-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 May 2026 11:48:56 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 148.0.7778.215-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: armhf Build Daemon (arm-ubc-06) <buildd_arm64-arm-ubc-06@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (148.0.7778.215-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-9872: Out of bounds write in GPU. Reported by cinzinga.
     - CVE-2026-9873: Use after free in Network. Reported by cinzinga.
     - CVE-2026-9874: Use after free in Dawn. Reported by Anonymous.
     - CVE-2026-9875: Out of bounds read in WebGL. Reported by Anonymous.
     - CVE-2026-9876: Use after free in WebGL. Reported by happy2me.
     - CVE-2026-9877: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9878: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9879: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9880: Insufficient validation of untrusted input in WebGL.
       Reported by Google.
     - CVE-2026-9881: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-9882: Integer overflow in ANGLE. Reported by Google.
     - CVE-2026-9883: Use after free in Base. Reported by Google.
     - CVE-2026-9884: Use after free in Browser. Reported by Google.
     - CVE-2026-9885: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-9886: Use after free in Base. Reported by Google.
     - CVE-2026-9887: Use after free in Proxy. Reported by Google.
     - CVE-2026-9888: Use after free in WebView. Reported by Google.
     - CVE-2026-9889: Out of bounds read and write in Dawn. Reported by Google.
     - CVE-2026-9890: Use after free in XR. Reported by Google.
     - CVE-2026-9891: Use after free in Extensions. Reported by Google.
     - CVE-2026-9892: Inappropriate implementation in Skia. Reported by Google.
     - CVE-2026-9893: Use after free in Skia. Reported by Google.
     - CVE-2026-9894: Use after free in GPU. Reported by tohafrit.
     - CVE-2026-9895: Out of bounds read in GPU.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-9896: Out of bounds write in V8. Reported by 303f06e3.
     - CVE-2026-9897: Use after free in DOM. Reported by Google.
     - CVE-2026-9898: Insufficient validation of untrusted input in GPU.
       Reported by Google.
     - CVE-2026-9899: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9900: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9901: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9902: Use after free in Accessibility. Reported by Google.
     - CVE-2026-9903: Insufficient validation of untrusted input in
       Site Isolation. Reported by Google.
     - CVE-2026-9904: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9905: Use after free in Accessibility. Reported by Google.
     - CVE-2026-9906: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-9907: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-9908: Out of bounds read in ANGLE. Reported by Google.
     - CVE-2026-9909: Integer overflow in Skia. Reported by Google.
     - CVE-2026-9910: Out of bounds memory access in ANGLE. Reported by Google.
     - CVE-2026-9911: Integer overflow in ANGLE. Reported by Google.
     - CVE-2026-9912: Inappropriate implementation in GPU. Reported by Google.
     - CVE-2026-9913: Inappropriate implementation in ANGLE. Reported by Google
     - CVE-2026-9914: Insufficient validation of untrusted input in ANGLE.
       Reported by Google.
     - CVE-2026-9915: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9916: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9917: Uninitialized Use in WebGL. Reported by Google.
     - CVE-2026-9918: Inappropriate implementation in Tint. Reported by Google.
     - CVE-2026-9919: Out of bounds read in WebGL. Reported by Google.
     - CVE-2026-9920: Uninitialized Use in GPU. Reported by Google.
     - CVE-2026-9921: Uninitialized Use in WebGL. Reported by Google.
     - CVE-2026-9922: Use after free in GPU. Reported by Google.
     - CVE-2026-9923: Use after free in Skia. Reported by Google.
     - CVE-2026-9924: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9925: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9926: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9927: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9928: Out of bounds read in ANGLE.
       Reported by Jeff Muizelaar - Mozilla.
     - CVE-2026-9929: Inappropriate implementation in WebGL. Reported by Google
     - CVE-2026-9930: Out of bounds write in Dawn. Reported by Google.
     - CVE-2026-9931: Use after free in GPU. Reported by Google.
     - CVE-2026-9932: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9933: Use after free in Input. Reported by Google.
     - CVE-2026-9934: Use after free in Aura. Reported by Google.
     - CVE-2026-9935: Uninitialized Use in ANGLE. Reported by Google.
     - CVE-2026-9936: Use after free in GFX. Reported by Google.
     - CVE-2026-9937: Use after free in UI. Reported by Google.
     - CVE-2026-9938: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-9939: Heap buffer overflow in WebCodecs. Reported by Google.
