDisplayMediaSetAutoSelectAllScreensAllowedForUrlsExceptionsPref); + prefs_->ClearPref(kObsoleteFederatedIdentityActiveSesssionExceptionsPref); + +-#if !BUILDFLAG(IS_IOS) ++#if !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + // TODO(https://crbug.com/367181093): clean this up. + prefs_->ClearPref(kBug364820109AlreadyWorkedAroundPref); +-#endif // !BUILDFLAG(IS_IOS) ++#endif // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_LINUX) + } + + void PrefProvider::SetClockForTesting(const base::Clock* clock) { From 9119156c495a68dc8090f4ccf6d71953e564dcb5 Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Mon, 23 Jun 2025 00:13:32 -0400 Subject: [PATCH 08/11] chore: Update and rename enable-private-network-access-restriction.patch to enable-local-network-access-restriction.patch --- .../enable-local-network-access-restriction.patch | 13 +++++++++++++ .../enable-private-network-access-restriction.patch | 13 ------------- 2 files changed, 13 insertions(+), 13 deletions(-) create mode 100644 patches/enable-local-network-access-restriction.patch delete mode 100644 patches/enable-private-network-access-restriction.patch diff --git a/patches/enable-local-network-access-restriction.patch b/patches/enable-local-network-access-restriction.patch new file mode 100644 index 00000000..7ad029a9 --- /dev/null +++ b/patches/enable-local-network-access-restriction.patch @@ -0,0 +1,13 @@ +diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc +index bab4996a00..804cec796f 100644 +--- a/chrome/browser/prefs/browser_prefs.cc ++++ b/chrome/browser/prefs/browser_prefs.cc +@@ -2303,7 +2303,7 @@ void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry, + + // TODO(crbug.com/400455013): Add LNA support on Android + registry->RegisterBooleanPref( +- prefs::kManagedLocalNetworkAccessRestrictionsEnabled, false); ++ prefs::kManagedLocalNetworkAccessRestrictionsEnabled, true); + #endif // !BUILDFLAG(IS_ANDROID) + + #if BUILDFLAG(IS_ANDROID) diff --git a/patches/enable-private-network-access-restriction.patch b/patches/enable-private-network-access-restriction.patch deleted file mode 100644 index 6ee93db9..00000000 --- a/patches/enable-private-network-access-restriction.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc -index 3e27913d47dc7..702054201581a 100644 ---- a/chrome/browser/prefs/browser_prefs.cc -+++ b/chrome/browser/prefs/browser_prefs.cc -@@ -2354,7 +2354,7 @@ void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry, - #endif - - registry->RegisterBooleanPref( -- prefs::kManagedPrivateNetworkAccessRestrictionsEnabled, false); -+ prefs::kManagedPrivateNetworkAccessRestrictionsEnabled, true); - - #if BUILDFLAG(ENTERPRISE_DATA_CONTROLS) - data_controls::RegisterProfilePrefs(registry); From 9ed858b2400440d4c0d8769bea86d1c0b7381da4 Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Mon, 23 Jun 2025 00:18:46 -0400 Subject: [PATCH 09/11] chore: Update disable-jit-for-internal-pages.patch --- patches/disable-jit-for-internal-pages.patch | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/patches/disable-jit-for-internal-pages.patch b/patches/disable-jit-for-internal-pages.patch index 79efc47b..3bc49d52 100644 --- a/patches/disable-jit-for-internal-pages.patch +++ b/patches/disable-jit-for-internal-pages.patch @@ -1,14 +1,15 @@ diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc -index e5ce608907f72..09159a4e83115 100644 +index e856d9cf62..9e80d0ae42 100644 --- a/chrome/browser/chrome_content_browser_client.cc +++ b/chrome/browser/chrome_content_browser_client.cc -@@ -8013,9 +8013,10 @@ bool ChromeContentBrowserClient::IsJitDisabledForSite( +@@ -7590,10 +7590,10 @@ bool ChromeContentBrowserClient::IsJitDisabledForSite( nullptr) == CONTENT_SETTING_BLOCK; } - // Only disable JIT for web schemes. -- if (!site_url.SchemeIsHTTPOrHTTPS()) +- if (!site_url.SchemeIsHTTPOrHTTPS()) { - return false; +- } + // Only force disable JIT for pages that aren't web schemes, aren't file schemes, and aren't extensions + if (!site_url.SchemeIsHTTPOrHTTPS() && !site_url.SchemeIsFile() + && !site_url.SchemeIs("chrome-extension")) From 68786405575cf6f8e72cf3ef2b05754f58080147 Mon Sep 17 00:00:00 2001 From: Root <175176948+RKNF404@users.noreply.github.com> Date: Mon, 23 Jun 2025 00:23:41 -0400 Subject: [PATCH 10/11] chore: Update user-preferences.patch --- patches/user-preferences.patch | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/patches/user-preferences.patch b/patches/user-preferences.patch index 75d00712..3e1e0b6b 100644 --- a/patches/user-preferences.patch +++ b/patches/user-preferences.patch @@ -19,7 +19,7 @@ index 8db06cee98..d1c96333e9 100644 + settings_api::PrefType::kBoolean; + (*s_allowlist)[::prefs::kNetworkServiceSandboxEnabled] = + settings_api::PrefType::kBoolean; -+ (*s_allowlist)[::prefs::kManagedPrivateNetworkAccessRestrictionsEnabled] = ++ (*s_allowlist)[::prefs::kManagedLocalNetworkAccessRestrictionsEnabled] = + settings_api::PrefType::kBoolean; + (*s_allowlist)[::prefs::kIncognitoLaunch] = + settings_api::PrefType::kBoolean; @@ -70,9 +70,9 @@ index d5079082c7..d75f6a430f 100644 + sub-label="Opens new sessions and external links in Incognito tabs"> + + ++ pref="{{prefs.managed_local_network_access_restrictions_enabled}}" ++ label="Local Network Access Restrictions" ++ sub-label="Prevents websites from freely accessing private/local (LAN) addresses"> + + Date: Mon, 23 Jun 2025 00:46:17 -0400 Subject: [PATCH 11/11] chore: update Vanadium patches --- ...ble-local-network-access-restriction.patch | 13 ------ patches/user-preferences.patch | 11 +---- ...08-switch-to-fstack-protector-strong.patch | 4 +- ...fwrapv-in-Clang-for-non-UBSan-builds.patch | 4 +- ...0-enable-ftrivial-auto-var-init-zero.patch | 4 +- ...vigation-error-correction-by-default.patch | 2 +- ...isable-hyperlink-auditing-by-default.patch | 4 +- ...ble-showing-popular-sites-by-default.patch | 43 +++++++++++++++---- ...-content-feed-suggestions-by-default.patch | 2 +- ...27-disable-sensors-access-by-default.patch | 2 +- ...k-playing-protected-media-by-default.patch | 2 +- ...0-disable-background-sync-by-default.patch | 2 +- ...0033-disable-media-router-by-default.patch | 4 +- ...e-browser-sign-in-feature-by-default.patch | 6 +-- ...media-DRM-preprovisioning-by-default.patch | 4 +- ...fill-server-communication-by-default.patch | 4 +- ...-privacy-sandbox-features-by-default.patch | 10 ++--- ...ching-optimization-guides-by-default.patch | 2 +- ...tching-optimization-hints-by-default.patch | 2 +- ...imization-guides-features-by-default.patch | 2 +- ...require-HTTPS-for-component-updates.patch} | 8 ++-- ...prefetch-privacy-changes-by-default.patch} | 4 +- ... 0075-enable-split-cache-by-default.patch} | 6 +-- ...partitioning-connections-by-default.patch} | 8 ++-- ...ous-Do-Not-Track-feature-by-default.patch} | 0 ...-strict-origin-isolation-by-default.patch} | 4 +- ...e-accept-language-header-by-default.patch} | 4 +- ...le-Chrome-branding-for-client-hints.patch} | 0 ...lways-partition-third-party-storage.patch} | 8 ++-- ...py-client-hints-with-reduced-user-a.patch} | 10 ++--- ...