-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 15:06:40 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 147.0.7727.101-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (147.0.7727.101-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-6297: Use after free in Proxy. Reported by heapracer.
     - CVE-2026-6298: Heap buffer overflow in Skia.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6299: Use after free in Prerender. Reported by Google.
     - CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong
       (Compsec Lab, Seoul National University / Research Intern).
     - CVE-2026-6359: Use after free in Video.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6300: Use after free in CSS.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c.
     - CVE-2026-6302: Use after free in Video. Reported by Syn4pse.
     - CVE-2026-6303: Use after free in Codecs. Reported by Google.
     - CVE-2026-6304: Use after free in Graphite. Reported by Google.
     - CVE-2026-6305: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6306: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6307: Type Confusion in Turbofan.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-6308: Out of bounds read in Media. Reported by Google.
     - CVE-2026-6309: Use after free in Viz. Reported by Google.
     - CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam.
     - CVE-2026-6310: Use after free in Dawn. Reported by Google.
     - CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google.
     - CVE-2026-6312: Insufficient policy enforcement in Passwords.
       Reported by Google.
     - CVE-2026-6313: Insufficient policy enforcement in CORS.
       Reported by Google.
     - CVE-2026-6314: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-6315: Use after free in Permissions. Reported by Google.
     - CVE-2026-6316: Use after free in Forms. Reported by Google.
     - CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google.
     - CVE-2026-6362: Use after free in Codecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6317: Use after free in Cast. Reported by Google.
     - CVE-2026-6363: Type Confusion in V8. Reported by Google.
     - CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse.
     - CVE-2026-6319: Use after free in Payments. Reported by pwn2addr.
     - CVE-2026-6364: Out of bounds read in Skia.
       Reported by Google Threat Intelligence.
Checksums-Sha1:
 0ded5fef3f4d017436ea18360c6ac914ae67e4b6 5466088 chromium-common-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 8734982ab6bee48a2dda4c3bb38b920478a60814 25376444 chromium-common_147.0.7727.101-1~deb12u1_amd64.deb
 51a95783e44ce839707427f9ccd9d86419622d96 35651692 chromium-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 49d78d059dda00ea27fb5a3c2629fa1c9d16faae 7526256 chromium-driver_147.0.7727.101-1~deb12u1_amd64.deb
 2492b75ada82f7ce0683a8bbc7f50ebdfd7ea645 29467808 chromium-headless-shell-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 cd14bc8bb15e74dc552d1f4fba41bd2f82080fab 57207912 chromium-headless-shell_147.0.7727.101-1~deb12u1_amd64.deb
 e01ab96e837ac3b2ffb55aab90d1f7af78c317c5 19304 chromium-sandbox-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 5eab9a6d9357d2f629f4d68a32c7a10ed8802b30 116036 chromium-sandbox_147.0.7727.101-1~deb12u1_amd64.deb
 25e8c2a6d03fb8a8f4d3a8254f51be781e75fd32 32281988 chromium-shell-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 ffae8f1cb54cbf0cd837267dce8982a48f4c5812 62393636 chromium-shell_147.0.7727.101-1~deb12u1_amd64.deb
 c83a0a668d69a0ab2633bc5fb6caa7e81a49e0ad 30422 chromium_147.0.7727.101-1~deb12u1_amd64-buildd.buildinfo
 5eccffb134329113e75b4bd8979b3698020c98ed 74352540 chromium_147.0.7727.101-1~deb12u1_amd64.deb
Checksums-Sha256:
