Added patches for previous release

patches/BRM043_AudioBuffer-AnalyserNode-fingerprinting-mitigations-via-IDL.patch

@@ -0,0 +1,57 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Sun, 25 Mar 2018 21:49:37 +0200
+Subject: AudioBuffer, AnalyserNode: fingerprinting mitigations via IDL
+
+Return fixed base latency
+---
+ third_party/WebKit/Source/modules/webaudio/AnalyserNode.idl | 8 ++++----
+ third_party/WebKit/Source/modules/webaudio/AudioBuffer.idl  | 4 ++--
+ third_party/WebKit/Source/modules/webaudio/AudioContext.cpp | 2 +-
+ 3 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/third_party/WebKit/Source/modules/webaudio/AnalyserNode.idl b/third_party/WebKit/Source/modules/webaudio/AnalyserNode.idl
+--- a/third_party/WebKit/Source/modules/webaudio/AnalyserNode.idl
++++ b/third_party/WebKit/Source/modules/webaudio/AnalyserNode.idl
+@@ -42,10 +42,10 @@ interface AnalyserNode : AudioNode {
+ 
+     // Copies the current frequency data into the passed array.
+     // If the array has fewer elements than the frequencyBinCount, the excess elements will be dropped.
+-    void getFloatFrequencyData(Float32Array array);
+-    void getByteFrequencyData(Uint8Array array);
++    //void getFloatFrequencyData(Float32Array array);
++    //void getByteFrequencyData(Uint8Array array);
+ 
+     // Real-time waveform data
+-    void getFloatTimeDomainData(Float32Array array);
+-    void getByteTimeDomainData(Uint8Array array);
++    //void getFloatTimeDomainData(Float32Array array);
++    //void getByteTimeDomainData(Uint8Array array);
+ };
+diff --git a/third_party/WebKit/Source/modules/webaudio/AudioBuffer.idl b/third_party/WebKit/Source/modules/webaudio/AudioBuffer.idl
+--- a/third_party/WebKit/Source/modules/webaudio/AudioBuffer.idl
++++ b/third_party/WebKit/Source/modules/webaudio/AudioBuffer.idl
+@@ -38,7 +38,7 @@
+ 
+     // Channel access
+     readonly attribute unsigned long numberOfChannels;
+-    [RaisesException] Float32Array getChannelData(unsigned long channelIndex);
+-    [RaisesException] void copyFromChannel(Float32Array destination, long channelNumber, optional unsigned long startInChannel = 0);
++    //[RaisesException] Float32Array getChannelData(unsigned long channelIndex);
++    //[RaisesException] void copyFromChannel(Float32Array destination, long channelNumber, optional unsigned long startInChannel = 0);
+     [RaisesException] void copyToChannel(Float32Array source, long channelNumber, optional unsigned long startInChannel = 0);
+ };
+diff --git a/third_party/WebKit/Source/modules/webaudio/AudioContext.cpp b/third_party/WebKit/Source/modules/webaudio/AudioContext.cpp
+--- a/third_party/WebKit/Source/modules/webaudio/AudioContext.cpp
++++ b/third_party/WebKit/Source/modules/webaudio/AudioContext.cpp
+@@ -261,7 +261,7 @@ void AudioContext::StopRendering() {
+ }
+ 
+ double AudioContext::baseLatency() const {
+-  return FramesPerBuffer() / static_cast<double>(sampleRate());
++  return 0.04;
+ }
+ 
+ }  // namespace blink
+-- 
+2.7.4
+

