-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Apr 2026 03:34:02 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 147.0.7727.55-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1132651
Changes:
 chromium (147.0.7727.55-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-5858: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5859: Integer overflow in WebML. Reported by Anonymous.
     - CVE-2026-5860: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5861: Use after free in V8. Reported by 5shain.
     - CVE-2026-5862: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5863: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse.
     - CVE-2026-5865: Type Confusion in V8.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-5866: Use after free in Media.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse.
     - CVE-2026-5868: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-5869: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5870: Integer overflow in Skia. Reported by Google.
     - CVE-2026-5871: Type Confusion in V8. Reported by Google.
     - CVE-2026-5872: Use after free in Blink. Reported by Google.
     - CVE-2026-5873: Out of bounds read and write in V8. Reported by Google.
     - CVE-2026-5874: Use after free in PrivateAI. Reported by Krace.
     - CVE-2026-5875: Policy bypass in Blink.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5876: Side-channel information leakage in Navigation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5877: Use after free in Navigation.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2026-5878: Incorrect security UI in Blink.
       Reported by Shaheen Fazim.
     - CVE-2026-5879: Insufficient validation of untrusted input in ANGLE.
       Reported by parkminchan, working for SSD Labs Korea.
     - CVE-2026-5880: Incorrect security UI in browser UI.
     - CVE-2026-5881: Policy bypass in LocalNetworkAccess. Reported by asnine.
     - CVE-2026-5882: Incorrect security UI in Fullscreen.
     - CVE-2026-5883: Use after free in Media. Reported by sherkito.
     - CVE-2026-5884: Insufficient validation of untrusted input in Media.
       Reported by xmzyshypnc.
     - CVE-2026-5885: Insufficient validation of untrusted input in WebML.
       Reported by Bryan Bernhart.
     - CVE-2026-5886: Out of bounds read in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5887: Insufficient validation of untrusted input in Downloads.
       Reported by daffainfo.
     - CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by
       the Octane Security Team: Giovanni Vignone, Paolo Gentry,
       Robert van Eijk.
     - CVE-2026-5889: Cryptographic Flaw in PDFium. Reported by mlafon.
     - CVE-2026-5890: Race in WebCodecs. Reported by Casper Woudenberg.
     - CVE-2026-5891: Insufficient policy enforcement in browser UI.
       Reported by Tianyi Hu.
     - CVE-2026-5892: Insufficient policy enforcement in PWAs.
       Reported by Tianyi Hu.
     - CVE-2026-5893: Race in V8. Reported by QYmag1c.
     - CVE-2026-5894: Inappropriate implementation in PDF.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5895: Incorrect security UI in Omnibox.
       Reported by Renwa Hiwa @RenwaX23.
     - CVE-2026-5896: Policy bypass in Audio.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5897: Incorrect security UI in Downloads.
       Reported by Farras Givari.
     - CVE-2026-5898: Incorrect security UI in Omnibox.
       Reported by saidinahikam032.
     - CVE-2026-5899: Incorrect security UI in History Navigation.
       Reported by Islam Rzayev.
     - CVE-2026-5900: Policy bypass in Downloads.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5901: Policy bypass in DevTools.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5902: Race in Media. Reported by Luke Francis.
     - CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands.
     - CVE-2026-5904: Use after free in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-5905: Incorrect security UI in Permissions.
       Reported by daffainfo.
     - CVE-2026-5906: Incorrect security UI in Omnibox.
       Reported by mohamedhesham9173.
     - CVE-2026-5907: Insufficient data validation in Media.
       Reported by Luke Francis.
     - CVE-2026-5908: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5909: Integer overflow in Media.
       Reported by Mohammed Yasar B & Ameen Basha M K.
     - CVE-2026-5910: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5911: Policy bypass in ServiceWorkers. Reported by lebr0nli
       of National Yang Ming Chiao Tung University, Dept. of CS, Security
       and Systems Lab.
     - CVE-2026-5912: Integer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5913: Out of bounds read in Blink.
       Reported by Vitaly Simonovich.
     - CVE-2026-5914: Type Confusion in CSS. Reported by Syn4pse.
     - CVE-2026-5915: Insufficient validation of untrusted input in WebML.
       Reported by ningxin.hu@intel.com.
     - CVE-2026-5918: Inappropriate implementation in Navigation.
       Reported by Google.
     - CVE-2026-5919: Insufficient validation of untrusted input in WebSockets.
       Reported by Richard Belisle.
