-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 May 2026 11:48:56 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: ppc64el
Version: 148.0.7778.215-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-conova-02) <buildd_ppc64el-ppc64el-conova-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (148.0.7778.215-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-9872: Out of bounds write in GPU. Reported by cinzinga.
     - CVE-2026-9873: Use after free in Network. Reported by cinzinga.
     - CVE-2026-9874: Use after free in Dawn. Reported by Anonymous.
     - CVE-2026-9875: Out of bounds read in WebGL. Reported by Anonymous.
     - CVE-2026-9876: Use after free in WebGL. Reported by happy2me.
     - CVE-2026-9877: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9878: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9879: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9880: Insufficient validation of untrusted input in WebGL.
       Reported by Google.
     - CVE-2026-9881: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-9882: Integer overflow in ANGLE. Reported by Google.
     - CVE-2026-9883: Use after free in Base. Reported by Google.
     - CVE-2026-9884: Use after free in Browser. Reported by Google.
     - CVE-2026-9885: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-9886: Use after free in Base. Reported by Google.
     - CVE-2026-9887: Use after free in Proxy. Reported by Google.
     - CVE-2026-9888: Use after free in WebView. Reported by Google.
     - CVE-2026-9889: Out of bounds read and write in Dawn. Reported by Google.
     - CVE-2026-9890: Use after free in XR. Reported by Google.
     - CVE-2026-9891: Use after free in Extensions. Reported by Google.
     - CVE-2026-9892: Inappropriate implementation in Skia. Reported by Google.
     - CVE-2026-9893: Use after free in Skia. Reported by Google.
     - CVE-2026-9894: Use after free in GPU. Reported by tohafrit.
     - CVE-2026-9895: Out of bounds read in GPU.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-9896: Out of bounds write in V8. Reported by 303f06e3.
     - CVE-2026-9897: Use after free in DOM. Reported by Google.
     - CVE-2026-9898: Insufficient validation of untrusted input in GPU.
       Reported by Google.
     - CVE-2026-9899: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9900: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9901: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9902: Use after free in Accessibility. Reported by Google.
     - CVE-2026-9903: Insufficient validation of untrusted input in
       Site Isolation. Reported by Google.
     - CVE-2026-9904: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9905: Use after free in Accessibility. Reported by Google.
     - CVE-2026-9906: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-9907: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-9908: Out of bounds read in ANGLE. Reported by Google.
     - CVE-2026-9909: Integer overflow in Skia. Reported by Google.
     - CVE-2026-9910: Out of bounds memory access in ANGLE. Reported by Google.
     - CVE-2026-9911: Integer overflow in ANGLE. Reported by Google.
     - CVE-2026-9912: Inappropriate implementation in GPU. Reported by Google.
     - CVE-2026-9913: Inappropriate implementation in ANGLE. Reported by Google
     - CVE-2026-9914: Insufficient validation of untrusted input in ANGLE.
       Reported by Google.
     - CVE-2026-9915: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9916: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9917: Uninitialized Use in WebGL. Reported by Google.
     - CVE-2026-9918: Inappropriate implementation in Tint. Reported by Google.
     - CVE-2026-9919: Out of bounds read in WebGL. Reported by Google.
     - CVE-2026-9920: Uninitialized Use in GPU. Reported by Google.
     - CVE-2026-9921: Uninitialized Use in WebGL. Reported by Google.
     - CVE-2026-9922: Use after free in GPU. Reported by Google.
     - CVE-2026-9923: Use after free in Skia. Reported by Google.
     - CVE-2026-9924: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9925: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9926: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9927: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9928: Out of bounds read in ANGLE.
       Reported by Jeff Muizelaar - Mozilla.
     - CVE-2026-9929: Inappropriate implementation in WebGL. Reported by Google
     - CVE-2026-9930: Out of bounds write in Dawn. Reported by Google.
     - CVE-2026-9931: Use after free in GPU. Reported by Google.