patches/BRM044_Add-menu-option-to-toggle-global-Javascript-preference.patch

@@ -0,0 +1,181 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Wed, 18 Oct 2017 21:26:53 +0200
+Subject: Add menu option to toggle global Javascript preference
+
+---
+ chrome/android/java/res/menu/custom_tabs_menu.xml  | 13 ++++++++
+ chrome/android/java/res/menu/main_menu.xml         | 13 ++++++++
+ .../chromium/chrome/browser/ChromeActivity.java    |  8 +++++
+ .../chrome/browser/ChromeTabbedActivity.java       |  8 +++++
+ .../browser/appmenu/AppMenuPropertiesDelegate.java | 35 ++++++++++++++++++++++
+ .../CustomTabAppMenuPropertiesDelegate.java        |  1 +
+ .../java/strings/android_chrome_strings.grd        | 11 +++++++
+ 7 files changed, 89 insertions(+)
+
+diff --git a/chrome/android/java/res/menu/custom_tabs_menu.xml b/chrome/android/java/res/menu/custom_tabs_menu.xml
+--- a/chrome/android/java/res/menu/custom_tabs_menu.xml
++++ b/chrome/android/java/res/menu/custom_tabs_menu.xml
+@@ -49,6 +49,19 @@
+         <item android:id="@+id/open_webapk_id"
+             android:title="@string/menu_open_webapk"
+             android:orderInCategory="2" />
++
++        <item android:id="@+id/enable_javascript_row_menu_id"
++            android:title="@null"
++            android:orderInCategory="2">
++          <menu>
++              <item android:id="@+id/enable_javascript_id"
++                  android:title="@string/menu_enable_javascript" />
++              <item android:id="@+id/enable_javascript_check_id"
++                  android:title="@null"
++                  android:checkable="true" />
++          </menu>
++        </item>
++
+         <item android:id="@+id/request_desktop_site_row_menu_id"
+             android:title="@null"
+             android:orderInCategory="2">
+diff --git a/chrome/android/java/res/menu/main_menu.xml b/chrome/android/java/res/menu/main_menu.xml
+--- a/chrome/android/java/res/menu/main_menu.xml
++++ b/chrome/android/java/res/menu/main_menu.xml
+@@ -59,6 +59,19 @@
+             android:title="@string/menu_add_to_homescreen" />
+         <item android:id="@+id/open_webapk_id"
+             android:title="@string/menu_open_webapk" />
++
++        <item android:id="@+id/enable_javascript_row_menu_id"
++            android:title="@null"
++            android:orderInCategory="2">
++          <menu>
++              <item android:id="@+id/enable_javascript_id"
++                  android:title="@string/menu_enable_javascript" />
++              <item android:id="@+id/enable_javascript_check_id"
++                  android:title="@null"
++                  android:checkable="true" />
++          </menu>
++        </item>
++
+         <item android:id="@+id/request_desktop_site_row_menu_id"
+             android:title="@null">
+           <menu>
+diff --git a/chrome/android/java/src/org/chromium/chrome/browser/ChromeActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/ChromeActivity.java
+--- a/chrome/android/java/src/org/chromium/chrome/browser/ChromeActivity.java
++++ b/chrome/android/java/src/org/chromium/chrome/browser/ChromeActivity.java
+@@ -2006,6 +2006,14 @@ public abstract class ChromeActivity extends AsyncInitializationActivity
+             final boolean usingDesktopUserAgent = currentTab.getUseDesktopUserAgent();
+             currentTab.setUseDesktopUserAgent(!usingDesktopUserAgent, reloadOnChange);
+             RecordUserAction.record("MobileMenuRequestDesktopSite");
++        } else if (id == R.id.enable_javascript_id || id == R.id.enable_javascript_check_id) {
++            final boolean reloadOnChange = !currentTab.isNativePage();
++            final boolean jsEnabled = PrefServiceBridge.getInstance().javaScriptEnabled();
++            PrefServiceBridge.getInstance().setJavaScriptEnabled(!jsEnabled);
++            if (reloadOnChange) {
++				currentTab.reload();
++			}
++            RecordUserAction.record("MobileMenuRequestEnableJavascript");
+         } else if (id == R.id.reader_mode_prefs_id) {
+             DomDistillerUIUtils.openSettings(currentTab.getWebContents());
+         } else {
+diff --git a/chrome/android/java/src/org/chromium/chrome/browser/ChromeTabbedActivity.java b/chrome/android/java/src/org/chromium/chrome/browser/ChromeTabbedActivity.java
+--- a/chrome/android/java/src/org/chromium/chrome/browser/ChromeTabbedActivity.java
++++ b/chrome/android/java/src/org/chromium/chrome/browser/ChromeTabbedActivity.java
+@@ -1796,6 +1796,14 @@ public class ChromeTabbedActivity
+                 NewTabPageUma.recordAction(NewTabPageUma.ACTION_OPENED_DOWNLOADS_MANAGER);
+             }
+             RecordUserAction.record("MobileMenuDownloadManager");
++        } else if (id == R.id.enable_javascript_id || id == R.id.enable_javascript_check_id) {
++            final boolean reloadOnChange = !currentTab.isNativePage();
++            final boolean jsEnabled = PrefServiceBridge.getInstance().javaScriptEnabled();
++            PrefServiceBridge.getInstance().setJavaScriptEnabled(!jsEnabled);
++            if (reloadOnChange) {
++				currentTab.reload();
++			}
++            RecordUserAction.record("MobileMenuRequestEnableJavascript");
+         } else if (id == R.id.open_recently_closed_tab) {