   * d/patches:
     - upstream/profile.patch: drop, merged upstream.
     - upstream/fix-boringssl-loong64.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/unrar.patch: drop, merged upstream.
     - trixie/nodejs-set-intersection.patch: update for upstream refactoring.
     - bookworm/clang19.patch: -fno-lifetime-dse is unsupported. Also move
       to llvm-19 directory.
     - ungoogled/disable-ai.patch: sync from ungoogled-chromium project.
       Also re-add code that creates new tab's search bar (closes: #1132651).
     - debianization/safe-libcxx.patch: add a patch to force building with
       libc++'s LIBCPP_HARDENING_MODE turned on. See
       https://issues.chromium.org/issues/485696265 for the
       (security-related) rationale.
     - llvm-19/static-assert.patch: add another chunk of static_assert()
       removals that clang 19 needs.
     - rust-1.85/image.patch: enable nightly features for image_v0.25
       [trixie, bookworm].
     - bookworm/constexpr.patch: update/refresh for renamed file [bookworm].
   * d/rules:
     - drop "enable_glic=false", as upstream now forces their AI on everyone;
       but we strip it out with ungoogled/disable-ai.patch.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - bookworm/gn-absl.patch: Add visibility specifier to absl/crc:crc32,
       and re-sort the patch to keep the edits organized.
     - trixie/gn-len.patch: Refresh.
     - trixie/gn-module-name.patch: New patch to address older GN not knowing
       about the {{cc_module_name}} substitution [trixie, bookworm].
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: regenerate
 .
   [ Jianfeng Liu ]
   * d/patches/loongarch64:
     - 0024-disable-BROTLI_MODEL-macro-for-some-targets.patch: add upstream
       patch to fix brotil on loong64
Checksums-Sha1:
 06f6033d72c960505098beebcee14628eac9611c 5444372 chromium-common-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 449cc4e8ddaff6601dca2c709f589f0568f37fd3 25342560 chromium-common_147.0.7727.55-1~deb12u1_amd64.deb
 afb09f18199d259742b7d07d45b7b80e02baf1d3 35653504 chromium-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 3c1225f11303124778eaa8f17f86904bf0632073 7534424 chromium-driver_147.0.7727.55-1~deb12u1_amd64.deb
 0bce129f78d99c0727d78e2e029749332575107f 29467932 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 79871aa41604b5ded15410c02d9d60c83ee0ab18 57221608 chromium-headless-shell_147.0.7727.55-1~deb12u1_amd64.deb
 7d52c5a2c5e7245ead4c173d650fb0e0d4c1fa83 19292 chromium-sandbox-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 ef64ade0dab7bf1aed1e50a1295c5ad72128bf2d 115688 chromium-sandbox_147.0.7727.55-1~deb12u1_amd64.deb
 05aa92126218b920109d332a57fb049e86d5e977 32284320 chromium-shell-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 0febb424e62b09bcd2e47f1e17bc1961f1c27788 62400712 chromium-shell_147.0.7727.55-1~deb12u1_amd64.deb
 4e2f424717e9decb4b9e52bbdf49f2d02824bc4e 30387 chromium_147.0.7727.55-1~deb12u1_amd64-buildd.buildinfo
 a42e0291ced151da87cc58c38332365eb66608c1 74347960 chromium_147.0.7727.55-1~deb12u1_amd64.deb
Checksums-Sha256:
 e2cff680730735c6e3477c148668c798df2491b3d9b17476107555665c442fbc 5444372 chromium-common-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 e7604d3e9925a537d699ccba278b65f1dd26ecbf7e16065afcf9769eda173781 25342560 chromium-common_147.0.7727.55-1~deb12u1_amd64.deb
