-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 15:06:40 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 147.0.7727.101-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (147.0.7727.101-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-6297: Use after free in Proxy. Reported by heapracer.
     - CVE-2026-6298: Heap buffer overflow in Skia.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6299: Use after free in Prerender. Reported by Google.
     - CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong
       (Compsec Lab, Seoul National University / Research Intern).
     - CVE-2026-6359: Use after free in Video.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6300: Use after free in CSS.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c.
     - CVE-2026-6302: Use after free in Video. Reported by Syn4pse.
     - CVE-2026-6303: Use after free in Codecs. Reported by Google.
     - CVE-2026-6304: Use after free in Graphite. Reported by Google.
     - CVE-2026-6305: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6306: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6307: Type Confusion in Turbofan.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-6308: Out of bounds read in Media. Reported by Google.
     - CVE-2026-6309: Use after free in Viz. Reported by Google.
     - CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam.
     - CVE-2026-6310: Use after free in Dawn. Reported by Google.
     - CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google.
     - CVE-2026-6312: Insufficient policy enforcement in Passwords.
       Reported by Google.
     - CVE-2026-6313: Insufficient policy enforcement in CORS.
       Reported by Google.
     - CVE-2026-6314: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-6315: Use after free in Permissions. Reported by Google.
     - CVE-2026-6316: Use after free in Forms. Reported by Google.
     - CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google.
     - CVE-2026-6362: Use after free in Codecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6317: Use after free in Cast. Reported by Google.
     - CVE-2026-6363: Type Confusion in V8. Reported by Google.
     - CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse.
     - CVE-2026-6319: Use after free in Payments. Reported by pwn2addr.
     - CVE-2026-6364: Out of bounds read in Skia.
       Reported by Google Threat Intelligence.
Checksums-Sha1:
 c179f9994c70bdaa5e181f63837af1d53964330b 8826192 chromium-l10n_147.0.7727.101-1~deb12u1_all.deb
 18314a4d893705f6216ddc3dbcb50ed75756819c 26896 chromium_147.0.7727.101-1~deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 4c1e8a5c2e6109b63669b5dc3713dbc1189448ddfb81053a02d81c150524ae36 8826192 chromium-l10n_147.0.7727.101-1~deb12u1_all.deb
 ef1cee334703b0960fb354774b6ec50c17ffc357cdfa7dada13a8ec14638387f 26896 chromium_147.0.7727.101-1~deb12u1_all-buildd.buildinfo
Files:
 60532d30b03072ad91cc8ecb026e5cb8 8826192 localization optional chromium-l10n_147.0.7727.101-1~deb12u1_all.deb
 b7e7eb29408febe960e8fd05b479600c 26896 web optional chromium_147.0.7727.101-1~deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmnhigsACgkQaBVi67oX
tflIYw//di1/IDi1dQdwvFQa2wrBFBoZF17qopQcMJH6xYQ6AxUQ3PuK3UAQ8reU
N1mM/iW2ZylT9JOlhHP+zZYEdswZqhp3BxRp4xtHGGpGIzPDhnfgPTHuPN8wep9G
2JqRSjsc6Z/hlXqs3lacAazB0vGdDXEQyLX3nnaqpeoosukH2Cy1tSuVssfEHaKS
ex8ZstV1czkJywqGsyuECCx1qFzzRIBbqp1iS/dINtxyZAxXJFVeoaKkiVaNLtaM
H5kCmUO8M1qQ/5D8mLzwFgUtj2fQL0TJCYUSEruCqw5qEVqrNOCseEfxSMJLBLQz
OR9oClR/rODH+TjW96mBmZk9m1n3P8hB9Mq3Abo8spJMZm26kUGhrpLLG70Wgx7V
QMRi64tKJ1R2x08iHeS0F1Xi6xCUY/TtFHlLepoq3lFYYebXQ4F1UDUoUzkiw+d5
M6d+0vFK8rnX6JYRoVOd4gpv0o+2i6NtqplCkfWAjPxEGfg9POwdJiwpYIXA0faY
pgRiDNcrwqCyNzoMjfislSgMwrty828lfFKW13tU7Yrp3m3sgIxifFq149P8GBQN
xZTZjkgPOzSLbRb9YI48vyGU2sudnOxWLq/6B854F8rbJuRhdmuUipEXUFgKcm4V
IgkOE3wt7Lm/qT7p5k4CC4NWmC3wmID2EBF4uRQqGyPs1FkV/cE=
=11wp
-----END PGP SIGNATURE-----