+             TabModel currentModel = mTabModelSelectorImpl.getCurrentModel();
+             if (!currentModel.isIncognito()) currentModel.openMostRecentlyClosedTab();
+diff --git a/chrome/android/java/src/org/chromium/chrome/browser/appmenu/AppMenuPropertiesDelegate.java b/chrome/android/java/src/org/chromium/chrome/browser/appmenu/AppMenuPropertiesDelegate.java
+--- a/chrome/android/java/src/org/chromium/chrome/browser/appmenu/AppMenuPropertiesDelegate.java
++++ b/chrome/android/java/src/org/chromium/chrome/browser/appmenu/AppMenuPropertiesDelegate.java
+@@ -213,6 +213,8 @@ public class AppMenuPropertiesDelegate {
+ 
+             updateRequestDesktopSiteMenuItem(menu, currentTab, true /* can show */);
+ 
++            updateEnableJavascriptMenuItem(menu, currentTab);
++
+             // Only display reader mode settings menu option if the current page is in reader mode.
+             menu.findItem(R.id.reader_mode_prefs_id)
+                     .setVisible(DomDistillerUrlUtils.isDistilledPage(currentTab.getUrl()));
+@@ -468,4 +470,37 @@ public class AppMenuPropertiesDelegate {
+ 
+         return chromeHomeMenuItemFlagEnabled && !sHideChromeHomeMenuItems;
+     }
++
++    /**
++     * Updates the enable JavaScript item's state.
++     *
++     * @param menu {@link Menu} for enable javascript
++     * @param currentTab      Current tab being displayed.
++     */
++    protected void updateEnableJavascriptMenuItem(
++            Menu menu, Tab currentTab) {
++        MenuItem enableMenuRow = menu.findItem(R.id.enable_javascript_row_menu_id);
++        MenuItem enableMenuLabel = menu.findItem(R.id.enable_javascript_id);
++        MenuItem enableMenuCheck = menu.findItem(R.id.enable_javascript_check_id);
++
++        // Hide enable javascript on all chrome:// pages and the NTP.
++        String url = currentTab.getUrl();
++        boolean isChromeScheme = url.startsWith(UrlConstants.CHROME_URL_PREFIX)
++                || url.startsWith(UrlConstants.CHROME_NATIVE_URL_PREFIX);
++
++        boolean itemVisible = !isChromeScheme && !currentTab.isNativePage();
++        enableMenuRow.setVisible(itemVisible);
++        if (!itemVisible) return;
++
++        boolean jsEnabled = PrefServiceBridge.getInstance().javaScriptEnabled();
++
++        // Mark the checkbox if Javascript is activated on this tab.
++        enableMenuCheck.setChecked(jsEnabled);
++
++        // This title doesn't seem to be displayed by Android, but it is used to set up
++        // accessibility text in {@link AppMenuAdapter#setupMenuButton}.
++        enableMenuLabel.setTitleCondensed(jsEnabled
++                        ? mActivity.getString(R.string.menu_enable_javascript_on)
++                        : mActivity.getString(R.string.menu_enable_javascript_off));
++    }
+ }
+diff --git a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/CustomTabAppMenuPropertiesDelegate.java b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/CustomTabAppMenuPropertiesDelegate.java
+--- a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/CustomTabAppMenuPropertiesDelegate.java
++++ b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/CustomTabAppMenuPropertiesDelegate.java
+@@ -164,6 +164,7 @@ public class CustomTabAppMenuPropertiesDelegate extends AppMenuPropertiesDelegat
+             }
+ 
+             updateRequestDesktopSiteMenuItem(menu, currentTab, requestDesktopSiteVisible);
++            updateEnableJavascriptMenuItem(menu, currentTab);
+             prepareAddToHomescreenMenuItem(menu, currentTab, addToHomeScreenVisible);
+         }
+     }
+diff --git a/chrome/android/java/strings/android_chrome_strings.grd b/chrome/android/java/strings/android_chrome_strings.grd
+--- a/chrome/android/java/strings/android_chrome_strings.grd
++++ b/chrome/android/java/strings/android_chrome_strings.grd
+@@ -2491,6 +2491,17 @@ To obtain new licenses, connect to the internet and play your downloaded content
+       <message name="IDS_MENU_FIND_IN_PAGE" desc="Menu item allowing users to find text within the current page. [CHAR-LIMIT=27]">
+         Find in page
+       </message>
++
++      <message name="IDS_MENU_ENABLE_JAVASCRIPT" desc="Menu item in Chrome's overflow/options menu. If this menu item is unselected, Bromite will disable JavaScript support for the page. [CHAR-LIMIT=27]">
++        Enable JavaScript
++      </message>
++      <message name="IDS_MENU_ENABLE_JAVASCRIPT_ON" desc="Accessibility description for when Enable JavaScript is selected.">
++        Turn off JavaScript
++      </message>
++      <message name="IDS_MENU_ENABLE_JAVASCRIPT_OFF" desc="Accessibility description for when Enable JavaScript is unselected.">
++        Turn on JavaScript
++      </message>
++
+       <message name="IDS_MENU_REQUEST_DESKTOP_SITE" desc="Menu item in Chrome's overflow/options menu. By default, when a user navigates to a web page, Chrome shows the mobile site, that is, the version of the site designed for mobile phones. If this menu item is selected, however, Chrome will try to load the 'desktop' site instead, i.e. the site designed for desktop computers or laptop computers, which have larger screens. [CHAR-LIMIT=24]">
+         Desktop site
+       </message>
+-- 
+2.7.4
+

