-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Apr 2026 04:36:38 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 147.0.7727.137-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Closes: 1052440
Changes:
 chromium (147.0.7727.137-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-7363: Use after free in Canvas. Reported by heapracer.
     - CVE-2026-7361: Use after free in iOS. Reported by Google.
     - CVE-2026-7344: Use after free in Accessibility. Reported by Google.
     - CVE-2026-7343: Use after free in Views. Reported by Google.
     - CVE-2026-7333: Use after free in GPU.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-7360: Insufficient validation of untrusted input in Compositing.
       Reported by Google.
     - CVE-2026-7359: Use after free in ANGLE. Reported by Google.
     - CVE-2026-7358: Use after free in Animation. Reported by Google.
     - CVE-2026-7334: Use after free in Views. Reported by Batuhan Eşref KOÇ.
     - CVE-2026-7357: Use after free in GPU. Reported by Google.
     - CVE-2026-7356: Use after free in Navigation. Reported by Google.
     - CVE-2026-7354: Out of bounds read and write in Angle. Reported by Google.
     - CVE-2026-7353: Heap buffer overflow in Skia. Reported by Google.
     - CVE-2026-7352: Use after free in Media. Reported by Google.
     - CVE-2026-7351: Race in MHTML. Reported by Google.
     - CVE-2026-7350: Use after free in WebMIDI. Reported by Google.
     - CVE-2026-7349: Use after free in Cast. Reported by Google.
     - CVE-2026-7348: Use after free in Codecs. Reported by Google.
     - CVE-2026-7335: Use after free in media.
       Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po).
     - CVE-2026-7336: Use after free in WebRTC. Reported by Mozilla.
     - CVE-2026-7337: Type Confusion in V8. Reported by q@calif.io.
     - CVE-2026-7347: Use after free in Chromoting. Reported by Google.
     - CVE-2026-7346: Inappropriate implementation in Tint. Reported by Google.
     - CVE-2026-7345: Insufficient validation of untrusted input in Feedback.
       Reported by Google.
     - CVE-2026-7338: Use after free in Cast. Reported by Krace.
     - CVE-2026-7342: Use after free in WebView. Reported by Google.
     - CVE-2026-7341: Use after free in WebRTC. Reported by Google.
     - CVE-2026-7339: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-7340: Integer overflow in ANGLE.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-7355: Use after free in Media. Reported by Google.
 .
   [ Jianfeng Liu ]
   * d/patches:
     - upstream/Fix-GL-native-pixmap-import-support-reset-in-GpuInit.patch:
       Fixes upstream issue https://crbug.com/501115509. This issue is
       introduced in v147, and unfortunately the fix won't get into v147. This
       issue affects both vaapi and v4l2 decoding under ozone wayland.
     - fixes/enable-widevine-on-arm64-linux-platform.patch: Enable widevine
       support on arm64. There is no official support for widevine on arm64
       linux while there are libwidevine binaries extracted from chromeos,
       which can work on linux (closes: #1052440).
Checksums-Sha1:
 684f7a246fb54d4badb424b8fd3cd61a8ca52e8e 8824860 chromium-l10n_147.0.7727.137-1~deb13u1_all.deb
 4e1f4968dab40cb985fbea0b5469cdb06fe1f74b 26911 chromium_147.0.7727.137-1~deb13u1_all-buildd.buildinfo
Checksums-Sha256:
 be0d8bbe0cfa0e0de8b936d713571e1536f053dd5d01f92d88583da25960bfdb 8824860 chromium-l10n_147.0.7727.137-1~deb13u1_all.deb
 39c35216fa4d0b2c0a96081a6d684ebe00b7741775cfb822045f82aaae3c8094 26911 chromium_147.0.7727.137-1~deb13u1_all-buildd.buildinfo
Files:
 abdd7cf436475a2a5d5d1fe3587bb73b 8824860 localization optional chromium-l10n_147.0.7727.137-1~deb13u1_all.deb
 2d93aa7dcfabcbea81da0b601d25c2ed 26911 web optional chromium_147.0.7727.137-1~deb13u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmnz/X8ACgkQmgPNRvTf
/zdj4A//YNIiB2zjsO5K/zgMi3r0cj7dj1V5rPpI65iZCqRA7gCBsW3f5OxTF0ZE
e+Gt4whVE45HQeIIh55fgvM5MDxB2oV6C5E8AyHnWMKo0/gdgfMEi9SGnAka9kFu
cwsfRnI2ytz5Ss/oLzdGqvrgwW/I1mqqfxjAMzzvsfhySEaMzfBB0OqTvHxzY6sn
jvMyN5FetdsiDpvnK75PYKugmSEpLMIV0gf5hjJcm0TpIurroud1Td2wk8rNCpLl
idLND8L0g+gXJl3RR+7BV1xl1+72mvGh/fCYxCjzqbAnfxc8JU/x4++LcfDloFdJ
9WGvaBqGCZTS7aIsef+hEmJL5DeZBfbMrMGWifCzg2fe6YT5qclqfmQJkdAT4Jez
kcERUog/i7ktHGKci4sBD6526ceFFKB46D9Et4GNiU2eOCRuvbPkJlNSGENFiiyU
09xKA4EpwX9G7TJMm3pjn64jhqIKfj+UlnE07QqVJmJsFA76xSWnQlmDJmXk179v
scWzRh9+haJ1bSQvoqU/NnLzN/VDWPBX6uxp7579/a9aKMxOl1rSgjrVnKVeKrrR
IkmXgfcjTd65mo/Sc0BCoaQw0AKN9hZ5gqziVaU/GxwCXSe3CuUBIwEA1Olw6D5f
U+3J05bX8ROQFLL0usMwoaqygSSbapMzU8377XGsfo73vWlxZ+A=
=rAPv
-----END PGP SIGNATURE-----