-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 19:35:31 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 146.0.7680.153-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Closes: 1130569
Changes:
 chromium (146.0.7680.153-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-4439: Out of bounds memory access in WebGL.
       Reported by Goodluck.
     - CVE-2026-4440: Out of bounds read and write in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4441: Use after free in Base. Reported by Google.
     - CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse.
     - CVE-2026-4443: Heap buffer overflow in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4444: Stack buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4445: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4446: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge.
     - CVE-2026-4448: Heap buffer overflow in ANGLE.
       Reported by M. Fauzan Wijaya (Gh05t666nero).
     - CVE-2026-4449: Use after free in Blink. Reported by Syn4pse.
     - CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c.
     - CVE-2026-4451: Insufficient validation of untrusted input in
       Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip.
     - CVE-2026-4454: Use after free in Network.
       Reported by heapracer (@heapracer).
     - CVE-2026-4455: Heap buffer overflow in PDFium.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4456: Use after free in Digital Credentials API.
       Reported by sean wong.
     - CVE-2026-4457: Type Confusion in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim.
     - CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by
       Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern)
     - CVE-2026-4460: Out of bounds read in Skia.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4461: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-4462: Out of bounds read in Blink.
       Reported by heapracer (@heapracer).
     - CVE-2026-4463: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun.
   * d/patches/disable/glic.patch: refresh for upstream tab nudging changes
 .
   [ Jianfeng Liu ]
   * add upstreamed patch of boringssl to fix loong64 build (closes: #1130569)
Checksums-Sha1:
 60d1f4dd82ddab1a97f173cbcfe6d867d46fdbdf 8688292 chromium-l10n_146.0.7680.153-1~deb13u1_all.deb
 561a0b758545ed1b10bac70ed147b3f709bfdb8d 26871 chromium_146.0.7680.153-1~deb13u1_all-buildd.buildinfo
Checksums-Sha256:
 216bf3681bf340647ef5542084cd4bbd37a33d67840dbc36fe427b4268f00acc 8688292 chromium-l10n_146.0.7680.153-1~deb13u1_all.deb
 39332893a3342ba3f09b9c4b13d175afa976be06d98527b99c556253184c307e 26871 chromium_146.0.7680.153-1~deb13u1_all-buildd.buildinfo
Files:
 b764114b2b7b11cb5e6ea7f59fdc4d37 8688292 localization optional chromium-l10n_146.0.7680.153-1~deb13u1_all.deb
 3564476f05bacb9ff87131d1451245f2 26871 web optional chromium_146.0.7680.153-1~deb13u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmm9L1YACgkQN8Ugyu9d
QiTuchAAoA6J1KQ8/pkYXSvzp5GgfOgPOxFMAuus+s/o5Eod92BntEUtGz+IEIqC
+o+mcbTCL3yHIkvJHjxH6TWFw53BaC1gJ/gVorwSmUrjx9uocQu451dfGCiGFarT
riXO3opqsqvE4uCBXj5sfnNM3w2XCX8qD/Bdv4I7wWKqsoq3d3HsjXbMBHdIpkGT
kWt4HFwDKbygndvmaS22w3fswatudGIoW7vETuM4GltEy0V96qtj94EmOQfb2Cnp
FjI9aaLDUsAml3O2nNaSxc9re5UmRV/fn2XsZIHWQSdujlWSfytg7ZMEjdHIJX5e
mLQgPEAYFkRCC08YMLPkrN++0RDUu8HaWKgH6hSRlJKqPh+ZW+F3mW+1gdZKHsID
9WaXYc0JNU3RZNTxIWBfpM2CYqdo+VcFbxAQ9A0UHEAOaL4XbuXRoM7cnB7+Mjt9
OgJfD+TMWqPlImQqbma+F0kZ4o0iJFT2GMuX8wQa7Szo/IkDYghZU476c8AlVT6Z
GEF/r3OqdlCkRwn0mJfAM/VwnSgwUt+vc2stI+GTdUQWkzqOU8uhk4JKC8raj/r+
s4txuRfTp9muzd520DRrnCQO5eIBLHGF3wkIGC0NwOT0YDiyOGVS2vKSMXgljn5C
DteN7NNAGXVKmljAcL1l9rF8EmPUaHTUD58FZ97K+/pBlU4XtpM=
=IYc1
-----END PGP SIGNATURE-----