 d6a91f56509f52d5c5b3d5e96af921f64ca77c4a6f482327f77d90389b3e9010 35653504 chromium-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 32d48203395fd1abf0dbc66ce914afbf972d1eca982560e7142aa8e96ed4034a 7534424 chromium-driver_147.0.7727.55-1~deb12u1_amd64.deb
 8747d47ddcbc44a6adfb784807189045ea8e7d9eb614717339b9cfdf34ac433c 29467932 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 e52f137c49f8c81a40cf562b6dc2a6b17e919e6651c3c556495d328674aabce8 57221608 chromium-headless-shell_147.0.7727.55-1~deb12u1_amd64.deb
 a32c9533ff3ebfc617123d572e2b2e98db15ca4edf4c4e499ab9d6d0d3d619a6 19292 chromium-sandbox-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 640b323f427f5dee040c8f89304573b43fb3c150ef3f2919cf7c6cd207063a66 115688 chromium-sandbox_147.0.7727.55-1~deb12u1_amd64.deb
 a81539b8930f10f05b45f506a4b83d4f2ec1f8764b840c8948698b06f72d97fa 32284320 chromium-shell-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 769d151c3f1dead7b4ac2b5595c74bcd4665b4ecb51acd809f8a6c8398c4c3c0 62400712 chromium-shell_147.0.7727.55-1~deb12u1_amd64.deb
 ba6ee5cb20664cbe2b977285022d17d7c5dc3a398c160e749c1f924838766510 30387 chromium_147.0.7727.55-1~deb12u1_amd64-buildd.buildinfo
 c5e4dd70c11169ae4bc1bb917f3dd6a735c417a8419ed965c9b02364b3e7ddee 74347960 chromium_147.0.7727.55-1~deb12u1_amd64.deb
Files:
 3657a341fddd70010283ca7177088b6b 5444372 debug optional chromium-common-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 057452225003a13473f5dde2beea74ea 25342560 web optional chromium-common_147.0.7727.55-1~deb12u1_amd64.deb
 a851fefefab3077cc2e353d44475052e 35653504 debug optional chromium-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 273d51b3bc173bd6afef3f36e2fb2c95 7534424 web optional chromium-driver_147.0.7727.55-1~deb12u1_amd64.deb
 6d2d4963e606eeec89e590d2bdff9179 29467932 debug optional chromium-headless-shell-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 71a95321c3dc0d370c4f3b7107c1356f 57221608 web optional chromium-headless-shell_147.0.7727.55-1~deb12u1_amd64.deb
 2e951e70ac3effd9c5f7ba6b213b85e4 19292 debug optional chromium-sandbox-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 de7c564f94ef8519a2191a7341f4ea3c 115688 web optional chromium-sandbox_147.0.7727.55-1~deb12u1_amd64.deb
 ca6587ae01d4fa7f861e02be28b54e23 32284320 debug optional chromium-shell-dbgsym_147.0.7727.55-1~deb12u1_amd64.deb
 08110fcc7699bf3c7a958bbc3b56bf5b 62400712 web optional chromium-shell_147.0.7727.55-1~deb12u1_amd64.deb
 437392125fb0546560b38b5f525ae014 30387 web optional chromium_147.0.7727.55-1~deb12u1_amd64-buildd.buildinfo
 60da3b1d9d8c0d74fd52c723304e8eb5 74347960 web optional chromium_147.0.7727.55-1~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmnY0f8ACgkQPkCWRKsh
20d7cQ/+J58olIwIQSG8XPGAaoWsYL+FzEsoR2Pbb2WxAz294zCjmAL8956ImRKQ
YzpHOi3PkV3iJSVDZXqBY6iY47ILmjt26KkVg1fqJiFEm7eIrcukZSENSlFAQOlV
nhOKqB2mSGiHvs2juA8ck4cKMHo1yIbH6fh6Ng9YXq+FuKnhtSNdDwkn6DTqSrg9
ofP5Oqv97QPKbdKoxPk0nMF+GhzJ/oJCEOsGNNIJfdLcJ+Ue2dypfR75ui3sYtZV
utth60/sth7tZXW+WALtKyRdzjjp1pck5+r7jrS5iO31YzUAAC/XsO7W5q2Q8iZN
10bZMBPgQF4glY95YxPbKHUa/N7x/CIqc5Ov0mX+IMzCqBY/FrOIJx11n7eROlXK
MDCJpmqPZv/4v2k7AhXPf2q1xUnm+VL/D+rgp6jvX0X0kk4rxRqJFTaSX+GV7vve
Uyod1xOn6zGWjG4+9soR+H1f3cKWagLsrKRRrAIRPwEilqPMl5/yKjD0LA8OGjrQ
n7MwvV/eUKTiEbfuoHG16j5FtNnnY08qSb2h0enKBkdMjIhQn1BfT4lkXCvwdXvB
SmD4tPoeKnmy9PPoALSwPyLlM1JSN5fWzz1H6l+fQVTE+b+koN5HUWuW+j/kROwH
HWIBIM8/0rTwSxBxxOPHqzJGSyDnonnlfVy2O8yjEg3U7hEeSKQ=
=tJGK
-----END PGP SIGNATURE-----