-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 15 Apr 2026 15:06:40 -0400
Source: chromium
Architecture: source
Version: 147.0.7727.101-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (147.0.7727.101-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-6297: Use after free in Proxy. Reported by heapracer.
     - CVE-2026-6298: Heap buffer overflow in Skia.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6299: Use after free in Prerender. Reported by Google.
     - CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong
       (Compsec Lab, Seoul National University / Research Intern).
     - CVE-2026-6359: Use after free in Video.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6300: Use after free in CSS.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c.
     - CVE-2026-6302: Use after free in Video. Reported by Syn4pse.
     - CVE-2026-6303: Use after free in Codecs. Reported by Google.
     - CVE-2026-6304: Use after free in Graphite. Reported by Google.
     - CVE-2026-6305: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6306: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6307: Type Confusion in Turbofan.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-6308: Out of bounds read in Media. Reported by Google.
     - CVE-2026-6309: Use after free in Viz. Reported by Google.
     - CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam.
     - CVE-2026-6310: Use after free in Dawn. Reported by Google.
     - CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google.
     - CVE-2026-6312: Insufficient policy enforcement in Passwords.
       Reported by Google.
     - CVE-2026-6313: Insufficient policy enforcement in CORS.
       Reported by Google.
     - CVE-2026-6314: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-6315: Use after free in Permissions. Reported by Google.
     - CVE-2026-6316: Use after free in Forms. Reported by Google.
     - CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google.
     - CVE-2026-6362: Use after free in Codecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6317: Use after free in Cast. Reported by Google.
     - CVE-2026-6363: Type Confusion in V8. Reported by Google.
     - CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse.
     - CVE-2026-6319: Use after free in Payments. Reported by pwn2addr.
     - CVE-2026-6364: Out of bounds read in Skia.
       Reported by Google Threat Intelligence.
Checksums-Sha1:
 8c5cae32fc3bc20ce35c1df3922f59c81912bac2 4068 chromium_147.0.7727.101-1~deb12u1.dsc
 2f133fb4049b05eeab070e56b6d670f49866d163 787354268 chromium_147.0.7727.101.orig.tar.xz
 24a30851be2441ed6b1ca4241c23191c3094950d 8567584 chromium_147.0.7727.101-1~deb12u1.debian.tar.xz
 2c8bef091442d02aa5cda39d009792878abc210a 26842 chromium_147.0.7727.101-1~deb12u1_source.buildinfo
Checksums-Sha256:
 9e1125d84a7b4ca51b54035fc0bfb549e17c750b073de9f82aa3f794418d4ba0 4068 chromium_147.0.7727.101-1~deb12u1.dsc
 d4a5f648100232a67b3134a1fa6f6d1d8a07cc4c55b024480073b40c47b2a601 787354268 chromium_147.0.7727.101.orig.tar.xz
 38e047088f975c47941c1bdb496e52466f96416a3bc34daaded0cf60242c7699 8567584 chromium_147.0.7727.101-1~deb12u1.debian.tar.xz
 fec108e5d7c27e78ea77dcbb0a69db4f8565a50fe43bfa0ea25259fb39966cb0 26842 chromium_147.0.7727.101-1~deb12u1_source.buildinfo
Files:
 a022b8bc6c222218895142001a9b35a3 4068 web optional chromium_147.0.7727.101-1~deb12u1.dsc
 5c9b63091abd778aab7216de4cf30f30 787354268 web optional chromium_147.0.7727.101.orig.tar.xz
 bf3bc2d084b8cbde9a0a20cd91cca987 8567584 web optional chromium_147.0.7727.101-1~deb12u1.debian.tar.xz
 d48fcddb190775041c14039fdec9cd84 26842 web optional chromium_147.0.7727.101-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmnhA/QUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcwBRAAqYqBsmFl5NpA7fXdCV5LJKRQrlRO
xQwhPnwBwaD+FdMLFQ6fzAKWyS1Rw3WJNXQHh47ozZ4FQY2c4qbVtePnSPWU/wNe
1xJh3IFV1pSobLMKCtZ4P9ulJ2dxvb8bnORqLKJ90uIB5YyV6XT6KvbP5DtOV6PR
ExtChxroMQeltsF8rJqshsbSZYLbdj6VAZUvOY3MBAIQ4+rkM5OiSr/vOa28KL24
g2ZRJLa95zFPTN/4z1e2Yl03K9a2QV0NyrIUDoSbCn+yVh7rcSY7shBxLPBZSQf0
fxD50nlDAwecMPGw7ftfPcBF38vKy0D5wVc5LmiIvc6pd5aax0IwcLj9UDuYCsD3
FhMA6eKzBA+bRxNe8wCB8OAPQFlRSu+kJYnwstUuk3yqtjsNX4Aj+lxkNnJMwXgS
AnpmOYvejCDimzOdLaP/1maHljHyFNVt8KSUl9wHLAFxUuS5HH9V0MKj/d8BnNND
aDkYD0K/NdMXjTcQxK6163liQFi5E/cIf6hjZEWhPy+bhfIFaxe6V632JErQO2Tm
PBHeHUZ0UKCYhEBVNgAjtYsnQziZ7N5EGOqF5GkQw/IBgNioHPGVrRvHYAP1i6o8
2faRNKUMREAdeci9sP5fPkGqbSGxQ/AmAy2/lhnCezyvsA7AKF4pmtGiURFS2Yp6
MEUHPycFhmRAcA8=
=/iqt
-----END PGP SIGNATURE-----