-supported-languages-for-Language-s.patch} | 0 ...ble-subresource-filter-on-all-sites.patch} | 8 ++-- ...nt-settings-partitioning-by-default.patch} | 6 +-- ...ndboxed-iframes-per-site-by-default.patch} | 4 +- ...Support-restriction-of-dynamic-code.patch} | 0 ...namic-code-execution-via-seccomp-bp.patch} | 14 +++--- ...des-for-top-level-navigation-only-b.patch} | 4 +- ...able-password-leak-detection-checks.patch} | 12 +++--- ...e-transparency-feature-by-default-f.patch} | 2 +- ...cal-Network-Access-checks-by-default.patch | 30 +++++++++++++ 40 files changed, 147 insertions(+), 112 deletions(-) delete mode 100644 patches/enable-local-network-access-restriction.patch rename vanadium_patches/{0068-require-HTTPS-for-component-updates.patch => 0069-require-HTTPS-for-component-updates.patch} (89%) rename vanadium_patches/{0073-enable-prefetch-privacy-changes-by-default.patch => 0074-enable-prefetch-privacy-changes-by-default.patch} (88%) rename vanadium_patches/{0074-enable-split-cache-by-default.patch => 0075-enable-split-cache-by-default.patch} (88%) rename vanadium_patches/{0075-enable-partitioning-connections-by-default.patch => 0076-enable-partitioning-connections-by-default.patch} (75%) rename vanadium_patches/{0076-enable-dubious-Do-Not-Track-feature-by-default.patch => 0077-enable-dubious-Do-Not-Track-feature-by-default.patch} (100%) rename vanadium_patches/{0078-Enable-strict-origin-isolation-by-default.patch => 0079-Enable-strict-origin-isolation-by-default.patch} (91%) rename vanadium_patches/{0079-Enable-reduce-accept-language-header-by-default.patch => 0080-Enable-reduce-accept-language-header-by-default.patch} (89%) rename vanadium_patches/{0080-use-Google-Chrome-branding-for-client-hints.patch => 0081-use-Google-Chrome-branding-for-client-hints.patch} (100%) rename vanadium_patches/{0087-temporary-Always-partition-third-party-storage.patch => 0088-temporary-Always-partition-third-party-storage.patch} (91%) rename vanadium_patches/{0120-Derive-high-entropy-client-hints-with-reduced-user-a.patch => 0121-Derive-high-entropy-client-hints-with-reduced-user-a.patch} (94%) rename vanadium_patches/{0126-Use-local-list-of-supported-languages-for-Language-s.patch => 0127-Use-local-list-of-supported-languages-for-Language-s.patch} (100%) rename vanadium_patches/{0159-enable-subresource-filter-on-all-sites.patch => 0160-enable-subresource-filter-on-all-sites.patch} (94%) rename vanadium_patches/{0165-Enable-content-settings-partitioning-by-default.patch => 0166-Enable-content-settings-partitioning-by-default.patch} (86%) rename vanadium_patches/{0180-Isolate-sandboxed-iframes-per-site-by-default.patch => 0181-Isolate-sandboxed-iframes-per-site-by-default.patch} (89%) rename vanadium_patches/{0186-Support-restriction-of-dynamic-code.patch => 0187-Support-restriction-of-dynamic-code.patch} (100%) rename vanadium_patches/{0187-Restriction-of-dynamic-code-execution-via-seccomp-bp.patch => 0188-Restriction-of-dynamic-code-execution-via-seccomp-bp.patch} (97%) rename vanadium_patches/{0193-Enable-HSTS-upgrades-for-top-level-navigation-only-b.patch => 0194-Enable-HSTS-upgrades-for-top-level-navigation-only-b.patch} (87%) rename vanadium_patches/{0209-Further-disable-password-leak-detection-checks.patch => 0210-Further-disable-password-leak-detection-checks.patch} (75%) rename vanadium_patches/{0211-enable-certificate-transparency-feature-by-default-f.patch => 0212-enable-certificate-transparency-feature-by-default-f.patch} (96%) create mode 100644 vanadium_patches/0213-enable-Local-Network-Access-checks-by-default.patch diff --git a/patches/enable-local-network-access-restriction.patch b/patches/enable-local-network-access-restriction.patch deleted file mode 100644 index 7ad029a9..00000000 --- a/patches/enable-local-network-access-restriction.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc -index bab4996a00..804cec796f 100644 ---- a/chrome/browser/prefs/browser_prefs.cc -+++ b/chrome/browser/prefs/browser_prefs.cc -@@ -2303,7 +2303,7 @@ void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry, - - // TODO(crbug.com/400455013): Add LNA support on Android - registry->RegisterBooleanPref( -- prefs::kManagedLocalNetworkAccessRestrictionsEnabled, false); -+ prefs::kManagedLocalNetworkAccessRestrictionsEnabled, true); - #endif // !BUILDFLAG(IS_ANDROID) - - #if BUILDFLAG(IS_ANDROID) diff --git a/patches/user-preferences.patch b/patches/user-preferences.patch index 3e1e0b6b..2b0c81dc 100644 --- a/patches/user-preferences.patch +++ b/patches/user-preferences.patch @@ -2,7 +2,7 @@ diff --git a/chrome/browser/extensions/api/settings_private/prefs_util.cc b/chro index 8db06cee98..d1c96333e9 100644 --- a/chrome/browser/extensions/api/settings_private/prefs_util.cc +++ b/chrome/browser/extensions/api/settings_private/prefs_util.cc -@@ -180,6 +180,24 @@ const PrefsUtil::TypedPrefMap& PrefsUtil::GetAllowlistedKeys() { +@@ -180,6 +180,22 @@ const PrefsUtil::TypedPrefMap& PrefsUtil::GetAllowlistedKeys() { } s_allowlist = new PrefsUtil::TypedPrefMap(); @@ -19,8 +19,6 @@ index 8db06cee98..d1c96333e9 100644 + settings_api::PrefType::kBoolean; + (*s_allowlist)[::prefs::kNetworkServiceSandboxEnabled] = + settings_api::PrefType::kBoolean; -+ (*s_allowlist)[::prefs::kManagedLocalNetworkAccessRestrictionsEnabled] = -+ settings_api::PrefType::kBoolean; + (*s_allowlist)[::prefs::kIncognitoLaunch] = + settings_api::PrefType::kBoolean; + @@ -58,7 +56,7 @@ index d5079082c7..d75f6a430f 100644 .bullet-line { align-items: center; display: flex; -@@ -385,6 +389,46 @@ +@@ -385,6 +389,41 @@ on-click="onChromeCertificatesClick_"> @@ -70,11 +68,6 @@ index d5079082c7..d75f6a430f 100644 + sub-label="Opens new sessions and external links in Incognito tabs"> + + -+ -+ diff --git a/vanadium_patches/0008-switch-to-fstack-protector-strong.patch b/vanadium_patches/0008-switch-to-fstack-protector-strong.patch index 5d28d73d..925c0d4b 100644 --- a/vanadium_patches/0008-switch-to-fstack-protector-strong.patch +++ b/vanadium_patches/0008-switch-to-fstack-protector-strong.patch @@ -8,10 +8,10 @@ Subject: [PATCH] switch to -fstack-protector-strong 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn -index 97263593eac89..f07539c610d18 100644 +index b165d9dd4004a..8392f2e680629 100644 --- a/build/config/compiler/BUILD.gn +++ b/build/config/compiler/BUILD.gn -@@ -383,7 +383,7 @@ config("compiler") { +@@ -395,7 +395,7 @@ config("compiler") { } else if ((is_posix && !is_nacl) || is_fuchsia) { if (current_os != "aix") { # Not available on aix. diff --git a/vanadium_patches/0009-enable-fwrapv-in-Clang-for-non-UBSan-builds.patch b/vanadium_patches/0009-enable-fwrapv-in-Clang-for-non-UBSan-builds.patch index cf433082..e71fcdcb 100644 --- a/vanadium_patches/0009-enable-fwrapv-in-Clang-for-non-UBSan-builds.patch +++ b/vanadium_patches/0009-enable-fwrapv-in-Clang-for-non-UBSan-builds.patch @@ -8,10 +8,10 @@ Subject: [PATCH] enable -fwrapv in Clang for non-UBSan builds 1 file changed, 4 insertions(+) diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn -index f07539c610d18..356773724c1b7 100644 +index 8392f2e680629..450a54167e293 100644 --- a/build/config/compiler/BUILD.gn +++ b/build/config/compiler/BUILD.gn -@@ -399,6 +399,10 @@ config("compiler") { +@@ -411,6 +411,10 @@ config("compiler") { } } diff --git a/vanadium_patches/0010-enable-ftrivial-auto-var-init-zero.patch b/vanadium_patches/0010-enable-ftrivial-auto-var-init-zero.patch index ffdd2863..7ab5b5bf 100644 --- a/vanadium_patches/0010-enable-ftrivial-auto-var-init-zero.patch +++ b/vanadium_patches/0010-enable-ftrivial-auto-var-init-zero.patch @@ -8,10 +8,10 @@ Subject: [PATCH] enable -ftrivial-auto-var-init=zero 1 file changed, 4 insertions(+) diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn -index 356773724c1b7..24101607a2ef9 100644 +index 450a54167e293..faf1ff9663e64 100644 --- a/build/config/compiler/BUILD.gn +++ b/build/config/compiler/BUILD.gn -@@ -403,6 +403,10 @@ config("compiler") { +@@ -415,6 +415,10 @@ config("compiler") { cflags += [ "-fwrapv" ] } diff --git a/vanadium_patches/0019-disable-navigation-error-correction-by-default.patch b/vanadium_patches/0019-disable-navigation-error-correction-by-default.patch index a3a27a09..9123c9ef 100644 --- a/vanadium_patches/0019-disable-navigation-error-correction-by-default.patch +++ b/vanadium_patches/0019-disable-navigation-error-correction-by-default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] disable navigation error correction by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chrome/browser/net/profile_network_context_service.cc b/chrome/browser/net/profile_network_context_service.cc -index dcaee00297897..54eb41fb061da 100644 +index 9ae20dbb0ed2a..383699710892b 100644 --- a/chrome/browser/net/profile_network_context_service.cc +++ b/chrome/browser/net/profile_network_context_service.cc @@ -530,7 +530,7 @@ void ProfileNetworkContextService::ConfigureNetworkContextParams( diff --git a/vanadium_patches/0023-disable-hyperlink-auditing-by-default.patch b/vanadium_patches/0023-disable-hyperlink-auditing-by-default.patch index 015703b0..ddd410cf 100644 --- a/vanadium_patches/0023-disable-hyperlink-auditing-by-default.patch +++ b/vanadium_patches/0023-disable-hyperlink-auditing-by-default.patch @@ -8,10 +8,10 @@ Subject: [PATCH] disable hyperlink auditing by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc -index 3ebb85bbe3c48..2dc19c66cd1a1 100644 +index e856d9cf62853..afa44031a366b 100644 --- a/chrome/browser/chrome_content_browser_client.cc +++ b/chrome/browser/chrome_content_browser_client.cc -@@ -1568,7 +1568,7 @@ void ChromeContentBrowserClient::RegisterLocalStatePrefs( +@@ -1408,7 +1408,7 @@ void ChromeContentBrowserClient::RegisterLocalStatePrefs( void ChromeContentBrowserClient::RegisterProfilePrefs( user_prefs::PrefRegistrySyncable* registry) { registry->RegisterBooleanPref(prefs::kDisable3DAPIs, false); diff --git a/vanadium_patches/0024-disable-showing-popular-sites-by-default.patch b/vanadium_patches/0024-disable-showing-popular-sites-by-default.patch index 3b3f0c06..f8d22286 100644 --- a/vanadium_patches/0024-disable-showing-popular-sites-by-default.patch +++ b/vanadium_patches/0024-disable-showing-popular-sites-by-default.patch @@ -4,11 +4,12 @@ Date: Tue, 6 Mar 2018 00:27:41 -0500 Subject: [PATCH] disable showing popular sites by default --- - components/ntp_tiles/features.cc | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + components/ntp_tiles/features.cc | 2 +- + components/ntp_tiles/most_visited_sites.cc | 4 ++++ + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/components/ntp_tiles/features.cc b/components/ntp_tiles/features.cc -index b7353c48a6923..158476da9a2e9 100644 +index d142c1aa45e45..fd9e3cb948293 100644 --- a/components/ntp_tiles/features.cc +++ b/components/ntp_tiles/features.cc @@ -15,7 +15,7 @@ const char kPopularSitesFieldTrialName[] = "NTPPopularSites"; @@ -20,11 +21,35 @@ index b7353c48a6923..158476da9a2e9 100644 BASE_FEATURE(kNtpMostLikelyFaviconsFromServerFeature, "NTPMostLikelyFaviconsFromServer", -@@ -23,6 +23,6 @@ BASE_FEATURE(kNtpMostLikelyFaviconsFromServerFeature, +diff --git a/components/ntp_tiles/most_visited_sites.cc b/components/ntp_tiles/most_visited_sites.cc +index 2aae51db257bf..f69d71898e796 100644 +--- a/components/ntp_tiles/most_visited_sites.cc ++++ b/components/ntp_tiles/most_visited_sites.cc +@@ -256,9 +256,11 @@ void MostVisitedSites::AddMostVisitedURLsObserver(Observer* observer, + if (!is_observing_) { + is_observing_ = true; + if (popular_sites_ && NeedPopularSites(prefs_, GetMaxNumSites())) { ++#if defined(ENABLE_POPULAR_SITES) + popular_sites_->MaybeStartFetch( + false, base::BindOnce(&MostVisitedSites::OnPopularSitesDownloaded, + base::Unretained(this))); ++#endif // defined(ENABLE_POPULAR_SITES) + } - BASE_FEATURE(kUsePopularSitesSuggestions, - "UsePopularSitesSuggestions", -- base::FEATURE_ENABLED_BY_DEFAULT); -+ base::FEATURE_DISABLED_BY_DEFAULT); + if (top_sites_) { +@@ -551,6 +553,7 @@ MostVisitedSites::CreatePopularSitesSections( + return sections; + } + ++#if defined(ENABLE_POPULAR_SITES) + const std::set no_hosts; + for (const auto& section_type_and_sites : popular_sites()->sections()) { + SectionType type = section_type_and_sites.first; +@@ -568,6 +571,7 @@ MostVisitedSites::CreatePopularSitesSections( + /*num_max_tiles=*/GetMaxNumSites()); + } + } ++#endif // defined(ENABLE_POPULAR_SITES) + return sections; + } - } // namespace ntp_tiles diff --git a/vanadium_patches/0026-disable-content-feed-suggestions-by-default.patch b/vanadium_patches/0026-disable-content-feed-suggestions-by-default.patch index a35cf761..9106c428 100644 --- a/vanadium_patches/0026-disable-content-feed-suggestions-by-default.patch +++ b/vanadium_patches/0026-disable-content-feed-suggestions-by-default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] disable content feed suggestions by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/feed/feed_feature_list.cc b/components/feed/feed_feature_list.cc -index 5353c654dcd4c..c72fe964c23af 100644 +index 45fa6609b9139..b56718daf37f8 100644 --- a/components/feed/feed_feature_list.cc +++ b/components/feed/feed_feature_list.cc @@ -26,7 +26,7 @@ const char kFeedHeaderRemovalTreatmentValue2[] = "none"; diff --git a/vanadium_patches/0027-disable-sensors-access-by-default.patch b/vanadium_patches/0027-disable-sensors-access-by-default.patch index 187590be..88353ef2 100644 --- a/vanadium_patches/0027-disable-sensors-access-by-default.patch +++ b/vanadium_patches/0027-disable-sensors-access-by-default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] disable sensors access by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/content_settings/core/browser/content_settings_registry.cc b/components/content_settings/core/browser/content_settings_registry.cc -index 20e44439d566d..12f92bc4d27a6 100644 +index 8385be32438c9..cead1caf655c2 100644 --- a/components/content_settings/core/browser/content_settings_registry.cc +++ b/components/content_settings/core/browser/content_settings_registry.cc @@ -385,7 +385,7 @@ void ContentSettingsRegistry::Init() { diff --git a/vanadium_patches/0028-block-playing-protected-media-by-default.patch b/vanadium_patches/0028-block-playing-protected-media-by-default.patch index efc2feb1..1495e591 100644 --- a/vanadium_patches/0028-block-playing-protected-media-by-default.patch +++ b/vanadium_patches/0028-block-playing-protected-media-by-default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] block playing protected media by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/content_settings/core/browser/content_settings_registry.cc b/components/content_settings/core/browser/content_settings_registry.cc -index 12f92bc4d27a6..bf4957bebc445 100644 +index cead1caf655c2..8d58c66d246a1 100644 --- a/components/content_settings/core/browser/content_settings_registry.cc +++ b/components/content_settings/core/browser/content_settings_registry.cc @@ -212,7 +212,7 @@ void ContentSettingsRegistry::Init() { diff --git a/vanadium_patches/0030-disable-background-sync-by-default.patch b/vanadium_patches/0030-disable-background-sync-by-default.patch index 04b82c07..afdcc6a7 100644 --- a/vanadium_patches/0030-disable-background-sync-by-default.patch +++ b/vanadium_patches/0030-disable-background-sync-by-default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] disable