-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 19:35:31 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 146.0.7680.153-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1130569
Changes:
 chromium (146.0.7680.153-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-4439: Out of bounds memory access in WebGL.
       Reported by Goodluck.
     - CVE-2026-4440: Out of bounds read and write in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4441: Use after free in Base. Reported by Google.
     - CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse.
     - CVE-2026-4443: Heap buffer overflow in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4444: Stack buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4445: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4446: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge.
     - CVE-2026-4448: Heap buffer overflow in ANGLE.
       Reported by M. Fauzan Wijaya (Gh05t666nero).
     - CVE-2026-4449: Use after free in Blink. Reported by Syn4pse.
     - CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c.
     - CVE-2026-4451: Insufficient validation of untrusted input in
       Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip.
     - CVE-2026-4454: Use after free in Network.
       Reported by heapracer (@heapracer).
     - CVE-2026-4455: Heap buffer overflow in PDFium.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4456: Use after free in Digital Credentials API.
       Reported by sean wong.
     - CVE-2026-4457: Type Confusion in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim.
     - CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by
       Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern)
     - CVE-2026-4460: Out of bounds read in Skia.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4461: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-4462: Out of bounds read in Blink.
       Reported by heapracer (@heapracer).
     - CVE-2026-4463: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun.
   * d/patches/disable/glic.patch: refresh for upstream tab nudging changes
 .
   [ Jianfeng Liu ]
   * add upstreamed patch of boringssl to fix loong64 build (closes: #1130569)
Checksums-Sha1:
 0084cdabe20235f013e97669c06c54a54cc75d34 5575900 chromium-common-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 fa5a55a7312618ca0c1197b216550b3a420336b6 29155424 chromium-common_146.0.7680.153-1~deb13u1_armhf.deb
 46061e4e8bc0d4a89fc1d902d65b0f7a462871da 34907704 chromium-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 9a886f4d1c9d2954d1e3e20310e9326f6743de1d 7099200 chromium-driver_146.0.7680.153-1~deb13u1_armhf.deb
 e5a9460bb395872abede970e16e8c20d617611f9 27341176 chromium-headless-shell-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 8c9a9eb739cf34e8933e839f4686c31cfc55fbbb 53493248 chromium-headless-shell_146.0.7680.153-1~deb13u1_armhf.deb
 e160ad90976582a9bc6835c7b3ca0fdc497e69d9 19256 chromium-sandbox-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 a172fac876c4cd2663b24bc0d30e2102fee66417 111008 chromium-sandbox_146.0.7680.153-1~deb13u1_armhf.deb
 202a84cbb4fa07835234007dcffd3556c7cc58de 29652960 chromium-shell-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 bdbd38f658db9ea2428d61fa61cf7909dda25cd6 58408144 chromium-shell_146.0.7680.153-1~deb13u1_armhf.deb
 9f455e9ebb76e35e3eefc6e342265fa7fcc6870b 30272 chromium_146.0.7680.153-1~deb13u1_armhf-buildd.buildinfo
 d90b944c428901d31efd55bf618385c142f6214b 69774604 chromium_146.0.7680.153-1~deb13u1_armhf.deb
Checksums-Sha256:
 b7347aba2b48718d3bde076e153ddd425fe8f36cd4eb93e3eda3f97ad4575a7c 5575900 chromium-common-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 d7a3b1df90a0127aa915463ffb6d5950f2c16dd78802f43a0838f4fd3ac2223c 29155424 chromium-common_146.0.7680.153-1~deb13u1_armhf.deb
 b6d8dbc96372798233dbaa06d1c89f5d52c7eefa9132655429cca5151c3c29a7 34907704 chromium-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 9ce39c926995a03f24c064a06f362703c2228a5f60dc1ae94fe59a7ca43bf6fb 7099200 chromium-driver_146.0.7680.153-1~deb13u1_armhf.deb
 8b20ddceddc47db2dda7d527f770ddec5539d1a609c70be2dc8aef304d7e73d7 27341176 chromium-headless-shell-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 15ca0ef25224e265cf9fad2a37bf1713ed04464af6264c6ac1b42a3fa9604d65 53493248 chromium-headless-shell_146.0.7680.153-1~deb13u1_armhf.deb
 b71de19c4c1c278f7ebb87da589e97cc004c6dc18190301536f99b6d2b824098 19256 chromium-sandbox-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 4c4df00594fc4828c72eb9b96eb06857174e9cc3da02c5ef07ac3acef6c9c770 111008 chromium-sandbox_146.0.7680.153-1~deb13u1_armhf.deb
 1b4a6b0843fb3315b8d012fe38ab4bbb2443633a9c0ddcf6ace5fce96a2473e6 29652960 chromium-shell-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 9a511f92de262eb0dffb613223d278600f155e49da2ab90ec0d815e724eed940 58408144 chromium-shell_146.0.7680.153-1~deb13u1_armhf.deb
 58b9e78763643e86e5f399b28444fe1bbb957d830bf8382eae2301f49b2b1946 30272 chromium_146.0.7680.153-1~deb13u1_armhf-buildd.buildinfo
 265b048be5e97702a6b7a769d9e1f5b648289a005ed29e8e47c03fd70dae6992 69774604 chromium_146.0.7680.153-1~deb13u1_armhf.deb
Files:
 9434bf18668922d2ae54c15f41a37eec 5575900 debug optional chromium-common-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 fdeda0fc8ca4066757fb5a487958d652 29155424 web optional chromium-common_146.0.7680.153-1~deb13u1_armhf.deb
 344c67e3fa8b65358b5d3e4700141003 34907704 debug optional chromium-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 b7ab21c3f48f917ce29ebc072c40b8b4 7099200 web optional chromium-driver_146.0.7680.153-1~deb13u1_armhf.deb
 fb9915fb8df9d5019a67f9eee164d404 27341176 debug optional chromium-headless-shell-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 714ccaf3124b5f5b59ef33eada50cad1 53493248 web optional chromium-headless-shell_146.0.7680.153-1~deb13u1_armhf.deb
 431665839dc67b574afb3658f11ec888 19256 debug optional chromium-sandbox-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 1b6de5de4f25f36be8a6cb156777a692 111008 web optional chromium-sandbox_146.0.7680.153-1~deb13u1_armhf.deb
 fa89a0b1b52d76b256d9f67818bfb37a 29652960 debug optional chromium-shell-dbgsym_146.0.7680.153-1~deb13u1_armhf.deb
 7cba6307a41202e51c038b8e5019eb56 58408144 web optional chromium-shell_146.0.7680.153-1~deb13u1_armhf.deb
 99f9a75446eddef3857dec6dc9c8399c 30272 web optional chromium_146.0.7680.153-1~deb13u1_armhf-buildd.buildinfo
 2a215cc40f1c499c376102ef211a5cd1 69774604 web optional chromium_146.0.7680.153-1~deb13u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmm9jIkACgkQXVp1sEH/
1mIOaA//aeRzgaRV3YAJwbIHduHVUL/EhnRS8Vut8l841d3Qn9S8QPv7OVPB7ckK
7vcqm0MTYfHDntLAMdcrpmhsYEbJked/+Wnmphq3fshecEatovCW3dcP1sZnm7Sj
LnI8sPkIVjAUHjtlxCbTtO/nALGgQCvPaCGQgzM0loZTgImFdxEoaiiP4+spGj9i
qIkQlSnWF6r2gVxga+Mxk43rjs8fHeE6MBHson5Q0nyJjAj5jbKWLxn7iPHJ29eq
nn6KN59qVOXhqA9Uk0vThs5ggOtaRB7EEFo5PBBYq5lwa3Zy/a9HTytwOm+is/+G
pe+l1UMZRTVgVmQO03PeBnuG3c+wbbXw+KzDdrg/MT2xHL5lk+d4VXi5Gkk0mYmR
h2N5wyXt43IVvmXexJ+oA4sxXPQDQidhttN+IPp9kJErnrp/T3AqI6HOIeSbwc7e
OU1EDZQSZRRcUjfWVP/FWYJQrgIMgsTLg0tdr/ToPGC1e5QmgtEACJUCF8SESh4B
6cgmce6grxueAJoKIFMGfaRRG+c6/QuLFmdEWTIMllUuwEP1xE3U99RJUYXhtTe+
+YJ0A0b1EDuRXor9xeF0snsULounndNYh8CUMxdABTzUDiU6rzIlGvjAkS5+NTwZ
8xLiSdmmU//g+9Q87czQaIUbqMzjGL6fv8rJMvE5EI3typXzD6w=
=B/Ue
-----END PGP SIGNATURE-----