-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Apr 2026 04:36:38 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 147.0.7727.137-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-05) <buildd_arm64-arm-ubc-05@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1052440
Changes:
 chromium (147.0.7727.137-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-7363: Use after free in Canvas. Reported by heapracer.
     - CVE-2026-7361: Use after free in iOS. Reported by Google.
     - CVE-2026-7344: Use after free in Accessibility. Reported by Google.
     - CVE-2026-7343: Use after free in Views. Reported by Google.
     - CVE-2026-7333: Use after free in GPU.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-7360: Insufficient validation of untrusted input in Compositing.
       Reported by Google.
     - CVE-2026-7359: Use after free in ANGLE. Reported by Google.
     - CVE-2026-7358: Use after free in Animation. Reported by Google.
     - CVE-2026-7334: Use after free in Views. Reported by Batuhan Eşref KOÇ.
     - CVE-2026-7357: Use after free in GPU. Reported by Google.
     - CVE-2026-7356: Use after free in Navigation. Reported by Google.
     - CVE-2026-7354: Out of bounds read and write in Angle. Reported by Google.
     - CVE-2026-7353: Heap buffer overflow in Skia. Reported by Google.
     - CVE-2026-7352: Use after free in Media. Reported by Google.
     - CVE-2026-7351: Race in MHTML. Reported by Google.
     - CVE-2026-7350: Use after free in WebMIDI. Reported by Google.
     - CVE-2026-7349: Use after free in Cast. Reported by Google.
     - CVE-2026-7348: Use after free in Codecs. Reported by Google.
     - CVE-2026-7335: Use after free in media.
       Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po).
     - CVE-2026-7336: Use after free in WebRTC. Reported by Mozilla.
     - CVE-2026-7337: Type Confusion in V8. Reported by q@calif.io.
     - CVE-2026-7347: Use after free in Chromoting. Reported by Google.
     - CVE-2026-7346: Inappropriate implementation in Tint. Reported by Google.
     - CVE-2026-7345: Insufficient validation of untrusted input in Feedback.
       Reported by Google.
     - CVE-2026-7338: Use after free in Cast. Reported by Krace.
     - CVE-2026-7342: Use after free in WebView. Reported by Google.
     - CVE-2026-7341: Use after free in WebRTC. Reported by Google.
     - CVE-2026-7339: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-7340: Integer overflow in ANGLE.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-7355: Use after free in Media. Reported by Google.
 .
   [ Jianfeng Liu ]
   * d/patches:
     - upstream/Fix-GL-native-pixmap-import-support-reset-in-GpuInit.patch:
       Fixes upstream issue https://crbug.com/501115509. This issue is
       introduced in v147, and unfortunately the fix won't get into v147. This
       issue affects both vaapi and v4l2 decoding under ozone wayland.
     - fixes/enable-widevine-on-arm64-linux-platform.patch: Enable widevine
       support on arm64. There is no official support for widevine on arm64
       linux while there are libwidevine binaries extracted from chromeos,
       which can work on linux (closes: #1052440).
Checksums-Sha1:
 166bd51709db40e82f25b73f241ea08f96e33ce8 5740084 chromium-common-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 eec8a92536a8c27430df2c1b713bc04afa766433 25114812 chromium-common_147.0.7727.137-1~deb13u1_armhf.deb
 79139a56c142f5d0d856315cc217f005f4310f37 35247412 chromium-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 4ded9443973d2c0b4cfa36e61c989f3c4fdd1161 7163320 chromium-driver_147.0.7727.137-1~deb13u1_armhf.deb
 b887e64f789a95371d1d76bca6d9f1831e7494c3 27494872 chromium-headless-shell-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 f55285bce0af7b3f491ea5df777f9b0d63a0bf7b 53950192 chromium-headless-shell_147.0.7727.137-1~deb13u1_armhf.deb
 265878f138359096198354c51f55e7b87f6b8c82 19268 chromium-sandbox-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 d347f792e9da2a8d88595efcf3fee4243d8f0bcb 114332 chromium-sandbox_147.0.7727.137-1~deb13u1_armhf.deb