patches/BRM045_Remove-google-account-access-permission-on-reboot.patch

@@ -0,0 +1,45 @@
+From: SergeyZhukovsky <serg.zhukovsky@gmail.com>
+Date: Tue, 15 Aug 2017 15:33:16 -0400
+Subject: Remove google account access permission on reboot
+
+---
+ chrome/android/BUILD.gn                 | 3 +--
+ chrome/android/java/AndroidManifest.xml | 4 ++--
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/chrome/android/BUILD.gn b/chrome/android/BUILD.gn
+--- a/chrome/android/BUILD.gn
++++ b/chrome/android/BUILD.gn
+@@ -726,8 +726,7 @@ android_assets("chrome_public_locale_pak_assets") {
+ jinja_template_resources("chrome_public_apk_template_resources") {
+   resources = [
+     "java/res_template/xml/launchershortcuts.xml",
+-    "java/res_template/xml/searchable.xml",
+-    "java/res_template/xml/syncadapter.xml",
++    "java/res_template/xml/searchable.xml"
+   ]
+   res_dir = "java/res_template"
+   variables = chrome_public_jinja_variables
+diff --git a/chrome/android/java/AndroidManifest.xml b/chrome/android/java/AndroidManifest.xml
+--- a/chrome/android/java/AndroidManifest.xml
++++ b/chrome/android/java/AndroidManifest.xml
+@@ -822,14 +822,14 @@ by a child template that "extends" this file.
+         </provider>
+ 
+         <!-- Sync adapter for browser invalidation. -->
+-        <service android:name="org.chromium.chrome.browser.invalidation.ChromeBrowserSyncAdapterService"
++        <!--<service android:name="org.chromium.chrome.browser.invalidation.ChromeBrowserSyncAdapterService"
+             android:exported="false">
+             <intent-filter>
+                 <action android:name="android.content.SyncAdapter" />
+             </intent-filter>
+             <meta-data android:name="android.content.SyncAdapter"
+                        android:resource="@xml/syncadapter" />
+-        </service>
++        </service>-->
+ 
+         <!-- Broadcast receiver that will be notified of account changes -->
+         <receiver android:name="org.chromium.chrome.browser.services.AccountsChangedReceiver">
+-- 
+2.7.4
+