background sync by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/content_settings/core/browser/content_settings_registry.cc b/components/content_settings/core/browser/content_settings_registry.cc -index bf4957bebc445..e90ef49b365f4 100644 +index 8d58c66d246a1..b38d80d348bdb 100644 --- a/components/content_settings/core/browser/content_settings_registry.cc +++ b/components/content_settings/core/browser/content_settings_registry.cc @@ -239,7 +239,7 @@ void ContentSettingsRegistry::Init() { diff --git a/vanadium_patches/0033-disable-media-router-by-default.patch b/vanadium_patches/0033-disable-media-router-by-default.patch index 460b38de..7e971a5a 100644 --- a/vanadium_patches/0033-disable-media-router-by-default.patch +++ b/vanadium_patches/0033-disable-media-router-by-default.patch @@ -22,10 +22,10 @@ index f140a1f573a4c..fe9c26b54ccc5 100644 #if !BUILDFLAG(IS_ANDROID) diff --git a/chrome/browser/profiles/profile_impl.cc b/chrome/browser/profiles/profile_impl.cc -index 22445800c6ac8..0ddb5ead8d29f 100644 +index 88a274f8b05f7..aee840cafb425 100644 --- a/chrome/browser/profiles/profile_impl.cc +++ b/chrome/browser/profiles/profile_impl.cc -@@ -429,7 +429,7 @@ void ProfileImpl::RegisterProfilePrefs( +@@ -428,7 +428,7 @@ void ProfileImpl::RegisterProfilePrefs( #endif registry->RegisterBooleanPref(prefs::kForceEphemeralProfiles, false); diff --git a/vanadium_patches/0035-disable-browser-sign-in-feature-by-default.patch b/vanadium_patches/0035-disable-browser-sign-in-feature-by-default.patch index 862c2554..29c41405 100644 --- a/vanadium_patches/0035-disable-browser-sign-in-feature-by-default.patch +++ b/vanadium_patches/0035-disable-browser-sign-in-feature-by-default.patch @@ -9,10 +9,10 @@ Subject: [PATCH] disable browser sign in feature by default 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/chrome/browser/signin/account_consistency_mode_manager.cc b/chrome/browser/signin/account_consistency_mode_manager.cc -index cc676d3c1b201..81829e00f3409 100644 +index c0d68a26da251..341885d9ad410 100644 --- a/chrome/browser/signin/account_consistency_mode_manager.cc +++ b/chrome/browser/signin/account_consistency_mode_manager.cc -@@ -112,7 +112,7 @@ AccountConsistencyModeManager::~AccountConsistencyModeManager() = default; +@@ -120,7 +120,7 @@ AccountConsistencyModeManager::~AccountConsistencyModeManager() = default; // static void AccountConsistencyModeManager::RegisterProfilePrefs( user_prefs::PrefRegistrySyncable* registry) { @@ -22,7 +22,7 @@ index cc676d3c1b201..81829e00f3409 100644 // static diff --git a/components/signin/internal/identity_manager/primary_account_manager.cc b/components/signin/internal/identity_manager/primary_account_manager.cc -index a8d61c3c4b271..8812140213196 100644 +index 521c3394b63f5..5e67775bfcc29 100644 --- a/components/signin/internal/identity_manager/primary_account_manager.cc +++ b/components/signin/internal/identity_manager/primary_account_manager.cc @@ -342,7 +342,7 @@ void PrimaryAccountManager::RegisterProfilePrefs(PrefRegistrySimple* registry) { diff --git a/vanadium_patches/0038-disable-media-DRM-preprovisioning-by-default.patch b/vanadium_patches/0038-disable-media-DRM-preprovisioning-by-default.patch index bc8a064d..98a5a5dd 100644 --- a/vanadium_patches/0038-disable-media-DRM-preprovisioning-by-default.patch +++ b/vanadium_patches/0038-disable-media-DRM-preprovisioning-by-default.patch @@ -10,10 +10,10 @@ support is enabled. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/media/base/media_switches.cc b/media/base/media_switches.cc -index c3a25d502d938..996624abd7fe1 100644 +index 7974b208eec76..9a347b362cb93 100644 --- a/media/base/media_switches.cc +++ b/media/base/media_switches.cc -@@ -1064,7 +1064,7 @@ BASE_FEATURE(kMediaDrmPersistentLicense, +@@ -1066,7 +1066,7 @@ BASE_FEATURE(kMediaDrmPersistentLicense, // which will trigger provisioning process after MediaDrmBridge is created. BASE_FEATURE(kMediaDrmPreprovisioning, "MediaDrmPreprovisioning", diff --git a/vanadium_patches/0039-disable-autofill-server-communication-by-default.patch b/vanadium_patches/0039-disable-autofill-server-communication-by-default.patch index 464b99d9..b48e2f75 100644 --- a/vanadium_patches/0039-disable-autofill-server-communication-by-default.patch +++ b/vanadium_patches/0039-disable-autofill-server-communication-by-default.patch @@ -8,10 +8,10 @@ Subject: [PATCH] disable autofill server communication by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/autofill/core/common/autofill_features.cc b/components/autofill/core/common/autofill_features.cc -index 997ef6cb6b746..d033981fb1257 100644 +index 59e6b828f0725..6ab7765719b8a 100644 --- a/components/autofill/core/common/autofill_features.cc +++ b/components/autofill/core/common/autofill_features.cc -@@ -947,7 +947,7 @@ const base::FeatureParam kAutofillOverridePredictionsJson{ +@@ -908,7 +908,7 @@ const base::FeatureParam kAutofillOverridePredictionsJson{ // i.e., https://other.autofill.server:port/tbproxy/af/ BASE_FEATURE(kAutofillServerCommunication, "AutofillServerCommunication", diff --git a/vanadium_patches/0047-Disable-newer-privacy-sandbox-features-by-default.patch b/vanadium_patches/0047-Disable-newer-privacy-sandbox-features-by-default.patch index 30f72053..411ce74d 100644 --- a/vanadium_patches/0047-Disable-newer-privacy-sandbox-features-by-default.patch +++ b/vanadium_patches/0047-Disable-newer-privacy-sandbox-features-by-default.patch @@ -10,7 +10,7 @@ Subject: [PATCH] Disable newer privacy sandbox features by default 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/privacy_sandbox/privacy_sandbox_features.cc b/components/privacy_sandbox/privacy_sandbox_features.cc -index 03301e5ff2980..7ec6cb743b4fd 100644 +index e4ddfd7c65030..4fc4ff70ddd74 100644 --- a/components/privacy_sandbox/privacy_sandbox_features.cc +++ b/components/privacy_sandbox/privacy_sandbox_features.cc @@ -21,7 +21,7 @@ const base::FeatureParam kPrivacySandboxAdsNoticeCCTAppId{ @@ -23,10 +23,10 @@ index 03301e5ff2980..7ec6cb743b4fd 100644 const char kPrivacySandboxSettings4ConsentRequiredName[] = "consent-required"; const char kPrivacySandboxSettings4NoticeRequiredName[] = "notice-required"; diff --git a/services/network/public/cpp/features.cc b/services/network/public/cpp/features.cc -index 50aeaa0a1beee..fbdcfee51ed92 100644 +index 33c260ed8f093..4fde55c96b8bd 100644 --- a/services/network/public/cpp/features.cc +++ b/services/network/public/cpp/features.cc -@@ -476,7 +476,7 @@ BASE_FEATURE(kUpdateRequestForCorsRedirect, +@@ -454,7 +454,7 @@ BASE_FEATURE(kUpdateRequestForCorsRedirect, // Kill switch for the Topics API. BASE_FEATURE(kBrowsingTopics, "BrowsingTopics", @@ -36,10 +36,10 @@ index 50aeaa0a1beee..fbdcfee51ed92 100644 // Enable the shared storage API. Note that enabling this feature does not // automatically expose this API to the web, it only allows the element to be diff --git a/third_party/blink/common/features.cc b/third_party/blink/common/features.cc -index 012857a0e2db0..240475e677c31 100644 +index 983d13cdbcae8..8f5ef843dbe7d 100644 --- a/third_party/blink/common/features.cc +++ b/third_party/blink/common/features.cc -@@ -249,13 +249,13 @@ BASE_FEATURE(kBrowsingTopicsBypassIPIsPubliclyRoutableCheck, +@@ -246,13 +246,13 @@ BASE_FEATURE(kBrowsingTopicsBypassIPIsPubliclyRoutableCheck, // is enabled.) BASE_FEATURE(kBrowsingTopicsDocumentAPI, "BrowsingTopicsDocumentAPI", diff --git