 f63c59226e5e6da4d9101485d667f3ecae53cb09d41bf3c0fc15b512ff01a422 5466088 chromium-common-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 a29b8b24ff80e588cb58b8cb76ed8eabc21bdff0b0f290b9df7559b4492c6142 25376444 chromium-common_147.0.7727.101-1~deb12u1_amd64.deb
 c068e72f7edef103fb8b905e527c3c5d58b9bcddd71ae6fc484a5da805af4302 35651692 chromium-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 b7d8ef0e692279ff26ea8594b30cc1ea6d9202955f6414cc595be83073ce192e 7526256 chromium-driver_147.0.7727.101-1~deb12u1_amd64.deb
 3aa6cbb2d272dfa9ffce58fe38d8abba4b83b88f3f12beb355e6807c774ba31c 29467808 chromium-headless-shell-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 262147f4ce5dd48710dbce6ae0d7d6923787cbf94637163b1947cfb5b3530b12 57207912 chromium-headless-shell_147.0.7727.101-1~deb12u1_amd64.deb
 ff05e063cb1e94a1bbc6c30942af5281bbff4fa50471a48338a0fb926a19cec6 19304 chromium-sandbox-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 08330cb68adaa167137ed58c0d0cd15585ee2f2f1d674142eea39c6de8a89811 116036 chromium-sandbox_147.0.7727.101-1~deb12u1_amd64.deb
 e5a34225e04b5f40aabeb5b33858199a41848f378e50ebf1e874535238a61475 32281988 chromium-shell-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 295fc4888fb72eaa2965da69949e0f8603d3721f761c928a3bfa5f3a6d4c1133 62393636 chromium-shell_147.0.7727.101-1~deb12u1_amd64.deb
 cee9830954e9d9147e62bbd364eba8a71b1e9a8149555d051f786153a72bba90 30422 chromium_147.0.7727.101-1~deb12u1_amd64-buildd.buildinfo
 980e477470f4521f68bb9ce769c0d617fc8f7db30ac2e8a850a1d70b4b12f3b2 74352540 chromium_147.0.7727.101-1~deb12u1_amd64.deb
Files:
 527b6b242c5a8747bd265db39f2317fe 5466088 debug optional chromium-common-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 251803f949b36165255b2ddbbc2b988e 25376444 web optional chromium-common_147.0.7727.101-1~deb12u1_amd64.deb
 67f649cfedc622a9d389bdc2135d493f 35651692 debug optional chromium-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 f8327b3b0fcc0eb2c2fd5e4b2fb93df4 7526256 web optional chromium-driver_147.0.7727.101-1~deb12u1_amd64.deb
 d66ac169ae8c433bb503fb2bc92a0994 29467808 debug optional chromium-headless-shell-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 c603c359f1ec8a1cd2b1cf809d0a6541 57207912 web optional chromium-headless-shell_147.0.7727.101-1~deb12u1_amd64.deb
 c3983f529c906061ae1474d09d3677c4 19304 debug optional chromium-sandbox-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 00c26bbbc8ec298718ee90bedf641548 116036 web optional chromium-sandbox_147.0.7727.101-1~deb12u1_amd64.deb
 beb5692ac22cb9cb9f03638517dbba57 32281988 debug optional chromium-shell-dbgsym_147.0.7727.101-1~deb12u1_amd64.deb
 a722f58a0dcde461d3975c8be3cca238 62393636 web optional chromium-shell_147.0.7727.101-1~deb12u1_amd64.deb
 cf557d9f77ce5cc67cf8da20a982ed1b 30422 web optional chromium_147.0.7727.101-1~deb12u1_amd64-buildd.buildinfo
 0551b048ebdde10df5e29c0d3e3c4c9c 74352540 web optional chromium_147.0.7727.101-1~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmnhzBYACgkQYg9P9sm2
dfHTag/+Ncev/ZDyndnPeIC5FK9CpdRYSvemji8GNiPpPKOP/UrhXi2XttbpMCLy
CdSnyXy1s6uewHCOsIdBdutBRYVqc50n4AUVUcs9iukCyxsLS5zBkatt57aGi6ht
JW1mTNmKEuvN0PUUEfj1SiQScmRwO/42PPl3PSVoo0AWz4fmkg82f7Y/OjUMwz/U
D7CYrkFwwy3sxA0NnpZreRPINdAQeSEqR6lNRBIdft78y/7DdpBBP/HweZzAPXKV
omBNd6t6/mA77i2Ma5AP1WA4n3vJWIGAIAnM9KnfMOF8b4shrfxmFd2EjYEWytrf
2FbzJ+1Mpgw9PMFDW6gw3nVIr0G9I3foNPzEqbvce1260ocvhmo5yhB8+D43ejm3
uM3uZL5aOHokZIJphThberSmFoHvWvk8aba4R67gKCe9ezOCr/Ulk9ofy/600cYv
4y5Mtj6xdY7JMYxpZwav+aSDiGlSBuTDhp8JFnWG/4qn3XC/hL0tB2oiiCFAQcx9
1cApGF0n47hj2Vm1IcbVWTuxcV3Ks1g8bsaGIlQMCQFUeNQVgWlKTISi42XYIWl5
usX5uuiD//D5WC9skFjBc8TsGDyLiYmFKUkp9luZiABo5coVHyXuYaI5jMkF7RDq
/2N/3xg2eeJfZmufXRj5cylxqK8JeZYEatLTMqKwnkpVMLSfLTY=
=ur4M
-----END PGP SIGNATURE-----