patches/BRM046_Punt-the-Widevine-version-string.patch

@@ -0,0 +1,36 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Mon, 2 Apr 2018 11:36:02 +0200
+Subject: Punt the Widevine version string
+
+Originally from http://bazaar.launchpad.net/~saiarcot895/chromium-browser/chromium-browser.wily.beta/view/head:/debian/patches/fix_building_widevinecdm_with_chromium.patch
+---
+ chrome/common/chrome_content_client.cc | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/chrome/common/chrome_content_client.cc b/chrome/common/chrome_content_client.cc
+--- a/chrome/common/chrome_content_client.cc
++++ b/chrome/common/chrome_content_client.cc
+@@ -238,10 +238,7 @@ void ComputeBuiltInPlugins(std::vector<content::PepperPluginInfo>* plugins) {
+     info.is_out_of_process = true;
+     info.path = adapter_path;
+     info.name = kWidevineCdmDisplayName;
+-    info.description =
+-        base::StringPrintf("%s (version: " WIDEVINE_CDM_VERSION_STRING ")",
+-                           kWidevineCdmDescription);
+-    info.version = WIDEVINE_CDM_VERSION_STRING;
++    info.description = kWidevineCdmDescription;
+     info.permissions = kWidevineCdmPluginPermissions;
+ 
+     content::WebPluginMimeType mime_type(kWidevineCdmPluginMimeType,
+@@ -566,7 +563,7 @@ void ChromeContentClient::AddContentDecryptionModules(
+       // CdmInfo needs |path| to be the actual Widevine library,
+       // not the adapter, so adjust as necessary. It will be in the
+       // same directory as the installed adapter.
+-      const base::Version version(WIDEVINE_CDM_VERSION_STRING);
++      const base::Version version("1.0.123.456");
+       DCHECK(version.IsValid());
+ 
+       cdms->push_back(content::CdmInfo(
+-- 
+2.7.4
+

patches/BRM047_Disable-metrics-on-all-I-O-threads.patch

@@ -0,0 +1,23 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Wed, 25 Apr 2018 10:23:51 +0200
+Subject: Disable metrics on all I/O threads
+
+---
+ chrome/browser/profiles/profile_io_data.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc
+--- a/chrome/browser/profiles/profile_io_data.cc
++++ b/chrome/browser/profiles/profile_io_data.cc
+@@ -971,7 +971,7 @@ void ProfileIOData::InitializeMetricsEnabledStateOnUIThread() {
+ 
+ bool ProfileIOData::GetMetricsEnabledStateOnIOThread() const {
+   DCHECK_CURRENTLY_ON(BrowserThread::IO);
+-  return enable_metrics_.GetValue();
++  return false;
+ }
+ 
+ chrome_browser_net::Predictor* ProfileIOData::GetPredictor() {
+-- 
+2.7.4
+

patches/BRM048_Enable-DNS-over-HTTPS-by-default.patch

@@ -0,0 +1,22 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Sat, 28 Apr 2018 08:30:26 +0200
+Subject: Enable DNS-over-HTTPS by default
+
+---
+ components/network_session_configurator/common/network_features.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/components/network_session_configurator/common/network_features.cc b/components/network_session_configurator/common/network_features.cc
+--- a/components/network_session_configurator/common/network_features.cc
++++ b/components/network_session_configurator/common/network_features.cc
+@@ -10,6 +10,6 @@ const base::Feature kTokenBinding{"token-binding",
+                                   base::FEATURE_DISABLED_BY_DEFAULT};
+ 
+ const base::Feature kDnsOverHttps{"dns-over-https",
+-                                  base::FEATURE_DISABLED_BY_DEFAULT};
++                                  base::FEATURE_ENABLED_BY_DEFAULT};
+ 
+ }  // namespace features
+-- 
+2.7.4
+

patches/BRM049_Add-fingerprinting-mitigation-for-getClientRects-getBoundingClientRect.patch

