-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 149.0.7827.102-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (149.0.7827.102-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-11628: Use after free in Ozone. Reported by Google.
     - CVE-2026-11629: Use after free in Ozone. Reported by Google.
     - CVE-2026-11630: Use after free in File Input. Reported by Google.
     - CVE-2026-11631: Use after free in Aura. Reported by Google.
     - CVE-2026-11632: Use after free in TabStrip. Reported by Google.
     - CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11634: Use after free in Gamepad. Reported by Google.
     - CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11636: Use after free in Autofill. Reported by Google.
     - CVE-2026-11637: Use after free in Views. Reported by Google.
     - CVE-2026-11638: Use after free in Printing. Reported by Google.
     - CVE-2026-11639: Use after free in Compositing. Reported by Google.
     - CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11642: Use after free in Web Apps. Reported by Google.
     - CVE-2026-11643: Use after free in Proxy. Reported by Google.
     - CVE-2026-11644: Use after free in Views. Reported by Google.
     - CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
     - CVE-2026-11646: Use after free in ViewTransitions.
       Reported by Quac Tran.
     - CVE-2026-11647: Use after free in Printing. Reported by Google.
     - CVE-2026-11648: Use after free in FullScreen.
       Reported by Mihnea Nicolau.
     - CVE-2026-11649: Use after free in V8. Reported by Google.
     - CVE-2026-11650: Use after free in V8. Reported by Google.
     - CVE-2026-11651: Use after free in Network. Reported by Google.
     - CVE-2026-11652: Use after free in Extensions. Reported by Google.
     - CVE-2026-11653: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
     - CVE-2026-11655: Integer overflow in Media. Reported by Google.
     - CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11657: Use after free in Payments. Reported by Google.
     - CVE-2026-11658: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11659: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11660: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11661: Use after free in Views. Reported by Google.
     - CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
     - CVE-2026-11663: Use after free in Skia. Reported by Google.
     - CVE-2026-11664: Use after free in Payments. Reported by Google.
     - CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-11666: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
     - CVE-2026-11669: Integer overflow in Media. Reported by Google.
     - CVE-2026-11670: Use after free in PDF. Reported by Google.
     - CVE-2026-11671: Use after free in Navigation. Reported by Google.
     - CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
     - CVE-2026-11674: Use after free in Guest View. Reported by Google.
     - CVE-2026-11675: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11677: Race in Network. Reported by Google.
     - CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11679: Use after free in Codecs. Reported by Google.
     - CVE-2026-11680: Use after free in Media. Reported by Google.
     - CVE-2026-11681: Use after free in Ozone. Reported by Google.
     - CVE-2026-11682: Insufficient validation of untrusted input in Views.
       Reported by Google.
     - CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-11684: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-11685: Insufficient data validation in MediaCapture.
       Reported by Google.
     - CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11687: Use after free in Dawn. Reported by Google.
     - CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
     - CVE-2026-11689: Insufficient validation of untrusted input in
       Passwords. Reported by Google.
     - CVE-2026-11690: Out of bounds read and write in Media.
       Reported by Google.
     - CVE-2026-11691: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11692: Use after free in Read Anything. Reported by Google.
     - CVE-2026-11693: Inappropriate implementation in Plugins.
       Reported by Google.
     - CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11695: Inappropriate implementation in Passwords.
       Reported by Google.
     - CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
     - CVE-2026-11697: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11700: Use after free in Tracing. Reported by Google.
     - CVE-2026-11701: Insufficient validation of untrusted input in Guest
       View. Reported by Google.
   * d/patches:
     - fixes/arm-logging.patch: add patch to hopefully fix build failure
       on arm*.
     - loongarch64/0024-fix-libyuv-lsx.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
       upstream changes
     - core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
