-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 149.0.7827.102-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (149.0.7827.102-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-11628: Use after free in Ozone. Reported by Google.
     - CVE-2026-11629: Use after free in Ozone. Reported by Google.
     - CVE-2026-11630: Use after free in File Input. Reported by Google.
     - CVE-2026-11631: Use after free in Aura. Reported by Google.
     - CVE-2026-11632: Use after free in TabStrip. Reported by Google.
     - CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11634: Use after free in Gamepad. Reported by Google.
     - CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11636: Use after free in Autofill. Reported by Google.
     - CVE-2026-11637: Use after free in Views. Reported by Google.
     - CVE-2026-11638: Use after free in Printing. Reported by Google.
     - CVE-2026-11639: Use after free in Compositing. Reported by Google.
     - CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11642: Use after free in Web Apps. Reported by Google.
     - CVE-2026-11643: Use after free in Proxy. Reported by Google.
     - CVE-2026-11644: Use after free in Views. Reported by Google.
     - CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
     - CVE-2026-11646: Use after free in ViewTransitions.
       Reported by Quac Tran.
     - CVE-2026-11647: Use after free in Printing. Reported by Google.
     - CVE-2026-11648: Use after free in FullScreen.
       Reported by Mihnea Nicolau.
     - CVE-2026-11649: Use after free in V8. Reported by Google.
     - CVE-2026-11650: Use after free in V8. Reported by Google.
     - CVE-2026-11651: Use after free in Network. Reported by Google.
     - CVE-2026-11652: Use after free in Extensions. Reported by Google.
     - CVE-2026-11653: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
     - CVE-2026-11655: Integer overflow in Media. Reported by Google.
     - CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11657: Use after free in Payments. Reported by Google.
     - CVE-2026-11658: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11659: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11660: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11661: Use after free in Views. Reported by Google.
     - CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
     - CVE-2026-11663: Use after free in Skia. Reported by Google.
     - CVE-2026-11664: Use after free in Payments. Reported by Google.
     - CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-11666: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
     - CVE-2026-11669: Integer overflow in Media. Reported by Google.
     - CVE-2026-11670: Use after free in PDF. Reported by Google.
     - CVE-2026-11671: Use after free in Navigation. Reported by Google.
     - CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
     - CVE-2026-11674: Use after free in Guest View. Reported by Google.
     - CVE-2026-11675: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11677: Race in Network. Reported by Google.
     - CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11679: Use after free in Codecs. Reported by Google.
     - CVE-2026-11680: Use after free in Media. Reported by Google.
     - CVE-2026-11681: Use after free in Ozone. Reported by Google.
     - CVE-2026-11682: Insufficient validation of untrusted input in Views.
       Reported by Google.
     - CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-11684: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-11685: Insufficient data validation in MediaCapture.
       Reported by Google.
     - CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11687: Use after free in Dawn. Reported by Google.
     - CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
     - CVE-2026-11689: Insufficient validation of untrusted input in
       Passwords. Reported by Google.
     - CVE-2026-11690: Out of bounds read and write in Media.
       Reported by Google.
     - CVE-2026-11691: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11692: Use after free in Read Anything. Reported by Google.
     - CVE-2026-11693: Inappropriate implementation in Plugins.
       Reported by Google.
     - CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11695: Inappropriate implementation in Passwords.
       Reported by Google.
     - CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
     - CVE-2026-11697: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11700: Use after free in Tracing. Reported by Google.
     - CVE-2026-11701: Insufficient validation of untrusted input in Guest
       View. Reported by Google.
   * d/patches:
     - fixes/arm-logging.patch: add patch to hopefully fix build failure
       on arm*.
     - loongarch64/0024-fix-libyuv-lsx.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
       upstream changes
     - core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