@@ -0,0 +1,130 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Fri, 30 Mar 2018 10:09:03 +0200
+Subject: Add fingerprinting mitigation for getClientRects,
+ getBoundingClientRect
+
+Scale the result of Range::getClientRects and Element::getBoundingClientRect
+by a random +/-3% of the original value for each float in the Rect/Quad.
+The random value is generated once for each Document and re-used for all the
+attached elements.
+The rationale is that such value, albeit constant within the rendered Document,
+is within the same order of magniture of the floating point precision being
+used for fingerprinting and sufficient to poison the well.
+
+See also: http://www.gsd.inesc-id.pt/~mpc/pubs/fingerprinting-trustcom2016.pdf
+---
+ third_party/WebKit/Source/core/dom/Document.cpp | 14 ++++++++++++++
+ third_party/WebKit/Source/core/dom/Document.h   |  5 +++++
+ third_party/WebKit/Source/core/dom/Element.cpp  |  7 +++++++
+ third_party/WebKit/Source/core/dom/Range.cpp    |  8 +++++++-
+ 4 files changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp
+--- a/third_party/WebKit/Source/core/dom/Document.cpp
++++ b/third_party/WebKit/Source/core/dom/Document.cpp
+@@ -272,6 +272,8 @@
+ #include "services/service_manager/public/cpp/interface_provider.h"
+ #include "third_party/WebKit/public/mojom/page/page_visibility_state.mojom-blink.h"
+ 
++#include "base/rand_util.h"
++
+ #ifndef NDEBUG
+ using WeakDocumentSet =
+     blink::PersistentHeapHashSet<blink::WeakMember<blink::Document>>;
+@@ -731,6 +733,10 @@ Document::Document(const DocumentInit& initializer,
+ #ifndef NDEBUG
+   liveDocumentSet().insert(this);
+ #endif
++
++  // add +/- 3% noise against fingerprinting
++  shuffleFactorX_ = 1 + (base::RandDouble() - 0.5) * 0.03;
++  shuffleFactorY_ = 1 + (base::RandDouble() - 0.5) * 0.03;
+ }
+ 
+ Document::~Document() {
+@@ -757,6 +763,14 @@ Range* Document::CreateRangeAdjustedToTreeScope(const TreeScope& tree_scope,
+                        Position::BeforeNode(*shadow_host));
+ }
+ 
++double Document::GetShuffleFactorX() {
++	return shuffleFactorX_;
++}
++
++double Document::GetShuffleFactorY() {
++	return shuffleFactorY_;
++}
++
+ SelectorQueryCache& Document::GetSelectorQueryCache() {
+   if (!selector_query_cache_)
+     selector_query_cache_ = std::make_unique<SelectorQueryCache>();
+diff --git a/third_party/WebKit/Source/core/dom/Document.h b/third_party/WebKit/Source/core/dom/Document.h
+--- a/third_party/WebKit/Source/core/dom/Document.h
++++ b/third_party/WebKit/Source/core/dom/Document.h
+@@ -406,6 +406,9 @@ class CORE_EXPORT Document : public ContainerNode,
+ 
+   String origin() const;
+ 
++  double GetShuffleFactorX();
++  double GetShuffleFactorY();
++
+   String visibilityState() const;
+   mojom::PageVisibilityState GetPageVisibilityState() const;
+   bool hidden() const;
+@@ -1663,6 +1666,8 @@ class CORE_EXPORT Document : public ContainerNode,
+ 
+   double start_time_;
+ 
++  double shuffleFactorX_, shuffleFactorY_;
++
+   TraceWrapperMember<ScriptRunner> script_runner_;
+ 
+   HeapVector<Member<ScriptElementBase>> current_script_stack_;
+diff --git a/third_party/WebKit/Source/core/dom/Element.cpp b/third_party/WebKit/Source/core/dom/Element.cpp
+--- a/third_party/WebKit/Source/core/dom/Element.cpp
++++ b/third_party/WebKit/Source/core/dom/Element.cpp
+@@ -1327,6 +1327,11 @@ DOMRectList* Element::getClientRects() {
+   DCHECK(element_layout_object);
+   GetDocument().AdjustFloatQuadsForScrollAndAbsoluteZoom(
+       quads, *element_layout_object);
++
++  for (FloatQuad& quad : quads) {
++    quad.Scale(GetDocument().GetShuffleFactorX(), GetDocument().GetShuffleFactorY());
++  }
++
+   return DOMRectList::Create(quads);
+ }
+ 
+@@ -1344,6 +1349,8 @@ DOMRect* Element::getBoundingClientRect() {
+   DCHECK(element_layout_object);
+   GetDocument().AdjustFloatRectForScrollAndAbsoluteZoom(result,
+                                                         *element_layout_object);
++  result.Scale(GetDocument().GetShuffleFactorX(), GetDocument().GetShuffleFactorY());
++
+   return DOMRect::FromFloatRect(result);
+ }
+ 
+diff --git a/third_party/WebKit/Source/core/dom/Range.cpp b/third_party/WebKit/Source/core/dom/Range.cpp
+--- a/third_party/WebKit/Source/core/dom/Range.cpp
++++ b/third_party/WebKit/Source/core/dom/Range.cpp
+@@ -1589,11 +1589,17 @@ DOMRectList* Range::getClientRects() const {
+   Vector<FloatQuad> quads;
+   GetBorderAndTextQuads(quads);
+ 
++  for (FloatQuad& quad : quads) {
++    quad.Scale(owner_document_->GetShuffleFactorX(), owner_document_->GetShuffleFactorY());
++  }
++
+   return DOMRectList::Create(quads);
+ }
+ 
+ DOMRect* Range::getBoundingClientRect() const {
+-  return DOMRect::FromFloatRect(BoundingRect());
++  auto rect = BoundingRect();
++  rect.Scale(owner_document_->GetShuffleFactorX(), owner_document_->GetShuffleFactorY());
++  return DOMRect::FromFloatRect(rect);
+ }
+ 
+ // TODO(editing-dev): We should make
+-- 
+2.7.4
+