a/vanadium_patches/0060-disable-fetching-optimization-guides-by-default.patch b/vanadium_patches/0060-disable-fetching-optimization-guides-by-default.patch index aa56dbbd..099eb579 100644 --- a/vanadium_patches/0060-disable-fetching-optimization-guides-by-default.patch +++ b/vanadium_patches/0060-disable-fetching-optimization-guides-by-default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] disable fetching optimization guides by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/optimization_guide/core/optimization_guide_features.cc b/components/optimization_guide/core/optimization_guide_features.cc -index 8b6cb44ef9df0..961fe9520eb57 100644 +index 85b663ad86e86..315d886cea908 100644 --- a/components/optimization_guide/core/optimization_guide_features.cc +++ b/components/optimization_guide/core/optimization_guide_features.cc @@ -55,7 +55,7 @@ BASE_FEATURE(kOptimizationHints, diff --git a/vanadium_patches/0062-disable-fetching-optimization-hints-by-default.patch b/vanadium_patches/0062-disable-fetching-optimization-hints-by-default.patch index e40f2eb4..cfcab05d 100644 --- a/vanadium_patches/0062-disable-fetching-optimization-hints-by-default.patch +++ b/vanadium_patches/0062-disable-fetching-optimization-hints-by-default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] disable fetching optimization hints by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/optimization_guide/core/optimization_guide_features.cc b/components/optimization_guide/core/optimization_guide_features.cc -index 961fe9520eb57..ef87f701866f3 100644 +index 315d886cea908..b25ef94e83e61 100644 --- a/components/optimization_guide/core/optimization_guide_features.cc +++ b/components/optimization_guide/core/optimization_guide_features.cc @@ -50,7 +50,7 @@ constexpr auto enabled_by_default_mobile_only = diff --git a/vanadium_patches/0063-disable-more-optimization-guides-features-by-default.patch b/vanadium_patches/0063-disable-more-optimization-guides-features-by-default.patch index 050ff046..d5b40771 100644 --- a/vanadium_patches/0063-disable-more-optimization-guides-features-by-default.patch +++ b/vanadium_patches/0063-disable-more-optimization-guides-features-by-default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] disable more optimization guides features by default 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/optimization_guide/core/optimization_guide_features.cc b/components/optimization_guide/core/optimization_guide_features.cc -index ef87f701866f3..b4b160ba388a2 100644 +index b25ef94e83e61..ad18fccb59c58 100644 --- a/components/optimization_guide/core/optimization_guide_features.cc +++ b/components/optimization_guide/core/optimization_guide_features.cc @@ -59,7 +59,7 @@ BASE_FEATURE(kRemoteOptimizationGuideFetching, diff --git a/vanadium_patches/0068-require-HTTPS-for-component-updates.patch b/vanadium_patches/0069-require-HTTPS-for-component-updates.patch similarity index 89% rename from vanadium_patches/0068-require-HTTPS-for-component-updates.patch rename to vanadium_patches/0069-require-HTTPS-for-component-updates.patch index 2086e2e7..92c52d24 100644 --- a/vanadium_patches/0068-require-HTTPS-for-component-updates.patch +++ b/vanadium_patches/0069-require-HTTPS-for-component-updates.patch @@ -9,10 +9,10 @@ Subject: [PATCH] require HTTPS for component updates 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/android_webview/nonembedded/component_updater/aw_component_updater_configurator.cc b/android_webview/nonembedded/component_updater/aw_component_updater_configurator.cc -index ed1faff27df00..cd438dfce1975 100644 +index 58d2458ec1de7..037aa54d468b3 100644 --- a/android_webview/nonembedded/component_updater/aw_component_updater_configurator.cc +++ b/android_webview/nonembedded/component_updater/aw_component_updater_configurator.cc -@@ -38,7 +38,7 @@ AwComponentUpdaterConfigurator::AwComponentUpdaterConfigurator( +@@ -39,7 +39,7 @@ AwComponentUpdaterConfigurator::AwComponentUpdaterConfigurator( PrefService* pref_service) : configurator_impl_( component_updater::ComponentUpdaterCommandLineConfigPolicy(cmdline), @@ -22,10 +22,10 @@ index ed1faff27df00..cd438dfce1975 100644 persisted_data_(update_client::CreatePersistedData( base::BindRepeating( diff --git a/chrome/browser/component_updater/chrome_component_updater_configurator.cc b/chrome/browser/component_updater/chrome_component_updater_configurator.cc -index 22453ebcf1b52..ef09b996cb92d 100644 +index 2994ebe96b9d1..a69500dd91397 100644 --- a/chrome/browser/component_updater/chrome_component_updater_configurator.cc +++ b/chrome/browser/component_updater/chrome_component_updater_configurator.cc -@@ -114,7 +114,7 @@ class ChromeConfigurator : public update_client::Configurator { +@@ -116,7 +116,7 @@ class ChromeConfigurator : public update_client::Configurator { ChromeConfigurator::ChromeConfigurator(const base::CommandLine* cmdline, PrefService* pref_service) : configurator_impl_(ComponentUpdaterCommandLineConfigPolicy(cmdline), diff --git a/vanadium_patches/0073-enable-prefetch-privacy-changes-by-default.patch b/vanadium_patches/0074-enable-prefetch-privacy-changes-by-default.patch similarity index 88% rename from vanadium_patches/0073-enable-prefetch-privacy-changes-by-default.patch rename to vanadium_patches/0074-enable-prefetch-privacy-changes-by-default.patch index 9255ed7d..f3b97fe2 100644 --- a/vanadium_patches/0073-enable-prefetch-privacy-changes-by-default.patch +++ b/vanadium_patches/0074-enable-prefetch-privacy-changes-by-default.patch @@ -8,10 +8,10 @@ Subject: [PATCH] enable prefetch privacy changes by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third_party/blink/common/features.cc b/third_party/blink/common/features.cc -index 240475e677c31..2c015bd1d028a 100644 +index 8f5ef843dbe7d..dea83019b9d9c 100644 --- a/third_party/blink/common/features.cc +++ b/third_party/blink/common/features.cc -@@ -2079,7 +2079,7 @@ BASE_FEATURE(kPrefetchFontLookupTables, +@@ -2099,7 +2099,7 @@ BASE_FEATURE(kPrefetchFontLookupTables, // crbug.com/988956. BASE_FEATURE(kPrefetchPrivacyChanges, "PrefetchPrivacyChanges", diff --git a/vanadium_patches/0074-enable-split-cache-by-default.patch b/vanadium_patches/0075-enable-split-cache-by-default.patch similarity index 88% rename from vanadium_patches/0074-enable-split-cache-by-default.patch rename to vanadium_patches/0075-enable-split-cache-by-default.patch index 1fe36cc3..554838e7 100644 --- a/vanadium_patches/0074-enable-split-cache-by-default.patch +++ b/vanadium_patches/0075-enable-split-cache-by-default.patch @@ -8,10 +8,10 @@ Subject: [PATCH] enable split cache by default 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/base/features.cc b/net/base/features.cc -index bad06c9cdc423..c1864f3914033 100644 +index 268fbe0435dcf..f1533f65b0c33 100644 --- a/net/base/features.cc +++ b/net/base/features.cc -@@ -119,11 +119,11 @@ const base::FeatureParam +@@ -123,11 +123,11 @@ const base::FeatureParam BASE_FEATURE(kSplitCacheByIncludeCredentials, "SplitCacheByIncludeCredentials", @@ -25,7 +25,7 @@ index bad06c9cdc423..c1864f3914033 100644 // Note: Use of this feature is gated on the HTTP cache itself being // partitioned, which is controlled by the kSplitCacheByNetworkIsolationKey -@@ -134,7 +134,7 @@ BASE_FEATURE(kSplitCacheByCrossSiteMainFrameNavigationBoolean, +@@ -138,7 +138,7 @@ BASE_FEATURE(kSplitCacheByCrossSiteMainFrameNavigationBoolean, BASE_FEATURE(kSplitCodeCacheByNetworkIsolationKey, "SplitCodeCacheByNetworkIsolationKey", diff --git a/vanadium_patches/0075-enable-partitioning-connections-by-default.patch b/vanadium_patches/0076-enable-partitioning-connections-by-default.patch similarity index 75% rename from vanadium_patches/0075-enable-partitioning-connections-by-default.patch rename to vanadium_patches/0076-enable-partitioning-connections-by-default.patch index 74003c92..1f7507c2 100644 --- a/vanadium_patches/0075-enable-partitioning-connections-by-default.patch +++ b/vanadium_patches/0076-enable-partitioning-connections-by-default.patch @@ -8,15 +8,15 @@ Subject: [PATCH] enable partitioning connections by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/base/features.cc b/net/base/features.cc -index c1864f3914033..dc61a7aec2323 100644 +index f1533f65b0c33..09492207c3f98 100644 --- a/net/base/features.cc +++ b/net/base/features.cc -@@ -138,7 +138,7 @@ BASE_FEATURE(kSplitCodeCacheByNetworkIsolationKey, +@@ -142,7 +142,7 @@ BASE_FEATURE(kSplitCodeCacheByNetworkIsolationKey, BASE_FEATURE(kPartitionConnectionsByNetworkIsolationKey, "PartitionConnectionsByNetworkIsolationKey", - base::FEATURE_DISABLED_BY_DEFAULT); + base::FEATURE_ENABLED_BY_DEFAULT); - BASE_FEATURE(kPostQuantumKyber, - "PostQuantumKyber", + BASE_FEATURE(kSearchEnginePreconnectInterval, + "SearchEnginePreconnectInterval", diff --git a/vanadium_patches/0076-enable-dubious-Do-Not-Track-feature-by-default.patch b/vanadium_patches/0077-enable-dubious-Do-Not-Track-feature-by-default.patch similarity index 100% rename from vanadium_patches/0076-enable-dubious-Do-Not-Track-feature-by-default.patch rename to vanadium_patches/0077-enable-dubious-Do-Not-Track-feature-by-default.patch diff --git a/vanadium_patches/0078-Enable-strict-origin-isolation-by-default.patch b/vanadium_patches/0079-Enable-strict-origin-isolation-by-default.patch similarity index 91% rename from vanadium_patches/0078-Enable-strict-origin-isolation-by-default.patch rename to vanadium_patches/0079-Enable-strict-origin-isolation-by-default.patch index 43a37260..2501cf25 100644 --- a/vanadium_patches/0078-Enable-strict-origin-isolation-by-default.patch +++ b/vanadium_patches/0079-Enable-strict-origin-isolation-by-default.patch @@ -15,10 +15,10 @@ for more detail. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc -index 2016abf289e54..733a24142885a 100644 +index 78c87c0aaa733..409fbdd353557 100644 --- a/content/public/common/content_features.cc +++ b/content/public/common/content_features.cc -@@ -1132,7 +1132,7 @@ BASE_FEATURE(kSpareRendererForSitePerProcess, +@@ -1125,7 +1125,7 @@ BASE_FEATURE(kSpareRendererForSitePerProcess, // eTLD+1. BASE_FEATURE(kStrictOriginIsolation, "StrictOriginIsolation", diff --git a/vanadium_patches/0079-Enable-reduce-accept-language-header-by-default.patch b/vanadium_patches/0080-Enable-reduce-accept-language-header-by-default.patch similarity index 89% rename from vanadium_patches/0079-Enable-reduce-accept-language-header-by-default.patch rename to vanadium_patches/0080-Enable-reduce-accept-language-header-by-default.patch index 933f25af..92ddb003 100644 --- a/vanadium_patches/0079-Enable-reduce-accept-language-header-by-default.patch +++ b/vanadium_patches/0080-Enable-reduce-accept-language-header-by-default.patch @@ -8,10 +8,10 @@ Subject: [PATCH] Enable reduce accept language header by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/network/public/cpp/features.cc b/services/network/public/cpp/features.cc -index fbdcfee51ed92..ccc6bef6ca43c 100644 +index 4fde55c96b8bd..f591823cebff3 100644 --- a/services/network/public/cpp/features.cc +++ b/services/network/public/cpp/features.cc -@@ -198,7 +198,7 @@ BASE_FEATURE(kOmitCorsClientCert, +@@ -182,7 +182,7 @@ BASE_FEATURE(kOmitCorsClientCert, // accept-language. https://github.com/Tanych/accept-language BASE_FEATURE(kReduceAcceptLanguage, "ReduceAcceptLanguage", diff --git a/vanadium_patches/0080-use-Google-Chrome-branding-for-client-hints.patch b/vanadium_patches/0081-use-Google-Chrome-branding-for-client-hints.patch similarity index 100% rename from vanadium_patches/0080-use-Google-Chrome-branding-for-client-hints.patch rename to vanadium_patches/0081-use-Google-Chrome-branding-for-client-hints.patch diff --git a/vanadium_patches/0087-temporary-Always-partition-third-party-storage.patch b/vanadium_patches/0088-temporary-Always-partition-third-party-storage.patch similarity index 91% rename from vanadium_patches/0087-temporary-Always-partition-third-party-storage.patch rename to vanadium_patches/0088-temporary-Always-partition-third-party-storage.patch index 911cd568..b3eb0f1b 100644 --- a/vanadium_patches/0087-temporary-Always-partition-third-party-storage.patch +++ b/vanadium_patches/0088-temporary-Always-partition-third-party-storage.patch @@ -13,10 +13,10 @@ https://developers.google.com/privacy-sandbox/blog/storage-partitioning-deprecat 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/third_party/blink/common/features.cc b/third_party/blink/common/features.cc -index 2c015bd1d028a..f115f43b22b53 100644 +index dea83019b9d9c..434266aeb876f 100644 --- a/third_party/blink/common/features.cc +++ b/third_party/blink/common/features.cc -@@ -710,7 +710,7 @@ BASE_FEATURE(kDiscardInputEventsToRecentlyMovedFrames, +@@ -690,7 +690,7 @@ BASE_FEATURE(kDiscardInputEventsToRecentlyMovedFrames, BASE_FEATURE(kDisableThirdPartyStoragePartitioning3DeprecationTrial, "DisableThirdPartyStoragePartitioning3DeprecationTrial", @@ -26,10 +26,10 @@ index 2c015bd1d028a..f115f43b22b53 100644 // Drop input events at the browser process until the process receives the first // signal that the renderer has sent a frame to cc (https://crbug.com/40057499). diff --git a/third_party/blink/renderer/platform/runtime_enabled_features.json5 b/third_party/blink/renderer/platform/runtime_enabled_features.json5 -index 773ed8ed9a436..6bd1d7c2bf368 100644 +index 93c9798d3de30..6c830c7b57202 100644 --- a/third_party/blink/renderer/platform/runtime_enabled_features.json5 +++ b/third_party/blink/renderer/platform/runtime_enabled_features.json5 -@@ -1718,7 +1718,7 @@ +@@ -1781,7 +1781,7 @@ origin_trial_type: "deprecation", origin_trial_allows_insecure: true, origin_trial_allows_third_party: true, diff --git a/vanadium_patches/0120-Derive-high-entropy-client-hints-with-reduced-user-a.patch b/vanadium_patches/0121-Derive-high-entropy-client-hints-with-reduced-user-a.patch similarity index 94% rename from vanadium_patches/0120-Derive-high-entropy-client-hints-with-reduced-user-a.patch rename to vanadium_patches/0121-Derive-high-entropy-client-hints-with-reduced-user-a.patch index e04ae581..2f912b33 100644 --- a/vanadium_patches/0120-Derive-high-entropy-client-hints-with-reduced-user-a.patch +++ b/vanadium_patches/0121-Derive-high-entropy-client-hints-with-reduced-user-a.patch @@ -80,10 +80,10 @@ index d40ff68f9ee36..ed6912c265902 100644 if (ShouldAddClientHint(data, WebClientHintsType::kDeviceMemory_DEPRECATED)) { AddDeviceMemoryHeader(headers, /*use_deprecated_version*/ true); diff --git a/third_party/blink/common/features.cc b/third_party/blink/common/features.cc -index f115f43b22b53..60d08d362d392 100644 +index 434266aeb876f..5a580f46545eb 100644 --- a/third_party/blink/common/features.cc +++ b/third_party/blink/common/features.cc -@@ -441,6 +441,16 @@ BASE_FEATURE(kCheckHTMLParserBudgetLessOften, +@@ -421,6 +421,16 @@ BASE_FEATURE(kCheckHTMLParserBudgetLessOften, "CheckHTMLParserBudgetLessOften", base::FEATURE_DISABLED_BY_DEFAULT); @@ -99,12 +99,12 @@ index f115f43b22b53..60d08d362d392 100644 + BASE_FEATURE(kClearSiteDataPrefetchPrerenderCache, "ClearSiteDataPrefetchPrerenderCache", - base::FEATURE_DISABLED_BY_DEFAULT); + base::FEATURE_ENABLED_BY_DEFAULT); diff --git a/third_party/blink/public/common/features.h b/third_party/blink/public/common/features.h -index 76c2f97e486be..56f27556d196e 100644 +index 9f3825a7706ab..d0ad2c0333687 100644 --- a/third_party/blink/public/common/features.h +++ b/third_party/blink/public/common/features.h -@@ -228,6 +228,9 @@ BLINK_COMMON_EXPORT BASE_DECLARE_FEATURE(kCaptureJSExecutionLocation); +@@ -220,6 +220,9 @@ BLINK_COMMON_EXPORT BASE_DECLARE_FEATURE(kCaptureJSExecutionLocation); // is a no-op if kTimedHTMLParserBudget is disabled. BLINK_COMMON_EXPORT BASE_DECLARE_FEATURE(kCheckHTMLParserBudgetLessOften); diff --git a/vanadium_patches/0126-Use-local-list-of-supported-languages-for-Language-s.patch b/vanadium_patches/0127-Use-local-list-of-supported-languages-for-Language-s.patch similarity index 100% rename from vanadium_patches/0126-Use-local-list-of-supported-languages-for-Language-s.patch rename to vanadium_patches/0127-Use-local-list-of-supported-languages-for-Language-s.patch diff --git a/vanadium_patches/0159-enable-subresource-filter-on-all-sites.patch b/vanadium_patches/0160-enable-subresource-filter-on-all-sites.patch similarity index 94% rename from vanadium_patches/0159-enable-subresource-filter-on-all-sites.patch rename to vanadium_patches/0160-enable-subresource-filter-on-all-sites.patch index 36beca93..ba59000e 100644 --- a/vanadium_patches/0159-enable-subresource-filter-on-all-sites.patch +++ b/vanadium_patches/0160-enable-subresource-filter-on-all-sites.patch @@ -9,7 +9,7 @@ Subject: [PATCH] enable subresource filter on all sites 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/components/subresource_filter/core/browser/subresource_filter_features.cc b/components/subresource_filter/core/browser/subresource_filter_features.cc -index 33c2e0878108e..272b9c9aa43ef 100644 +index c52ce737dcb3b..9ef25f55fa56c 100644 --- a/components/subresource_filter/core/browser/subresource_filter_features.cc +++ b/components/subresource_filter/core/browser/subresource_filter_features.cc @@ -136,7 +136,9 @@ std::vector FillEnabledPresetConfigurations( @@ -47,10 +47,10 @@ index 33c2e0878108e..272b9c9aa43ef 100644 Configuration::Configuration(mojom::ActivationLevel activation_level, ActivationScope activation_scope, diff --git a/components/subresource_filter/core/browser/subresource_filter_features.h b/components/subresource_filter/core/browser/subresource_filter_features.h -index 22f56f69d0d31..8fb68c0ca0dfc 100644 +index 41ba85bc9fc8a..dde45bf2471c3 100644 --- a/components/subresource_filter/core/browser/subresource_filter_features.h +++ b/components/subresource_filter/core/browser/subresource_filter_features.h -@@ -125,6 +125,7 @@ struct Configuration { +@@ -124,6 +124,7 @@ struct Configuration { static Configuration MakePresetForLiveRunOnPhishingSites(); static Configuration MakePresetForPerformanceTestingDryRunOnAllSites(); static Configuration MakePresetForLiveRunForBetterAds(); @@ -58,7 +58,7 @@ index 22f56f69d0d31..8fb68c0ca0dfc 100644 ActivationConditions activation_conditions; ActivationOptions activation_options; -@@ -231,6 +232,7 @@ extern const char kDisablePresetsParameterName[]; +@@ -230,6 +231,7 @@ extern const char kDisablePresetsParameterName[]; extern const char kPresetLiveRunOnPhishingSites[]; extern const char kPresetPerformanceTestingDryRunOnAllSites[]; extern const char kPresetLiveRunForBetterAds[]; diff --git a/vanadium_patches/0165-Enable-content-settings-partitioning-by-default.patch b/vanadium_patches/0166-Enable-content-settings-partitioning-by-default.patch similarity index 86% rename from vanadium_patches/0165-Enable-content-settings-partitioning-by-default.patch rename to vanadium_patches/0166-Enable-content-settings-partitioning-by-default.patch index 9ab55449..e395b4c7 100644 --- a/vanadium_patches/0165-Enable-content-settings-partitioning-by-default.patch +++ b/vanadium_patches/0166-Enable-content-settings-partitioning-by-default.patch @@ -8,7 +8,7 @@ Subject: [PATCH] Enable content settings partitioning by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/content_settings/core/common/features.cc b/components/content_settings/core/common/features.cc -index 3cfa770ae49b7..2f599c76fb4d2 100644 +index 95cc0f9cc4a4a..da2b65f64ea6f 100644 --- a/components/content_settings/core/common/features.cc +++ b/components/content_settings/core/common/features.cc @@ -161,7 +161,7 @@ const base::FeatureParam @@ -18,5 +18,5 @@ index 3cfa770ae49b7..2f599c76fb4d2 100644 - base::FEATURE_DISABLED_BY_DEFAULT); + base::FEATURE_ENABLED_BY_DEFAULT); - } // namespace features - } // namespace content_settings + BASE_FEATURE(kForceAllowStorageAccess, + "ForceAllowStorageAccess", diff --git a/vanadium_patches/0180-Isolate-sandboxed-iframes-per-site-by-default.patch b/vanadium_patches/0181-Isolate-sandboxed-iframes-per-site-by-default.patch similarity index 89% rename from vanadium_patches/0180-Isolate-sandboxed-iframes-per-site-by-default.patch rename to vanadium_patches/0181-Isolate-sandboxed-iframes-per-site-by-default.patch index 447d5036..0d7806a7 100644 --- a/vanadium_patches/0180-Isolate-sandboxed-iframes-per-site-by-default.patch +++ b/vanadium_patches/0181-Isolate-sandboxed-iframes-per-site-by-default.patch @@ -8,10 +8,10 @@ Subject: [PATCH] Isolate sandboxed iframes per site by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third_party/blink/common/features.cc b/third_party/blink/common/features.cc -index a623cce2fcd56..c738c85cf627c 100644 +index ab582b6238c82..9b65b75a6a98b 100644 --- a/third_party/blink/common/features.cc +++ b/third_party/blink/common/features.cc -@@ -1248,7 +1248,7 @@ BASE_FEATURE_ENUM_PARAM(IsolateSandboxedIframesGrouping, +@@ -1244,7 +1244,7 @@ BASE_FEATURE_ENUM_PARAM(IsolateSandboxedIframesGrouping, kIsolateSandboxedIframesGroupingParam, &kIsolateSandboxedIframes, "grouping", diff --git a/vanadium_patches/0186-Support-restriction-of-dynamic-code.patch b/vanadium_patches/0187-Support-restriction-of-dynamic-code.patch similarity index 100% rename from vanadium_patches/0186-Support-restriction-of-dynamic-code.patch rename to vanadium_patches/0187-Support-restriction-of-dynamic-code.patch diff --git a/vanadium_patches/0187-Restriction-of-dynamic-code-execution-via-seccomp-bp.patch b/vanadium_patches/0188-Restriction-of-dynamic-code-execution-via-seccomp-bp.patch similarity index 97% rename from vanadium_patches/0187-Restriction-of-dynamic-code-execution-via-seccomp-bp.patch rename to vanadium_patches/0188-Restriction-of-dynamic-code-execution-via-seccomp-bp.patch index b2639757..2a327e12 100644 --- a/vanadium_patches/0187-Restriction-of-dynamic-code-execution-via-seccomp-bp.patch +++ b/vanadium_patches/0188-Restriction-of-dynamic-code-execution-via-seccomp-bp.patch @@ -238,7 +238,7 @@ index 0f33163d6a87f..48626cb8111fa 100644 } // namespace policy diff --git a/sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc b/sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc -index 6879a82ad477d..4c4df8b4b6b43 100644 +index b673ffea2afa6..1893fdee845d0 100644 --- a/sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc +++ b/sandbox/policy/linux/sandbox_seccomp_bpf_linux.cc @@ -17,6 +17,8 @@ @@ -248,9 +248,9 @@ index 6879a82ad477d..4c4df8b4b6b43 100644 +#include "base/strings/string_split.h" +#include "gin/gin_features.h" #include "build/build_config.h" + #include "media/gpu/buildflags.h" #include "ppapi/buildflags/buildflags.h" - #include "sandbox/linux/bpf_dsl/bpf_dsl.h" -@@ -54,6 +56,7 @@ +@@ -55,6 +57,7 @@ #include "sandbox/policy/linux/bpf_service_policy_linux.h" #include "sandbox/policy/linux/bpf_speech_recognition_policy_linux.h" #include "sandbox/policy/linux/bpf_utility_policy_linux.h" @@ -258,7 +258,7 @@ index 6879a82ad477d..4c4df8b4b6b43 100644 #if BUILDFLAG(IS_CHROMEOS) #include "chromeos/ash/components/assistant/buildflags.h" -@@ -185,8 +188,26 @@ std::unique_ptr SandboxSeccompBPF::PolicyForSandboxType( +@@ -186,8 +189,26 @@ std::unique_ptr SandboxSeccompBPF::PolicyForSandboxType( switch (sandbox_type) { case sandbox::mojom::Sandbox::kGpu: return GetGpuProcessSandbox(options); @@ -287,7 +287,7 @@ index 6879a82ad477d..4c4df8b4b6b43 100644 #if BUILDFLAG(ENABLE_PPAPI) case sandbox::mojom::Sandbox::kPpapi: return std::make_unique(); -@@ -206,9 +227,27 @@ std::unique_ptr SandboxSeccompBPF::PolicyForSandboxType( +@@ -207,9 +228,27 @@ std::unique_ptr SandboxSeccompBPF::PolicyForSandboxType( case sandbox::mojom::Sandbox::kAudio: return std::make_unique(); case sandbox::mojom::Sandbox::kService: @@ -318,12 +318,12 @@ index 6879a82ad477d..4c4df8b4b6b43 100644 case sandbox::mojom::Sandbox::kSpeechRecognition: return std::make_unique(); #if BUILDFLAG(IS_LINUX) -@@ -221,7 +260,7 @@ std::unique_ptr SandboxSeccompBPF::PolicyForSandboxType( +@@ -222,7 +261,7 @@ std::unique_ptr SandboxSeccompBPF::PolicyForSandboxType( #endif #if BUILDFLAG(IS_LINUX) case sandbox::mojom::Sandbox::kVideoEffects: - return std::make_unique(); + return std::make_unique(true); #endif // BUILDFLAG(IS_LINUX) - #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) + #if BUILDFLAG(USE_LINUX_VIDEO_ACCELERATION) case sandbox::mojom::Sandbox::kHardwareVideoDecoding: diff --git a/vanadium_patches/0193-Enable-HSTS-upgrades-for-top-level-navigation-only-b.patch b/vanadium_patches/0194-Enable-HSTS-upgrades-for-top-level-navigation-only-b.patch similarity index 87% rename from vanadium_patches/0193-Enable-HSTS-upgrades-for-top-level-navigation-only-b.patch rename to vanadium_patches/0194-Enable-HSTS-upgrades-for-top-level-navigation-only-b.patch index 4d3f2452..ca47f0e1 100644 --- a/vanadium_patches/0193-Enable-HSTS-upgrades-for-top-level-navigation-only-b.patch +++ b/vanadium_patches/0194-Enable-HSTS-upgrades-for-top-level-navigation-only-b.patch @@ -8,10 +8,10 @@ Subject: [PATCH] Enable HSTS upgrades for top-level navigation only by default 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/base/features.cc b/net/base/features.cc -index dc61a7aec2323..67468c4cffbd2 100644 +index 09492207c3f98..cc1663c64d781 100644 --- a/net/base/features.cc +++ b/net/base/features.cc -@@ -735,7 +735,7 @@ BASE_FEATURE(kNewClientCertPathBuilding, +@@ -740,7 +740,7 @@ BASE_FEATURE(kNewClientCertPathBuilding, BASE_FEATURE(kHstsTopLevelNavigationsOnly, "HstsTopLevelNavigationsOnly", diff --git a/vanadium_patches/0209-Further-disable-password-leak-detection-checks.patch b/vanadium_patches/0210-Further-disable-password-leak-detection-checks.patch similarity index 75% rename from vanadium_patches/0209-Further-disable-password-leak-detection-checks.patch rename to vanadium_patches/0210-Further-disable-password-leak-detection-checks.patch index fd7ad30e..e5f39176 100644 --- a/vanadium_patches/0209-Further-disable-password-leak-detection-checks.patch +++ b/vanadium_patches/0210-Further-disable-password-leak-detection-checks.patch @@ -8,21 +8,21 @@ Subject: [PATCH] Further disable password leak detection checks 1 file changed, 4 insertions(+) diff --git a/components/password_manager/core/browser/leak_detection/leak_detection_check_impl.cc b/components/password_manager/core/browser/leak_detection/leak_detection_check_impl.cc -index 99388eede8bd8..5909f382b0c12 100644 +index d6a632e77674d..d9f2d76130974 100644 --- a/components/password_manager/core/browser/leak_detection/leak_detection_check_impl.cc +++ b/components/password_manager/core/browser/leak_detection/leak_detection_check_impl.cc -@@ -227,6 +227,7 @@ bool LeakDetectionCheck::CanStartLeakCheck( +@@ -228,6 +228,7 @@ bool LeakDetectionCheck::CanStartLeakCheck( const PrefService& prefs, const GURL& form_url, std::unique_ptr logger) { +#if defined(PASSWORD_LEAK_DETECTION_ENABLED) const bool is_leak_protection_on = prefs.GetBoolean(prefs::kPasswordLeakDetectionEnabled); - if (base::FeatureList::IsEnabled(safe_browsing::kPasswordLeakToggleMove)) { -@@ -262,6 +263,9 @@ bool LeakDetectionCheck::CanStartLeakCheck( - logger.get()); - } + if (!is_leak_protection_on && logger) { +@@ -236,6 +237,9 @@ bool LeakDetectionCheck::CanStartLeakCheck( } + return is_leak_protection_on && !LeakDetectionCheck::IsURLBlockedByPolicy( + prefs, form_url, logger.get()); +#else + return false; +#endif diff --git a/vanadium_patches/0211-enable-certificate-transparency-feature-by-default-f.patch b/vanadium_patches/0212-enable-certificate-transparency-feature-by-default-f.patch similarity index 96% rename from vanadium_patches/0211-enable-certificate-transparency-feature-by-default-f.patch rename to vanadium_patches/0212-enable-certificate-transparency-feature-by-default-f.patch index 7d05c738..98b6b560 100644 --- a/vanadium_patches/0211-enable-certificate-transparency-feature-by-default-f.patch +++ b/vanadium_patches/0212-enable-certificate-transparency-feature-by-default-f.patch @@ -9,7 +9,7 @@ Subject: [PATCH] enable certificate transparency feature by default for 1 file changed, 4 deletions(-) diff --git a/chrome/browser/browser_features.cc b/chrome/browser/browser_features.cc -index fdf45d1c2c8ea..a2599a833ceb5 100644 +index 74961072cb2f7..e360fab1834a5 100644 --- a/chrome/browser/browser_features.cc +++ b/chrome/browser/browser_features.cc @@ -49,11 +49,7 @@ BASE_FEATURE(kBookmarkTriggerForPrerender2, diff --git a/vanadium_patches/0213-enable-Local-Network-Access-checks-by-default.patch b/vanadium_patches/0213-enable-Local-Network-Access-checks-by-default.patch new file mode 100644 index 00000000..ddfbbb2d --- /dev/null +++ b/vanadium_patches/0213-enable-Local-Network-Access-checks-by-default.patch @@ -0,0 +1,30 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: fgei <88831734+quh4gko8@users.noreply.github.com> +Date: Wed, 4 Jun 2025 06:35:07 +0000 +Subject: [PATCH] enable Local Network Access checks by default + +--- + services/network/public/cpp/features.cc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/services/network/public/cpp/features.cc b/services/network/public/cpp/features.cc +index f591823cebff3..b51b799bf686d 100644 +--- a/services/network/public/cpp/features.cc ++++ b/services/network/public/cpp/features.cc +@@ -219,14 +219,14 @@ BASE_FEATURE(kPrivateNetworkAccessPermissionPrompt, + // https://github.com/explainers-by-googlers/local-network-access + BASE_FEATURE(kLocalNetworkAccessChecks, + "LocalNetworkAccessChecks", +- base::FEATURE_DISABLED_BY_DEFAULT); ++ base::FEATURE_ENABLED_BY_DEFAULT); + + // If true, local network access checks will only be warnings. + BASE_FEATURE_PARAM(bool, + kLocalNetworkAccessChecksWarn, + &kLocalNetworkAccessChecks, + /*name=*/"LocalNetworkAccessChecksWarn", +- /*default_value=*/true); ++ /*default_value=*/false); + + // If enabled, then the network service will parse the Cookie-Indices header. + // This does not currently control changing cache behavior according to the