-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 03 Dec 2025 01:54:50 -0500
Source: chromium
Architecture: source
Version: 143.0.7499.40-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (143.0.7499.40-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-13630: Type Confusion in V8.
       Reported by Shreyas Penkar (@streypaws).
     - CVE-2025-13631: Inappropriate implementation in Google Updater.
       Reported by Jota Domingos.
     - CVE-2025-13632: Inappropriate implementation in DevTools.
       Reported by Leandro Teles.
     - CVE-2025-13633: Use after free in Digital Credentials.
       Reported by Chrome.
     - CVE-2025-13634: Inappropriate implementation in Downloads.
       Reported by Eric Lawrence of Microsoft.
     - CVE-2025-13720: Bad cast in Loader. Reported by Chrome.
     - CVE-2025-13721: Race in v8. Reported by Chrome.
     - CVE-2025-13635: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13636: Inappropriate implementation in Split View.
       Reported by Khalil Zhani.
     - CVE-2025-13637: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito.
     - CVE-2025-13639: Inappropriate implementation in WebRTC.
       Reported by Philipp Hancke.
     - CVE-2025-13640: Inappropriate implementation in Passwords.
       Reported by Anonymous.
   * d/patches:
     - fixes/headless-gn.patch: refresh.
     - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream.
     - disable/tests.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - fixes/libpng-testonly.patch: add a workaround for a missing build target
       that upstream forgot to include.
     - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as
       unsafe to make rustc happy.
     - trixie/cookie-string-view.patch: add a workaround for missing clang-19
       feature.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - debianization/cross-build.patch: Avoid "Assignment had no effect"
       error from GN when running outside of d/rules.
     - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here.
     - disable/license-headless-shell.patch: Don't generate the (unused)
       LICENSE.headless_shell file, as the rule tends to break easily.
     - fixes/headless-gn.patch: No longer needed, thanks to previous patch.
     - trixie/rust-is-multiple-of.patch: add more workarounds for missing
       rustc features.
   * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes
 .
   [ Jianfeng Liu ]
   * Add loong64 support, with patches in d/patches/loongarch64/.
Checksums-Sha1:
 5ae07a5be94545457a79ad25e3b6780bbd7eea49 4090 chromium_143.0.7499.40-1~deb13u1.dsc
 5afd149cc2ac44be0a3c3761dcd2dd21ee4d37be 1016232376 chromium_143.0.7499.40.orig.tar.xz
 880cac02a90d93cf214fb3d0396552f5c6c33965 439560 chromium_143.0.7499.40-1~deb13u1.debian.tar.xz
 06a345bb353002611587b795954494b24557d15d 26537 chromium_143.0.7499.40-1~deb13u1_source.buildinfo
Checksums-Sha256:
 8c774bfe12615f74e525ede0aa1ffcffddee7134610cfc7cea033fb12eed9364 4090 chromium_143.0.7499.40-1~deb13u1.dsc
 8aeca2164ee3ad54e36c7e5b4349883d7d6fc4ff2a7b578e0b294bd4bf6c2729 1016232376 chromium_143.0.7499.40.orig.tar.xz
 09b0bd8a3dbb056def43e954bdccc3b7e077d30bccfeb27970353e496bb4de65 439560 chromium_143.0.7499.40-1~deb13u1.debian.tar.xz
 dd89ce74c025532b42e5b23cb88ee147b4980b87ee2eb08906d5c0013bb81d7a 26537 chromium_143.0.7499.40-1~deb13u1_source.buildinfo
Files:
 9d016c34e3eda7a9ba6670fe4a6b68e7 4090 web optional chromium_143.0.7499.40-1~deb13u1.dsc
 5baa25f96ba17d43bc048969d26c1867 1016232376 web optional chromium_143.0.7499.40.orig.tar.xz
 26a1f88b49159259b4b65a4afe4c79ae 439560 web optional chromium_143.0.7499.40-1~deb13u1.debian.tar.xz
 44b4070a477a8ca9f93082110fa0287d 26537 web optional chromium_143.0.7499.40-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmkwHB4UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcEixAApyYDduuh7fNnILEOlNG/aTse1iwi
5cMqrtPqwO0mEth4X8c6x2MSI+/nlw3ih/+jpOOO5O/P8H4IINY9JpHyNijc028t
ekxfeFFt+QpQcQkl9R0w+BpOSweTq9GHToGUJqJyzDk2UA0n32FgqnIQ6FhU3TxB
CwpojdV2BSVvIPoElWN5W6hR/2y/oZVgwen/Wozl1WYiNBXR4elh+GCsWhmBWwc4
jOvFoDnTOY/2gSLCi3J1vPmqSvWYR9J9bqjteCb7ukm+IbBWDDpfh1f/iICyWnWe
aRrEU9iKuHUiRN7a9u+ObffFtInqC+9RREAFSayWaaozQY0sIl8oiBNh+nmEpuUx
0gXbGPhZ8NK58Nn0RyMOE3mVPfCv8MAS1ffT/nFmyMhSho26g+ayVzYEbK736hzB
kdhV6o+cSN/LKPPKSjgSHQZ+etLEs5Bck7XPjDcu+iL4e3+vpDFXbDJF8EA6HCGc
qAC025JVGoyJrZB0ycLhei2ICk7UeRsWho3SNTxZJjVsSSQDSQNHWvI8pwJsFh4X
YQberfn3iQZcb+mVn3ON6lPkIuh3y2oLrn5zSELuvK/Oj8kFyyaeEYfVXmRiaWVy
DopsYSsASxirZ51AbQj3HvJc+E0TMoHfR8IQTBZidTIcISk7X+qsvh70o7T7PAFo
Kyjyp9j2LVz+0lg=
=ZA2s
-----END PGP SIGNATURE-----