-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Apr 2026 04:36:38 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 147.0.7727.137-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-03) <buildd_arm64-arm-ubc-03@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1052440
Changes:
 chromium (147.0.7727.137-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-7363: Use after free in Canvas. Reported by heapracer.
     - CVE-2026-7361: Use after free in iOS. Reported by Google.
     - CVE-2026-7344: Use after free in Accessibility. Reported by Google.
     - CVE-2026-7343: Use after free in Views. Reported by Google.
     - CVE-2026-7333: Use after free in GPU.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-7360: Insufficient validation of untrusted input in Compositing.
       Reported by Google.
     - CVE-2026-7359: Use after free in ANGLE. Reported by Google.
     - CVE-2026-7358: Use after free in Animation. Reported by Google.
     - CVE-2026-7334: Use after free in Views. Reported by Batuhan Eşref KOÇ.
     - CVE-2026-7357: Use after free in GPU. Reported by Google.
     - CVE-2026-7356: Use after free in Navigation. Reported by Google.
     - CVE-2026-7354: Out of bounds read and write in Angle. Reported by Google.
     - CVE-2026-7353: Heap buffer overflow in Skia. Reported by Google.
     - CVE-2026-7352: Use after free in Media. Reported by Google.
     - CVE-2026-7351: Race in MHTML. Reported by Google.
     - CVE-2026-7350: Use after free in WebMIDI. Reported by Google.
     - CVE-2026-7349: Use after free in Cast. Reported by Google.
     - CVE-2026-7348: Use after free in Codecs. Reported by Google.
     - CVE-2026-7335: Use after free in media.
       Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po).
     - CVE-2026-7336: Use after free in WebRTC. Reported by Mozilla.
     - CVE-2026-7337: Type Confusion in V8. Reported by q@calif.io.
     - CVE-2026-7347: Use after free in Chromoting. Reported by Google.
     - CVE-2026-7346: Inappropriate implementation in Tint. Reported by Google.
     - CVE-2026-7345: Insufficient validation of untrusted input in Feedback.
       Reported by Google.
     - CVE-2026-7338: Use after free in Cast. Reported by Krace.
     - CVE-2026-7342: Use after free in WebView. Reported by Google.
     - CVE-2026-7341: Use after free in WebRTC. Reported by Google.
     - CVE-2026-7339: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-7340: Integer overflow in ANGLE.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-7355: Use after free in Media. Reported by Google.
 .
   [ Jianfeng Liu ]
   * d/patches:
     - upstream/Fix-GL-native-pixmap-import-support-reset-in-GpuInit.patch:
       Fixes upstream issue https://crbug.com/501115509. This issue is
       introduced in v147, and unfortunately the fix won't get into v147. This
       issue affects both vaapi and v4l2 decoding under ozone wayland.
     - fixes/enable-widevine-on-arm64-linux-platform.patch: Enable widevine
       support on arm64. There is no official support for widevine on arm64
       linux while there are libwidevine binaries extracted from chromeos,
       which can work on linux (closes: #1052440).
Checksums-Sha1:
 466022ae8f9a2c23e6859d27b237b40a32414147 6362480 chromium-common-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 f9d4143f5f22848a9317b259226149ccda17fa6c 30100984 chromium-common_147.0.7727.137-1~deb12u1_arm64.deb
 28bd990a1a70ce04517a766549894746587bd377 36555980 chromium-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 1305b2c65214bc7023cc258df6f9018b143ee84b 6713316 chromium-driver_147.0.7727.137-1~deb12u1_arm64.deb
 8554198bd9b7c262fb6b320a75f7faac4c8285ce 29624564 chromium-headless-shell-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 8a1491988ab95873e94e7002aaa0bf8b357d080e 50436032 chromium-headless-shell_147.0.7727.137-1~deb12u1_arm64.deb
 e35857d1b313e2174a065ca85d250f40c95cc6c5 20252 chromium-sandbox-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 af21d020c35a52c6a5006726130be11964588f66 117492 chromium-sandbox_147.0.7727.137-1~deb12u1_arm64.deb