patches/BRM050_Disable-custom-tab-activities-permanently.patch

@@ -0,0 +1,28 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Wed, 2 May 2018 01:04:07 +0200
+Subject: Disable custom tab activities permanently
+
+---
+ .../src/org/chromium/chrome/browser/LaunchIntentDispatcher.java    | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/chrome/android/java/src/org/chromium/chrome/browser/LaunchIntentDispatcher.java b/chrome/android/java/src/org/chromium/chrome/browser/LaunchIntentDispatcher.java
+--- a/chrome/android/java/src/org/chromium/chrome/browser/LaunchIntentDispatcher.java
++++ b/chrome/android/java/src/org/chromium/chrome/browser/LaunchIntentDispatcher.java
+@@ -149,9 +149,10 @@ public class LaunchIntentDispatcher implements IntentHandler.IntentHandlerDelega
+         recordIntentMetrics();
+ 
+         mIsVrIntent = VrIntentUtils.isVrIntent(mIntent);
+-        boolean isCustomTabIntent = (!mIsVrIntent && isCustomTabIntent(mIntent))
+-                || (mIsVrIntent && VrIntentUtils.isCustomTabVrIntent(mIntent));
+-        mIsCustomTabIntent = isCustomTabIntent;
++        //boolean isCustomTabIntent = (!mIsVrIntent && isCustomTabIntent(mIntent))
++        //        || (mIsVrIntent && VrIntentUtils.isCustomTabVrIntent(mIntent));
++        //mIsCustomTabIntent = isCustomTabIntent;
++        mIsCustomTabIntent = false;
+     }
+ 
+     /**
+-- 
+2.7.4
+

