-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 13 Jan 2026 22:11:21 -0500
Source: chromium
Architecture: source
Version: 144.0.7559.59-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (144.0.7559.59-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-0899: Out of bounds memory access in V8. Reported by @p1nky4745.
     - CVE-2026-0900: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-0901: Inappropriate implementation in Blink.
       Reported by Irvan Kurniawan (sourc7).
     - CVE-2026-0902: Inappropriate implementation in V8. Reported by 303f06e3.
     - CVE-2026-0903: Insufficient validation of untrusted input in Downloads.
       Reported by Azur.
     - CVE-2026-0904: Incorrect security UI in Digital Credentials.
       Reported by Hafiizh.
     - CVE-2026-0905: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-0906: Incorrect security UI. Reported by Khalil Zhani.
     - CVE-2026-0907: Incorrect security UI in Split View. Reported by Hafiizh.
     - CVE-2026-0908: Use after free in ANGLE. Reported by Glitchers BoB 14th.
   * d/copyright: delete a copy of clang-22 in the openscreen build directory.
   * d/control: add rustfmt-web as a build dependency.
   * d/rules: make DEB_BUILD_OPTIONS=terse work.
   * d/patches:
     - disable/tests.patch: refresh.
     - trixie/rust-sanitize.patch: refresh.
     - bookworm/bindgen.patch: refresh.
     - fixes/force-rust-nightly.patch: add workaround to force
       rustc_nightly_capability, as we're using an up-to-date rust.
     - trixie/value-or.patch: add clang-19 workarounds to help
       calling value_or() with ambiguous values.
     - fixes/autofill-binarypb.patch: add patch to fix build for us stripping
       out binary-only files containing city/state autofill aliases.
     - bookworm/path-rustfmt.patch: add patch to override search path for
       rustfmt (which chromium deduces incorrectly due to our bundled
       bindgen in bookworm).
 .
   [ Daniel Richard G. ]
   * d/patches:
     - trixie/adler1.patch: Refresh to follow use of if-else.
     - trixie/libxml2-no-xxe.patch: Add workaround for older libxml2.
     - bookworm/eslint.patch: Refresh, and add another import.meta.dirname
       conversion.
 .
   [ Timothy Pearson ]
   * d/patches:
     - trixie/nodejs-set-intersection.patch: avoid using node >=22 intersection
   * d/patches/ppc64le:
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - fixes/fix-clang-selection.patch: Drop due to upstream changes
Checksums-Sha1:
 1fcd787980f77cc1e0ae832bba85d6abde733372 4069 chromium_144.0.7559.59-1~deb12u1.dsc
 5b335937cd5f599303f406166ccaef442e760b18 733515824 chromium_144.0.7559.59.orig.tar.xz
 4c7f1acdb12210b3dadeeff47b130298f74470be 8531044 chromium_144.0.7559.59-1~deb12u1.debian.tar.xz
 a991ee465972bf1bfac16caaf34c656920ec4a99 26825 chromium_144.0.7559.59-1~deb12u1_source.buildinfo
Checksums-Sha256:
 9ee3b77fe8842795ebe2fb8c0fff97686796046749d74a0784e36b74f0e5b74e 4069 chromium_144.0.7559.59-1~deb12u1.dsc
 b55c35e99d664d45cfdb515b7523ee5188e9887338ca13fddab78c2f83f7640e 733515824 chromium_144.0.7559.59.orig.tar.xz
 96c28b06b7030ab20be2f27f83aaf1ff9894c53cb3729c0db10ad68dcef6a2d6 8531044 chromium_144.0.7559.59-1~deb12u1.debian.tar.xz
 85ec49ba5b226c4cba5936f5025f3cf2cc50ad3d5f18aa2ff4d5652578432ab6 26825 chromium_144.0.7559.59-1~deb12u1_source.buildinfo
Files:
 cde78e5d774670e42757ac01e6c0bf50 4069 web optional chromium_144.0.7559.59-1~deb12u1.dsc
 ae058beb7bbe9f3af50f46c5486adf66 733515824 web optional chromium_144.0.7559.59.orig.tar.xz
 9baa26f654123a895e2e2561b0fcc5e4 8531044 web optional chromium_144.0.7559.59-1~deb12u1.debian.tar.xz
 61842fcd3f65410d04f36ff59e8e3c60 26825 web optional chromium_144.0.7559.59-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmlnFccUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfgHw/7BBpGMvDtH8GVzPVR/H6ZjylmFBuE
Aya1U/NszE1xKfaFKGUq8fXpQ6C4iitjAhrAReJiiJ17hVUZD9Qsq51ddswzsYyE
X9sOORtwer4ps0SCWhx74O6Wh3wh/5HN1i4Do+RwOU3/hVYGQoET8mrpZlg11sxz
jo2LntqOwxz1gs5IE+PSWV3MwxBjUE1ieDIK/gWe64EKday6+RFKTpNhV/PK/olG
V+VIuMQGXMhf1tYg8PRpjvJmSRpGHHqiEGS5spL1qhmIvTSgXsIzeB55ZGLH8gBv
5SW2t2i0o3n+ERviHU9abs8Dm54mGkAqw3Zs0pWrDH+qv3ToqelArkDerT6oAGrt
fwY+2D+BsDkdKDSI85kg3lK7E4pPiyJ4ZWyDBftu6pcrmyEy5HXJflXFvsStg1Hd
i6feMfb4KWU2cBGGu4I3+OmKo2MSqAHNDAr3DKIUxsODU58QA1uQkHmg6l8lhRkN
Cqo5uM5lGSWLym4+vJQy8PKfmY9QlBDutL+ucw/HLehPUEKhgcxwlG4awqn8LKat
ZJGTlDUULhhMStHHvXB9RSq/CGuWMm49oaIkXf67wNzTENdduGVZjgvGN8cm3owf
JFyLHCtE4QeUQzaH3PaaQUObS1Wvg0MUTZhFlmLjwHRJ7/pWLf7itGmdjV1e6/DW
POU9AXCgbi+eo7w=
=LCNV
-----END PGP SIGNATURE-----