     - CVE-2026-9940: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9941: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9942: Uninitialized Use in ANGLE. Reported by Google.
     - CVE-2026-9943: Out of bounds read in WebGL. Reported by Google.
     - CVE-2026-9944: Uninitialized Use in ANGLE. Reported by Google.
     - CVE-2026-9945: Use after free in Media. Reported by Google.
     - CVE-2026-9946: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9947: Use after free in XML. Reported by Google.
     - CVE-2026-9948: Use after free in Views. Reported by Google.
     - CVE-2026-9949: Use after free in Core. Reported by Google.
     - CVE-2026-9950: Insufficient validation of untrusted input in iOS.
       Reported by Google.
     - CVE-2026-9951: Use after free in UI. Reported by Google.
     - CVE-2026-9952: Use after free in WebAudio. Reported by Google.
     - CVE-2026-9953: Out of bounds read in ANGLE. Reported by Google.
     - CVE-2026-9954: Use after free in TabStrip.
       Reported by yueliu of Microsoft.
     - CVE-2026-9955: Inappropriate implementation in iOS. Reported by Google.
     - CVE-2026-9956: Use after free in iOS. Reported by Google.
     - CVE-2026-9957: Use after free in PDF. Reported by Google.
     - CVE-2026-9958: Use after free in PDFium. Reported by Google.
     - CVE-2026-9959: Race in WebRTC. Reported by Google.
     - CVE-2026-9960: Integer overflow in PDFium. Reported by Google.
     - CVE-2026-9961: Use after free in SurfaceCapture. Reported by Google.
     - CVE-2026-9962: Use after free in WebRTC. Reported by Google.
     - CVE-2026-9963: Uninitialized Use in iOS. Reported by Google.
     - CVE-2026-9964: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-9965: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9966: Integer overflow in XML. Reported by Google.
     - CVE-2026-9967: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-9968: Integer overflow in V8. Reported by Google.
     - CVE-2026-9969: Insufficient validation of untrusted input in ANGLE.
       Reported by Google.
     - CVE-2026-9970: Use after free in WebGL. Reported by TFGC.
     - CVE-2026-9971: Inappropriate implementation in iOS. Reported by Google.
     - CVE-2026-9972: Uninitialized Use in Gamepad. Reported by Google.
     - CVE-2026-9973: Out of bounds write in V8. Reported by amyb of OpenAI.
     - CVE-2026-9974: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-9975: Out of bounds read and write in ANGLE. Reported by Google
     - CVE-2026-9976: Inappropriate implementation in USB. Reported by Google.
     - CVE-2026-9977: Insufficient validation of untrusted input in WebShare.
       Reported by Google.
     - CVE-2026-9978: Use after free in Glic. Reported by Google.
     - CVE-2026-9979: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-9980: Insufficient validation of untrusted input in Printing.
       Reported by Google.
     - CVE-2026-9981: Inappropriate implementation in Skia. Reported by Google.
     - CVE-2026-9982: Insufficient validation of untrusted input in ANGLE.
       Reported by Google.
     - CVE-2026-9983: Type Confusion in Skia. Reported by Google.
     - CVE-2026-9984: Use after free in UI. Reported by Google.
     - CVE-2026-9985: Insufficient validation of untrusted input in Media.
       Reported by Google.
     - CVE-2026-9986: Insufficient validation of untrusted input in
       OptimizationGuide. Reported by Google.
     - CVE-2026-9987: Insufficient validation of untrusted input in
       WebAppInstalls. Reported by Google.
     - CVE-2026-9988: Use after free in WebRTC. Reported by Google.
     - CVE-2026-9989: Inappropriate implementation in Media. Reported by Google
     - CVE-2026-9990: Use after free in WebAppInstalls. Reported by Google.
     - CVE-2026-9991: Inappropriate implementation in Media. Reported by Google
     - CVE-2026-9992: Use after free in Network. Reported by Google.
     - CVE-2026-9993: Use after free in Views. Reported by Google.
     - CVE-2026-9994: Use after free in Core. Reported by Google.
     - CVE-2026-9995: Use after free in WebXR. Reported by Google.
     - CVE-2026-9996: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-9997: Use after free in Input. Reported by Google.
     - CVE-2026-9998: Integer overflow in Skia. Reported by Google.
     - CVE-2026-9999: Inappropriate implementation in ANGLE. Reported by Google
     - CVE-2026-10000: Use after free in Passwords. Reported by Google.