 fdd5169244cb13f063f92e8cdd401bbf963f8273 29822976 chromium-shell-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 6979713d95582a2fe9ef5b7db0ffb704995c6632 58997936 chromium-shell_147.0.7727.137-1~deb13u1_armhf.deb
 9ef97d10ad0e9bdb870c5d5697ffd2ca28ce54cd 30312 chromium_147.0.7727.137-1~deb13u1_armhf-buildd.buildinfo
 462f7d791a65330d8a3e2deae1334563f718971f 70760776 chromium_147.0.7727.137-1~deb13u1_armhf.deb
Checksums-Sha256:
 48a179fd69de4f7a02ad11a23b7aff991022361b4793391f9c2646ae5b31e65a 5740084 chromium-common-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 a9d41fd2b9ade0dfbd7f046f1b486a03ba54b7d9d9efdc48a8352ec4a4526c92 25114812 chromium-common_147.0.7727.137-1~deb13u1_armhf.deb
 7f5824c1067f2882ed9ac2dcb99ec965a444f2cad2e265e225ce5b2cbe419c4e 35247412 chromium-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 da34272c9fc8eab2913fffff7f6b25b5f318528aa4a73c924444bcd5e669659d 7163320 chromium-driver_147.0.7727.137-1~deb13u1_armhf.deb
 bfd64b76f3741a4c54d614f8105a2e7b4088956159009b784b994c0fe20d0cb4 27494872 chromium-headless-shell-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 3c32aed96b60826a0d4ce728663b32bb753ef359522c9558f0ec81a56e7d8154 53950192 chromium-headless-shell_147.0.7727.137-1~deb13u1_armhf.deb
 d04ac9f2b73be6284a011ff232763abb86469e3ace0f3e993869df2c0cffc221 19268 chromium-sandbox-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 ede783f858b2c6fe7e5e8e5df4f454a1266776d428e898cd77279a7901871030 114332 chromium-sandbox_147.0.7727.137-1~deb13u1_armhf.deb
 b510a62bb10fe7c36e2fd861180d66680ecb36dba5e7bf93e5b3e236325f6191 29822976 chromium-shell-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 0f95edfff5587f7301308f3ae5222f2d33cfc4761d0e4b9ab4fa63d580826354 58997936 chromium-shell_147.0.7727.137-1~deb13u1_armhf.deb
 a430099267c27548fa304db3b9ac844c213a730a7a3bf38d443355fee6af4d5d 30312 chromium_147.0.7727.137-1~deb13u1_armhf-buildd.buildinfo
 4acc5d44e1baf36a65852ee9777a7c1dae6ea18c9607fdcfa0d22a83a4ed32b0 70760776 chromium_147.0.7727.137-1~deb13u1_armhf.deb
Files:
 bbbbac225efd4a80da113fbce010039f 5740084 debug optional chromium-common-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 1b09202046c7ccdb60c796651ef1b819 25114812 web optional chromium-common_147.0.7727.137-1~deb13u1_armhf.deb
 2c13d556b93f124957c846670e7b6808 35247412 debug optional chromium-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 ea767c16250ba8924719e38ebdfea7d4 7163320 web optional chromium-driver_147.0.7727.137-1~deb13u1_armhf.deb
 863df9c29a2a1cdb52d8542cd9ee9e46 27494872 debug optional chromium-headless-shell-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 7210a16bd09ec60db0094160782dfd2c 53950192 web optional chromium-headless-shell_147.0.7727.137-1~deb13u1_armhf.deb
 4bde314ef9fa1d5f1c220afe313f6e5e 19268 debug optional chromium-sandbox-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 5b2eb4ddf060bbc433012fdd2de34879 114332 web optional chromium-sandbox_147.0.7727.137-1~deb13u1_armhf.deb
 983662f901ade00e2b5df1e024946567 29822976 debug optional chromium-shell-dbgsym_147.0.7727.137-1~deb13u1_armhf.deb
 9c90a970dbe8b29c0745f659d981bcf2 58997936 web optional chromium-shell_147.0.7727.137-1~deb13u1_armhf.deb
 42d8d19bc7891102e728a29bbd915776 30312 web optional chromium_147.0.7727.137-1~deb13u1_armhf-buildd.buildinfo
 08f2b43e51ba8f104ba98707c0cf60f0 70760776 web optional chromium_147.0.7727.137-1~deb13u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAmn0VKkACgkQLRECdjCZ
QkdnmxAAqESL2m4/FvUx9/lkm8FU1SLHsKlYCXAkhojLGoa6vx0f6kqo8Owa8Sjd
rS2PQWurxbpatt9aELpcNR+nPPCDuBtPGLnY0CBwyf0ppNDrjsKu636sKbQ9pxOg
DK+a91WbzkgwuuPkZK+5fyZBvfH/6W9kYGEnzz+/6tSo5aJxeoI1z+DD/YobLWb0
eeEXQABQ5mKNwxRwtk6NeTPTHg0Qjpx4nJZq0PBrI7kX67/FSwXWfLzI6W2hzW8Y
4Vz7D4MVn67n/qR6JiPQczJn9m9aPk3/lA8iOKhY78T0HeX7TCfySB1lKUWZmQS7
iGQiS1oSVQ+mGa1EXpWytjn0N4sYoTRDKT46MTFyVM88enqtLEI/f97nlxqhIFVy
RhJxYa+xRELp/h7qk//SCnTXR7/gwO7W8ZWF+h1Jlbjrpo9ZO+4MIVGKK91/mDGw
kfUWWC4NXN4b3Qy72IFBt3e6ZiZA0oFYewUCbjjQwpYxWPgEGYqHMykBaxN2E143
JjAoJ+lV0arBYEYs+By3rfA9DQRDGf/pkum+ujTcIxxv+Mixx4EYrO4UjTP4/ywR
VQ/p0wJM8iT359fYnHxdnRPerzbd64k6lIQzQoXgt1wqxKnwI/qkghmL3pg6C8O9
4rCTYYk+7bo44l/2Iuxa8af7WttciHH4jsK0farzNERWpy5S2JI=
=qAhG
-----END PGP SIGNATURE-----