 f985c2191561738a7af7df3745fac0447d90adc5 31928548 chromium-shell-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 2447b3f8064700f63d28bfe806aec083681e5cec 55104764 chromium-shell_147.0.7727.137-1~deb12u1_arm64.deb
 52c163a8ebd8c02ae07883f719384d2c99cb8048 30387 chromium_147.0.7727.137-1~deb12u1_arm64-buildd.buildinfo
 47e779589370c28ab64abe363b93d302a12f2a98 64650080 chromium_147.0.7727.137-1~deb12u1_arm64.deb
Checksums-Sha256:
 15cde28ed5bd1ed22bc77b6c228f1fa4dbb7c0f308b77c35b8b004bf7baa7e9d 6362480 chromium-common-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 4f48a92fcaf76d0f5526a18a222093f98aabe01fd92f9764f085ae3211e8a419 30100984 chromium-common_147.0.7727.137-1~deb12u1_arm64.deb
 cefac1aba4818a2b0de4d6c31abc40992d48d0e29fab76ebceba0910745e7d64 36555980 chromium-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 39eeed0e7de8aaf88f807a759f6ad2a358e9332ad8d9352879c41860abc92c9e 6713316 chromium-driver_147.0.7727.137-1~deb12u1_arm64.deb
 57cef6ee1ed8137648627626cd03177f23166efb4690cbd85b5d71e124173395 29624564 chromium-headless-shell-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 7ccdf62af828ace769617e4d5986403018ef9f30d923aeb90c48784fadcac406 50436032 chromium-headless-shell_147.0.7727.137-1~deb12u1_arm64.deb
 db2189ebf441c31002481ac493ec9cf2e34b1a44a9b20cc94fa71e076a0356a3 20252 chromium-sandbox-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 4bdc19c4d6d7b5115a34ba70f50e830592fba26ad58f46154af48c94df2c283b 117492 chromium-sandbox_147.0.7727.137-1~deb12u1_arm64.deb
 e2789c0fad4b12c11d7df0b2ecb14fa6c609fac1e99e8a04adf27326cce2585a 31928548 chromium-shell-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 fb64a1daaa516e4cf7999abf33a35934cb6b6e0991e385673d45d411fc32814c 55104764 chromium-shell_147.0.7727.137-1~deb12u1_arm64.deb
 d9d05b52f15dd93a03fb3dfc0303c3336c252dc38806e34750948c4c950af18c 30387 chromium_147.0.7727.137-1~deb12u1_arm64-buildd.buildinfo
 6842366c4f0cf140e71f1e4ed919ec0cbe9f1502b305b1a7c3018ba09b65ff8b 64650080 chromium_147.0.7727.137-1~deb12u1_arm64.deb
Files:
 3a1d8591e6691eb8f8c272d55633c402 6362480 debug optional chromium-common-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 b3126a359bdcd767612db2cffe153d63 30100984 web optional chromium-common_147.0.7727.137-1~deb12u1_arm64.deb
 10894edd98beabdc24effba1942741ae 36555980 debug optional chromium-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 0290287cdadc25ff7b97b2813308490f 6713316 web optional chromium-driver_147.0.7727.137-1~deb12u1_arm64.deb
 d00f44f1f1e82a78889440b5a98cc3e3 29624564 debug optional chromium-headless-shell-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 d307e36d93deca792cd6c424106847fa 50436032 web optional chromium-headless-shell_147.0.7727.137-1~deb12u1_arm64.deb
 7b7959b510d810d13f0cac796e0d5b93 20252 debug optional chromium-sandbox-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 32b1e7570d3a3f47c93c471577706739 117492 web optional chromium-sandbox_147.0.7727.137-1~deb12u1_arm64.deb
 a65f7e4071f9390da0ec394ec02df536 31928548 debug optional chromium-shell-dbgsym_147.0.7727.137-1~deb12u1_arm64.deb
 187c024c2a0cf52511fb38fc1fede621 55104764 web optional chromium-shell_147.0.7727.137-1~deb12u1_arm64.deb
 0c1361103e41b2ba85e0bbd0d7cd1ae5 30387 web optional chromium_147.0.7727.137-1~deb12u1_arm64-buildd.buildinfo
 c7b04000593315dc84bef855ea631e50 64650080 web optional chromium_147.0.7727.137-1~deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE2kd8oHy+LXk/nybqvzDqKQSGl8UFAmn0SW0ACgkQvzDqKQSG
l8VLkhAAnKo/WSPORjHJsNkmB9P2npcubhvH6g8grP6KPXhbL/N4dVt8TSyoTNzB
yVogVSErk4X5eQJstdVSXUQtqCvHDLW0SOqKgjVrv+97mMpWstbGVL1lYtZtVQMq
XJLvNMTz6IoGbK25+FSZi0u+Rld91ddlAq/c8fuT8+p2Wtu5fT0xknXo9+QlyQRz
p+yt8XO7srQOimSRDChc22WSHH7bEK6MpwszOdCufay8QYR/eZFJhaCCXpri46aJ
QJpeouugWjry0SBZZWUjiQzHPc20FHuVA1Lk8s5NNj054Q/dbISvETLwDoYMBNOM
S43hH3wmB6F+oi9qwdDVxd2V3Pt5B2VATlkgfZzrDLirTTt8LS4f5DvL44j7ASBJ
9vnFrmMi/YcRLej7Ns3YhsJh0vWRHF0k5FEv/tQEzXs6hADhKC+320fheEMMZ02M
hzoCpzNqWLfShLxU5mVmwEse1/txhjNm65V9kEiujO9VZ9BT+Eilw2EWWiV3q398
4MgpGK+X8WCcCBr/dIxZfx2zgJBjdxjx8Zc5/I0Tmc8Ofr0Qd2DAlEhISfDOHDW1
S0ehAQ03KdFzpkYo/ayTbul6yAhL1lBJzXJ4VhdxqpWeifbPI4Vb5kBiSmpgMSBa
16zNFF6uoniG08BZPz+0T4jLWxj9izbiuwKWXkODcP9VhAMwVvo=
=SI/z
-----END PGP SIGNATURE-----