     - CVE-2026-10001: Use after free in PerformanceManager. Reported by Google
     - CVE-2026-10002: Use after free in PDFium. Reported by Google.
     - CVE-2026-10003: Use after free in Views. Reported by Google.
     - CVE-2026-10004: Insufficient validation of untrusted input in Passwords.
       Reported by Google.
     - CVE-2026-10005: Use after free in WebAppInstalls. Reported by Google.
     - CVE-2026-10006: Race in WebAudio. Reported by Google.
     - CVE-2026-10007: Use after free in SVG. Reported by Google.
     - CVE-2026-10008: Uninitialized Use in GPU. Reported by Google.
     - CVE-2026-10009: Integer overflow in Skia. Reported by Google.
     - CVE-2026-10010: Inappropriate implementation in Input.
       Reported by Google.
     - CVE-2026-10011: Inappropriate implementation in Skia. Reported by Google
     - CVE-2026-10012: Use after free in Skia. Reported by Google.
     - CVE-2026-10013: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-10014: Use after free in WebMIDI. Reported by Google.
     - CVE-2026-10015: Integer overflow in WTF. Reported by Google.
     - CVE-2026-10016: Use after free in DOM. Reported by pwn2addr.
     - CVE-2026-10017: Out of bounds read in Headless.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-10018: Integer overflow in ANGLE. Reported by Rahul Raj.
     - CVE-2026-10019: Integer overflow in ANGLE.
       Reported by Mufeed VH from Winfunc Research (winfunc.com).
     - CVE-2026-10020: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-10021: Insufficient validation of untrusted input in USB.
       Reported by Google.
     - CVE-2026-10022: Type Confusion in V8. Reported by ggwhyp.
Checksums-Sha1:
 92812134d6e7980cb332b1a484c2568254ce31c0 5827396 chromium-common-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 cc4e6cc7dc98265f65df3b6ae51ede3288e6a045 25456912 chromium-common_148.0.7778.215-1~deb13u1_armhf.deb
 4e313f9f342eeb7ac5d04059c279d8e4c663d845 35430104 chromium-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 c2f7cd5ea2dcd96513a600e045dfbd2b0c387b5d 7213176 chromium-driver_148.0.7778.215-1~deb13u1_armhf.deb
 db92f00cd4d48685cae5cf7f69755c1183635602 27516012 chromium-headless-shell-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 a344da5ca7f44f4fbae6ee5c7a608cdab367b851 54433428 chromium-headless-shell_148.0.7778.215-1~deb13u1_armhf.deb
 0c4e9a5be44454deaee6623e84e2b9eece2e7731 19264 chromium-sandbox-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 8c7a117740dae6abf8882c3fdb5344f160bff737 118788 chromium-sandbox_148.0.7778.215-1~deb13u1_armhf.deb
 717f4aca6e0bc2ef1893983a02e8568dd0ada027 29900176 chromium-shell-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 546a536be9ca521736a81f5a68729c386ecfc134 59723212 chromium-shell_148.0.7778.215-1~deb13u1_armhf.deb
 85e341f88ccaa80c6e41ec34bf17e5b695342d73 30555 chromium_148.0.7778.215-1~deb13u1_armhf-buildd.buildinfo
 1cd138c51ee2713d00d0443263573fc4ef7d6eb3 71502052 chromium_148.0.7778.215-1~deb13u1_armhf.deb
Checksums-Sha256:
 336ec2af9d9cf78711f1d8f537b5896755f7e3d12e075cd1a029ceb7b248d589 5827396 chromium-common-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 5fd97c11db54d5c6d719cbd893826f7ef5d588c2375a0dd1d7443c41b0beab8c 25456912 chromium-common_148.0.7778.215-1~deb13u1_armhf.deb