 9f63b013cadd645899575ca2f2aa0b1d28d532e7 5209964 chromium-common-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 02d0251b7b14ccd9e0d3218e0ff7e5ba63987ca3 26259784 chromium-common_149.0.7827.102-1~deb13u1_amd64.deb
 be4481fe29fd063af1a678c67a902f9d2ccd504e 33332044 chromium-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 871c47f85d94256e06b1f60dd613655454a87557 7673284 chromium-driver_149.0.7827.102-1~deb13u1_amd64.deb
 eae6610c672a81d0e8b0200cc10ae650aefd856f 28191744 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 89ca8099738bfc249129c4ddf24861b9f3444b7b 63457528 chromium-headless-shell_149.0.7827.102-1~deb13u1_amd64.deb
 3a3549dfb2d7c74589f1db0e9adfeb30553c7f80 20216 chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 125d3f419acb0c07264fb04f386c73b856db74bc 125228 chromium-sandbox_149.0.7827.102-1~deb13u1_amd64.deb
 6fe54fb10f38f8aa5f17a03e04f5837a66c1d6cc 29819332 chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 44acbbe302b837ef0c96e92141c5980e36bf0163 63077064 chromium-shell_149.0.7827.102-1~deb13u1_amd64.deb
 c9a6d711ab683ef00a8f3975f79f14392e85fca8 30680 chromium_149.0.7827.102-1~deb13u1_amd64-buildd.buildinfo
 8cb3af730c88749200adb5350c046bb48debf1b1 85779296 chromium_149.0.7827.102-1~deb13u1_amd64.deb
Checksums-Sha256:
 c91f0b9d26f33657e5a801bd1c5daa5da893a34e424515c52989c60ce699fb79 5209964 chromium-common-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 06a086bfb2807809787856effceaee6391bcbfe01199adb655713f303e02553d 26259784 chromium-common_149.0.7827.102-1~deb13u1_amd64.deb
 4190264f72d89ec94d4a38ffb7ef4e2affcc48968fb4c09c46615c1229785de7 33332044 chromium-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 b9b199755b771958e875bcc0e661e9bf433a174c9d14daaabe5861d23e6ae495 7673284 chromium-driver_149.0.7827.102-1~deb13u1_amd64.deb
 17e6bc8958e4c80788fcbef5edc5d0ecf06f56b8324bf59da5437cb86dcc7697 28191744 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 2b22fb5b7160bfcd5488f223a6c1474331e515ae7e34db3151f4daa456ef27a2 63457528 chromium-headless-shell_149.0.7827.102-1~deb13u1_amd64.deb
 db16d9f1f2ce5fd1fe42685e308829e1d7c096dee4d608e62b4bd0140f517739 20216 chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 54de47edb0e32ee1b2b462fd71aa6593735abee56e244f39883ecb0f081e5ba9 125228 chromium-sandbox_149.0.7827.102-1~deb13u1_amd64.deb
 46df992d33c3f957c5f2e483aa91026ede5ce4e97c6ce9699e55c0b926e5c849 29819332 chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 91a0d82ae5fdf0dc73004f2c4ecd10fdb583775fa3fd21171c7a58b6f9b98b13 63077064 chromium-shell_149.0.7827.102-1~deb13u1_amd64.deb
 316e1c46c534d2ccd8c56a26601aa8fc68748ceb047241623f30cb4bca477e99 30680 chromium_149.0.7827.102-1~deb13u1_amd64-buildd.buildinfo
 c1e868681978931a741dd93d278f64eeb3e6a4434f03c8b64bd81f73d76544e4 85779296 chromium_149.0.7827.102-1~deb13u1_amd64.deb
Files:
 4d1b0efe2636cdeed0e6ae884197dcf8 5209964 debug optional chromium-common-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 15facb701776364a9dbd73f6f76c133f 26259784 web optional chromium-common_149.0.7827.102-1~deb13u1_amd64.deb
 79ba7173a6784963b9f9e080323968ad 33332044 debug optional chromium-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 d11d7cddd4dede0a6d43605d7b03a25b 7673284 web optional chromium-driver_149.0.7827.102-1~deb13u1_amd64.deb
 9c07375507a34e2a45b9be8dc918be20 28191744 debug optional chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 3abbc840e792a7e5eafa466bd0b99f90 63457528 web optional chromium-headless-shell_149.0.7827.102-1~deb13u1_amd64.deb
 eaad83a8cb6a86f797457a6dbf34eae9 20216 debug optional chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 19ddd0fa3aede093050e58891bf29152 125228 web optional chromium-sandbox_149.0.7827.102-1~deb13u1_amd64.deb
 363ef1d7cd7a8242b2164055397b0ef0 29819332 debug optional chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_amd64.deb
 6a10f0f550e983bfadfc81574f9a110d 63077064 web optional chromium-shell_149.0.7827.102-1~deb13u1_amd64.deb
 6ecf0dc39b2dc6acbb8f238d1b483386 30680 web optional chromium_149.0.7827.102-1~deb13u1_amd64-buildd.buildinfo
 696680d55ac54256b82d442e01107487 85779296 web optional chromium_149.0.7827.102-1~deb13u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmop0D4ACgkQTwt/65ON
6zfz9xAAt4G1F49kMXMIXbhYmD+gEA0HhKCkjQAiNrAeMpSBMjkvx6mmkdaGa5QY
YT597v67bpLUnu9HubMzAepEtIPDuahS095+MvE0DoNlyxKIS8PtLUuXQBEjgjyZ
TZJgZ6NhD4G5O38ydNuxDkOqOXYIh3FTdP+mTFLUsSUl8wHY0yTBsgy05WHvpMou
SPknP237MGMwLQwf9yLZOfKCCo1A9ExrbWT5wAndvbmXhN0BKJTX3ncaVTHP6Ry1
YUBddJIFBcEBmsdfUHaod0kOAN6NIzdVeMA03bWGhJZSfKaNLngZYkx6/elaVwuR
ks9XM0mn4blpf4ZPgglefIMDlaYTaA/Pib+DHB3LOLfnskqiwIGfQe7/HiT5Wo1T
oH9uxYcApmQmyTflFFMn5HTjTRSewnibl5V4cYLwehjIiNKHxIXZLx1uEKnTQ8Fw
dn8XdPKhNzFLgsdyVW6V9DWgB77iRasZbxFqFww/GkXlL1JcuDTxOIgd8btAZW9l
8cE3uQDcT/rxdPsWc/TSS13K5/q1eLwmaLvSTr3/deOTyqOG6zJtSPHwoANWMQ7s
BlqIqpPrcqT7yRIi0GL2whDAsiTotm+T6nsWFGOYvKLl738zxueEiLibPpg7hv3a
VhdSQ/a3m6YH2ULd9mM2ErRoVKzIA0txmaAxalnqoJO5e4WKPpQ=
=dfdS
-----END PGP SIGNATURE-----