-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 19:35:31 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 146.0.7680.153-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1130569
Changes:
 chromium (146.0.7680.153-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-4439: Out of bounds memory access in WebGL.
       Reported by Goodluck.
     - CVE-2026-4440: Out of bounds read and write in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4441: Use after free in Base. Reported by Google.
     - CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse.
     - CVE-2026-4443: Heap buffer overflow in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4444: Stack buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4445: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4446: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge.
     - CVE-2026-4448: Heap buffer overflow in ANGLE.
       Reported by M. Fauzan Wijaya (Gh05t666nero).
     - CVE-2026-4449: Use after free in Blink. Reported by Syn4pse.
     - CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c.
     - CVE-2026-4451: Insufficient validation of untrusted input in
       Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip.
     - CVE-2026-4454: Use after free in Network.
       Reported by heapracer (@heapracer).
     - CVE-2026-4455: Heap buffer overflow in PDFium.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4456: Use after free in Digital Credentials API.
       Reported by sean wong.
     - CVE-2026-4457: Type Confusion in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim.
     - CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by
       Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern)
     - CVE-2026-4460: Out of bounds read in Skia.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4461: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-4462: Out of bounds read in Blink.
       Reported by heapracer (@heapracer).
     - CVE-2026-4463: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun.
   * d/patches/disable/glic.patch: refresh for upstream tab nudging changes
 .
   [ Jianfeng Liu ]
   * add upstreamed patch of boringssl to fix loong64 build (closes: #1130569)
Checksums-Sha1:
 1aa88cf2c4bd936b86ee94b65c74d695bb208e2e 6075048 chromium-common-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 f25bb5eef45a09578842c9483554019e52f77379 33868748 chromium-common_146.0.7680.153-1~deb13u1_arm64.deb
 6cb29e3027df75ba32afc5e5a0266b981b4d973a 33580324 chromium-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 28d4466d312e3e3979908c5b822865d61ac5d761 6529696 chromium-driver_146.0.7680.153-1~deb13u1_arm64.deb
 ebfa96c1d99df48127be62afbf0dcee96af225c5 28026860 chromium-headless-shell-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 cb64ca10fffc33903b9784755a1ea7468ce20fcb 53461256 chromium-headless-shell_146.0.7680.153-1~deb13u1_arm64.deb
 b4248314a7bee2811c09db8d496a545f8ee6a3ac 21084 chromium-sandbox-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 9391aa530e8e1031b26db851792216912fc94e15 112084 chromium-sandbox_146.0.7680.153-1~deb13u1_arm64.deb
 3c64b2d32cd350f9e9bc66e3db0c177d4857a634 29287152 chromium-shell-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 dcfc11283e8df08f48f0be0eb7fb22b364d6620c 53136424 chromium-shell_146.0.7680.153-1~deb13u1_arm64.deb
 370ba3d13c1a3babd72e354a2f601c8686e00861 30366 chromium_146.0.7680.153-1~deb13u1_arm64-buildd.buildinfo
 30797944112e4415b2636a611f31200bc6f0975d 71050148 chromium_146.0.7680.153-1~deb13u1_arm64.deb
Checksums-Sha256:
 e816d9f708928ffdf256df85fb37b3b447fb98aec5699df68773685eeb9edc61 6075048 chromium-common-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 765764bdb0af053815f115e9a9eaa51c23c94b707e3de3f801186f6b1666eb66 33868748 chromium-common_146.0.7680.153-1~deb13u1_arm64.deb
 81c706074d74bffa598673f8d605c7480cd05950f0602e3279cd6060faf96a29 33580324 chromium-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 c61529619be9288d88db24808e64437e18e99bbc05d94b1d84ae988a43e5b87b 6529696 chromium-driver_146.0.7680.153-1~deb13u1_arm64.deb
 d6b95e6a605932ffb6775b0d8c6d2eb476d76bcc172fd16bb297582b7422f07e 28026860 chromium-headless-shell-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 1d0332061b16ad748167f62c3ac6862ac541577222982ec6086890f88857ecd4 53461256 chromium-headless-shell_146.0.7680.153-1~deb13u1_arm64.deb
 37b91284820118ea1dd5a9dad5031fe51665df43f5e3e647f6ccf46eb3051364 21084 chromium-sandbox-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 8675187e3a06e61dd549e094a350192b0c11fa7f8c5891b1df1a2d70053e884a 112084 chromium-sandbox_146.0.7680.153-1~deb13u1_arm64.deb
 9bd40ca094c12a8ff70d5fd298931361efbf332546befe65538f2804be2fcf4c 29287152 chromium-shell-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 c092ada6686d0666ceb7e9271c0b3d51b23cc0a63472615bd75cf66886d549b1 53136424 chromium-shell_146.0.7680.153-1~deb13u1_arm64.deb
 d187b202d1ce375d8061b2dc6c03eacc438ba7d0435e9c632ec59af30568c87b 30366 chromium_146.0.7680.153-1~deb13u1_arm64-buildd.buildinfo
 e371a5b61c5c782e45c0ac6f9e3c889f832a924a760c4e2bac42f19b2953ce6d 71050148 chromium_146.0.7680.153-1~deb13u1_arm64.deb
Files:
 5f857daec60a6e4ef68ded50fa740cf0 6075048 debug optional chromium-common-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 700b7b353f04aeed24c5d4722282c679 33868748 web optional chromium-common_146.0.7680.153-1~deb13u1_arm64.deb
 9269f0521c57b785f09da4fdaca12c33 33580324 debug optional chromium-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 146350a3ce6e8caeeb4dae63a05f34ad 6529696 web optional chromium-driver_146.0.7680.153-1~deb13u1_arm64.deb
 5ab3d17dcc140abbe9e07c9526e3989c 28026860 debug optional chromium-headless-shell-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 fa4fd79be26b5d580a4544898e328426 53461256 web optional chromium-headless-shell_146.0.7680.153-1~deb13u1_arm64.deb
 d83bbd79d869fd3c61d042d8020a9772 21084 debug optional chromium-sandbox-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 91135ae9bd2fec1f73b5411249f573e7 112084 web optional chromium-sandbox_146.0.7680.153-1~deb13u1_arm64.deb
 288c2fa8d79d7a6bb7bd4731b8d4a325 29287152 debug optional chromium-shell-dbgsym_146.0.7680.153-1~deb13u1_arm64.deb
 bef1121942f9d43e429d65d66cc6b238 53136424 web optional chromium-shell_146.0.7680.153-1~deb13u1_arm64.deb
 af99fcdc34e38a87c919de1be8be39d4 30366 web optional chromium_146.0.7680.153-1~deb13u1_arm64-buildd.buildinfo
 9a2170550dbdc3d314434b09150383a8 71050148 web optional chromium_146.0.7680.153-1~deb13u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmm9gmcACgkQScpU3dYu
lLi39xAAmc0hSX8/lBqMvzd/RtKa+LoRFQTcBnTzmsg9FnISEO0P4p2EWjfGP8PD
nfptG1PHyJ1EZGjzMsE8KB3lQ5JA57Oo+ar1TgOjhEzr1QPc3hpznMurI45iu7aB
ZXPzYvaLm5SX1BzjTg4+aKiBvUHYbT5fYjUWvE33t5tiqGPJrEwZkH9EPluUk6zf
6lcH9NMbO8Sx5ED+/33R+SrsXIe2Rg5/ToURickk6Nzp17a/tiyQiOChRvxjiYGs
92qAS/R35MnQ/gnkJJMSiHhBPWmWhkYc7G2QxU+ZCOiaD1U19Foad5HW093cGxfH
IQT9tgLfu11TlJV+TqcE6Bnl+BdA3ca+D1NwH0eNKOqd37eG/WwezE0SDKkq1E59
o7WHAaW2guwe9GeeW94AegvnCOAg2AP4EmZabaamsV8gaIK9tkDnxyKgRiDMHM3g
TnGerrAE7K1p70qkrreOpO/BLxdyLZVer772kJos3idD3ZA6GcBj52q4ZtmxfjiK
ttZEwuUctN1IMV3d3GWrJHjRaAPsuQAHk0X8k1eTRdyRNWzLXq4bTHKxHwxUA/Lh
aan5QZTr78dMaEPa+6vXKlL13jH8akjKe2XeylJ4F4RzMiBWefbvDYA0yETyrEvB
JtHWZwpJOozk8E/yax6BYaTzi+rtG2vLsxvjGeY71NPZ6g20zx4=
=2Zyg
-----END PGP SIGNATURE-----