 8a4cecc77718738890b484d6a7e4915fbb42321ae45c7039f342ddd3009df60b 35430104 chromium-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 700b4ea942a10c8f54f0a44344891c519533dc08fd41ba0b417e8a316b1ca717 7213176 chromium-driver_148.0.7778.215-1~deb13u1_armhf.deb
 790fc8ce4f490bf093119b4eda12e0c61dc7475e2e58a368cc01ce1f1e5408e6 27516012 chromium-headless-shell-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 9bc4c4bca976d8bbecff6996243fd2b45499cfa05d1f565e802e8529e7b9b3cb 54433428 chromium-headless-shell_148.0.7778.215-1~deb13u1_armhf.deb
 6fc74968aa7fa3fc182cda84d98f428ae20be3ec2b0bdedb561513c1036b5465 19264 chromium-sandbox-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 556b7eca4e793f46c5ef33ab287434e7a85fcb3649558c0e040ebd46bfc32141 118788 chromium-sandbox_148.0.7778.215-1~deb13u1_armhf.deb
 8637491b29778f699eded3a8873b9ee0ca8490810c3e43aadc2592db030c5697 29900176 chromium-shell-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 df74700fa6557e7e4a606582030dbfcbf5538676032a98c69a1e4887f47976a4 59723212 chromium-shell_148.0.7778.215-1~deb13u1_armhf.deb
 aa2db3632e99e3e6004ce63077d95f2fa0a267cadcaa6afbf46cc4a9c920baea 30555 chromium_148.0.7778.215-1~deb13u1_armhf-buildd.buildinfo
 b8a223b9340986d769613bb5cd2124d26cdff06f1b40a659aec79452ef302a7a 71502052 chromium_148.0.7778.215-1~deb13u1_armhf.deb
Files:
 c078450781d526e05085e20400d898b8 5827396 debug optional chromium-common-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 b01a38e10d9abac895a231e3b99b3012 25456912 web optional chromium-common_148.0.7778.215-1~deb13u1_armhf.deb
 94c577a358228ce460b903c1803770dc 35430104 debug optional chromium-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 f6c232b50bc46a0b50ca7a5cda8a42d9 7213176 web optional chromium-driver_148.0.7778.215-1~deb13u1_armhf.deb
 74af3ac66bedb01195ae0ca289f96c8d 27516012 debug optional chromium-headless-shell-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 31e2c9fd1040f627a286cee7223e9958 54433428 web optional chromium-headless-shell_148.0.7778.215-1~deb13u1_armhf.deb
 acf531c2c49336fa9140972282f63d8b 19264 debug optional chromium-sandbox-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 bfe1a59f51325441d0284380db3470cc 118788 web optional chromium-sandbox_148.0.7778.215-1~deb13u1_armhf.deb
 81bbf73050acd1ce929a0b70b90d328d 29900176 debug optional chromium-shell-dbgsym_148.0.7778.215-1~deb13u1_armhf.deb
 fc23aa9e44ad4474db91bf0e8838ac44 59723212 web optional chromium-shell_148.0.7778.215-1~deb13u1_armhf.deb
 6d043faf22b97de4d75450fc2c61a992 30555 web optional chromium_148.0.7778.215-1~deb13u1_armhf-buildd.buildinfo
 a8dc8dabca1e04546e4e52d21672b608 71502052 web optional chromium_148.0.7778.215-1~deb13u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBOUsBrtd5lcy6oRfutMAkCxKbL0FAmocZiwACgkQutMAkCxK
bL099g/+N6lhkH2I6ofiCA9WFf5AIuBoVNgG+MV9wPH1xzdR5DK9DjSxEiTXES1M
XFJIa6B3uxxFFGBaLLGlZ0RMKQwCZYcnmWjt24vRhHW4CZd0zozwMNvyp5NUJFlE
VKENPLh8VK5Zwdr2zKP/EH0QRiPTwGqrG/sgJ6GLRfJDLXvhhpAQLvWatKhPC5pE
zmv8Jps6u5FkCZs4nZ+U/y4FFr7KfLDp69Cs+AXhSW2vxBSZTiiV0ogUut+737M5
2agOni1KsiRMitBy7Iv+bEpdasbHCi/M+yqCXDlRWgrWcDKLBWvoIunHMaE/PRPy
Vv65T6hj2KOqdkl+CDSPqKbApFc9yuO1WhNKm0WcoUQzsK4StxNXnExATuOwgWu8
NFpqq6FasZZKNLC9WXnDbZcGrQ1pVNeA25e0Jv/ukXedHIWRmBMCYyO0dNqMv8qL
mOoJdhqMNlyWryo3JY34PwwU7ed/cjSpwGngMYc2y11KB6LQbCfjlNPl4mc3h501
Eg+DuqUqKDcr88+fJsHnrv7+HxK2oA7FoFvOHr3JD3359IhkYIa4mCfl4a2tAIlB
xhRgSQ3Iyh530paZOKMNRaVyTJikndGcDZISK2vw5NRoaDl5u03yJv8w5vKaF2bA
2YxaNZBbpNt8B77lxDIpXz3lnqNykS0jzA4RkhmiPGHhGK1v8X8=
=4k93
-----END PGP SIGNATURE-----