 42ec99c57d34fca9c102cb79e760e4d5a530236c 5319900 chromium-common-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 310f2184d194f32354fab52b93970b2e5e0dcb8d 26224192 chromium-common_149.0.7827.102-1~deb13u1_i386.deb
 5a826d346cf44fd1cfc420566be8144b93adf13c 36219828 chromium-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 d9ae3996b9d0dbebb619047c7d0b1372970553e7 8113388 chromium-driver_149.0.7827.102-1~deb13u1_i386.deb
 a23f5d8cdaab6b6c152bcb63a5b36d0776932701 29803176 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 50732ffa74cfcec5200ba0b328cef08021fc1f28 59801572 chromium-headless-shell_149.0.7827.102-1~deb13u1_i386.deb
 a53ded9a790168763c527f10ce95d4f9aceb3658 18980 chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 b5636cbb36bc6bc7b90990f4cbe376efc6c4feb1 125100 chromium-sandbox_149.0.7827.102-1~deb13u1_i386.deb
 bb3c19859de5a7f83503e0695046d3cedd1b3140 32723848 chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 15af890259c7bf9b9e03d6fe75bd32ee3ef424e3 65557484 chromium-shell_149.0.7827.102-1~deb13u1_i386.deb
 734fe0f38360ed2dda69a56600ccdeaa446b45c3 30602 chromium_149.0.7827.102-1~deb13u1_i386-buildd.buildinfo
 60ff8bc3488350dbf752717f77c15b8131e94d84 78084560 chromium_149.0.7827.102-1~deb13u1_i386.deb
Checksums-Sha256:
 b86c1094aa1798b63f3c520533afa26725897f2efaffaabd6b5fd006aecbbc3a 5319900 chromium-common-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 fa9b71f400d644afae51c98b37715e78cfe2728dc1d212a506528a1bc4ed047e 26224192 chromium-common_149.0.7827.102-1~deb13u1_i386.deb
 a3047329a733bfaf098ed0d7c80a0b86a7b0b7bc5abc0906f2deaaa6470159d6 36219828 chromium-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 92d53972cd2ea39aac00b12c85571fdc949012cc27cd27195e522be16148997f 8113388 chromium-driver_149.0.7827.102-1~deb13u1_i386.deb
 c8c927d6437f170532a991a8e58ce7b7442a60bdc69e8ec3c275967f232a18bd 29803176 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 36b30fb1025a15edc8a9d0f188f277d6c83b126869560c42a6cddf6fbe4187b2 59801572 chromium-headless-shell_149.0.7827.102-1~deb13u1_i386.deb
 86dbfbf6a4fea6a42009ca5d7e6315583e80b0bc7c9bebe41e9e7178ead9b217 18980 chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 c9a889cc3a77d4186ebc8d2a8eb83469b3b3807f26577516fbe6bee1318e367f 125100 chromium-sandbox_149.0.7827.102-1~deb13u1_i386.deb
 68194f8afc07cb8d33d7fb26e9498a7995aa974015c95d02d591dabcd4812fea 32723848 chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 1916c6a7ac4c0c3059dc9495ff91642d1e12af99aabd14b649aca6083867b422 65557484 chromium-shell_149.0.7827.102-1~deb13u1_i386.deb
 998a39926a18d0d8ae22e0b84423281ca6733a0658910948a921eb6f4ad3f176 30602 chromium_149.0.7827.102-1~deb13u1_i386-buildd.buildinfo
 f24e5589c8e790f9583f17056eff9492171242502bb8491c696d235a4499cbfe 78084560 chromium_149.0.7827.102-1~deb13u1_i386.deb
Files:
 974bf4830232046c4f3c55da45203af9 5319900 debug optional chromium-common-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 6b7461528d5e34d11aead11806ca9b79 26224192 web optional chromium-common_149.0.7827.102-1~deb13u1_i386.deb
 1136f7827f4d8e50d988919633d735f3 36219828 debug optional chromium-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 6bfefbb5bb52f530d7371c246495e33c 8113388 web optional chromium-driver_149.0.7827.102-1~deb13u1_i386.deb
 59c7b9ba49c828beb6f8f1b324c4cd40 29803176 debug optional chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 7561f7b8af8bfd9470aa2cdab8952d9f 59801572 web optional chromium-headless-shell_149.0.7827.102-1~deb13u1_i386.deb
 46c7665b70ac588b9117433ee4cc9c86 18980 debug optional chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 1287b806d546cb9e19c0af9b2090764f 125100 web optional chromium-sandbox_149.0.7827.102-1~deb13u1_i386.deb
 becebf812fb00f1b006177989748ae1b 32723848 debug optional chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_i386.deb
 9b301cceb9b49e61e26a43362aad3b65 65557484 web optional chromium-shell_149.0.7827.102-1~deb13u1_i386.deb
 40a92fe5153c2998070c64749f5b05ed 30602 web optional chromium_149.0.7827.102-1~deb13u1_i386-buildd.buildinfo
 faaddebd82d8ed88987995ab3bfcab78 78084560 web optional chromium_149.0.7827.102-1~deb13u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmop0TMACgkQGNGWmfrq
ILHfHA/+NJFLuuqrl5PyUmCU4kcRQTT87t+qpoQ0hIKgE1R056x/zDAKDGcfA4DM
y/j0CwXllKZRtnFly6m8ENIAAO0X59PeJEcWDqLSjQjDImrbKfmngcwS+FGV92HK
NrojGKr/fQQROAQR1z+nTYCxxxJr8zikIKkCDYVK5Lo+hSESXUUhUd0RRqVUJVMH
symvwFU+DD+d/OoB1fZkabVHRq6DFL3bhvX0v08dJemDmDggklVlAQK1gGfzcZ8U
AiXboFaf7sqg4z+M/u8Mj6rqqKdd4eHcYAll2YoAHAlz8AWH6NktV9bFZJNkWu5N
EqzSXx51QVSdXsVTybQnCT2Fo9ufJ6sakJAOvyEHt1BaA3d12s0gQiDbo99+Vjtb
KwvFpYvFfLDNtIEEoSQxzYrFyvhQ5W+kzmaN8Rq0So3Sw4+VkqaYtMBBGqCtpQrn
Sz+qC+OzOIhMNxNKqZK2YA/Vq2rpIDE0tP0Q+cSWNXpl0vQzUs7nLqG+SLoqA8CZ
xDUk1E9iIFgutZoYzOjCjoTQJ+yEhyBHAicoawuQcg8OqiZzjDXBl70JzRoWBfqX
BiBDVTxvaPPEOTuopJpxmX61/dy1IwP2K0ll5zEit11unbZbq+Ce6yn3HnoIYZWx
VVcTrC6s1ru0PggXywOeNYL6e7+hQIYZ4SAXi611eykpdyKmJGg=
=V1Ur
-----END PGP SIGNATURE-----