patches/BRM051_Canvas-fingerprinting-mitigations-via-IDL.patch

@@ -0,0 +1,67 @@
+From: csagan5 <32685696+csagan5@users.noreply.github.com>
+Date: Sat, 24 Mar 2018 05:18:03 +0100
+Subject: Canvas: fingerprinting mitigations via IDL
+
+Disable toDataURL, toBlob, getImageData and webGL renderering info
+---
+ third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl      | 4 ++--
+ .../Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl       | 4 ++--
+ third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp    | 4 ++--
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl b/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl
+--- a/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl
++++ b/third_party/WebKit/Source/core/html/canvas/HTMLCanvasElement.idl
+@@ -37,9 +37,9 @@ interface HTMLCanvasElement : HTMLElement
+     // Note: The arguments argument is variadic in the spec, but not here as
+     // only one extra argument is actually used.
+     // FIXME: type should not have a default value.
+-    [MeasureAs=CanvasToDataURL, RaisesException] DOMString toDataURL(optional DOMString type = null, optional any arguments);
++    //[MeasureAs=CanvasToDataURL, RaisesException] DOMString toDataURL(optional DOMString type = null, optional any arguments);
+ 
+-    [MeasureAs=CanvasToBlob, RaisesException] void toBlob(BlobCallback _callback, optional DOMString type = null, optional any arguments);
++    //[MeasureAs=CanvasToBlob, RaisesException] void toBlob(BlobCallback _callback, optional DOMString type = null, optional any arguments);
+ };
+ 
+ // https://html.spec.whatwg.org/multipage/canvas.html#blobcallback
+diff --git a/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl b/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl
+--- a/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl
++++ b/third_party/WebKit/Source/modules/canvas/canvas2d/CanvasRenderingContext2D.idl
+@@ -110,7 +110,7 @@ interface CanvasRenderingContext2D {
+     // text (see also the CanvasDrawingStyles interface)
+     void fillText(DOMString text, unrestricted double x, unrestricted double y, optional unrestricted double maxWidth);
+     void strokeText(DOMString text, unrestricted double x, unrestricted double y, optional unrestricted double maxWidth);
+-    TextMetrics measureText(DOMString text);
++    //TextMetrics measureText(DOMString text);
+ 
+     // drawing images
+     [CallWith=ScriptState, RaisesException] void drawImage(CanvasImageSource image, unrestricted double x, unrestricted double y);
+@@ -125,7 +125,7 @@ interface CanvasRenderingContext2D {
+     // pixel manipulation
+     [RaisesException] ImageData createImageData(ImageData imagedata);
+     [RaisesException] ImageData createImageData(long sw, long sh);
+-    [RaisesException] ImageData getImageData(long sx, long sy, long sw, long sh);
++    //[RaisesException] ImageData getImageData(long sx, long sy, long sw, long sh);
+     [RaisesException] void putImageData(ImageData imagedata, long dx, long dy);
+     [RaisesException] void putImageData(ImageData imagedata, long dx, long dy, long dirtyX, long dirtyY, long dirtyWidth, long dirtyHeight);
+     
+diff --git a/third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp b/third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp
+--- a/third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp
++++ b/third_party/WebKit/Source/modules/webgl/WebGLDebugRendererInfo.cpp
+@@ -37,11 +37,11 @@ WebGLExtensionName WebGLDebugRendererInfo::GetName() const {
+ 
+ WebGLDebugRendererInfo* WebGLDebugRendererInfo::Create(
+     WebGLRenderingContextBase* context) {
+-  return new WebGLDebugRendererInfo(context);
++  return nullptr;
+ }
+ 
+ bool WebGLDebugRendererInfo::Supported(WebGLRenderingContextBase*) {
+-  return true;
++  return false;
+ }
+ 
+ const char* WebGLDebugRendererInfo::ExtensionName() {
+-- 
+2.7.4
+