     - CVE-2026-9932: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9933: Use after free in Input. Reported by Google.
     - CVE-2026-9934: Use after free in Aura. Reported by Google.
     - CVE-2026-9935: Uninitialized Use in ANGLE. Reported by Google.
     - CVE-2026-9936: Use after free in GFX. Reported by Google.
     - CVE-2026-9937: Use after free in UI. Reported by Google.
     - CVE-2026-9938: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-9939: Heap buffer overflow in WebCodecs. Reported by Google.
     - CVE-2026-9940: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9941: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9942: Uninitialized Use in ANGLE. Reported by Google.
     - CVE-2026-9943: Out of bounds read in WebGL. Reported by Google.
     - CVE-2026-9944: Uninitialized Use in ANGLE. Reported by Google.
     - CVE-2026-9945: Use after free in Media. Reported by Google.
     - CVE-2026-9946: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9947: Use after free in XML. Reported by Google.
     - CVE-2026-9948: Use after free in Views. Reported by Google.
     - CVE-2026-9949: Use after free in Core. Reported by Google.
     - CVE-2026-9950: Insufficient validation of untrusted input in iOS.
       Reported by Google.
     - CVE-2026-9951: Use after free in UI. Reported by Google.
     - CVE-2026-9952: Use after free in WebAudio. Reported by Google.
     - CVE-2026-9953: Out of bounds read in ANGLE. Reported by Google.
     - CVE-2026-9954: Use after free in TabStrip.
       Reported by yueliu of Microsoft.
     - CVE-2026-9955: Inappropriate implementation in iOS. Reported by Google.
     - CVE-2026-9956: Use after free in iOS. Reported by Google.
     - CVE-2026-9957: Use after free in PDF. Reported by Google.
     - CVE-2026-9958: Use after free in PDFium. Reported by Google.
     - CVE-2026-9959: Race in WebRTC. Reported by Google.
     - CVE-2026-9960: Integer overflow in PDFium. Reported by Google.
     - CVE-2026-9961: Use after free in SurfaceCapture. Reported by Google.
     - CVE-2026-9962: Use after free in WebRTC. Reported by Google.
     - CVE-2026-9963: Uninitialized Use in iOS. Reported by Google.
     - CVE-2026-9964: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-9965: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9966: Integer overflow in XML. Reported by Google.
     - CVE-2026-9967: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-9968: Integer overflow in V8. Reported by Google.
     - CVE-2026-9969: Insufficient validation of untrusted input in ANGLE.
       Reported by Google.
     - CVE-2026-9970: Use after free in WebGL. Reported by TFGC.
     - CVE-2026-9971: Inappropriate implementation in iOS. Reported by Google.
     - CVE-2026-9972: Uninitialized Use in Gamepad. Reported by Google.
     - CVE-2026-9973: Out of bounds write in V8. Reported by amyb of OpenAI.
     - CVE-2026-9974: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-9975: Out of bounds read and write in ANGLE. Reported by Google
     - CVE-2026-9976: Inappropriate implementation in USB. Reported by Google.
     - CVE-2026-9977: Insufficient validation of untrusted input in WebShare.
       Reported by Google.
     - CVE-2026-9978: Use after free in Glic. Reported by Google.
     - CVE-2026-9979: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-9980: Insufficient validation of untrusted input in Printing.
       Reported by Google.
     - CVE-2026-9981: Inappropriate implementation in Skia. Reported by Google.
     - CVE-2026-9982: Insufficient validation of untrusted input in ANGLE.
       Reported by Google.
     - CVE-2026-9983: Type Confusion in Skia. Reported by Google.
     - CVE-2026-9984: Use after free in UI. Reported by Google.
     - CVE-2026-9985: Insufficient validation of untrusted input in Media.
       Reported by Google.
     - CVE-2026-9986: Insufficient validation of untrusted input in
       OptimizationGuide. Reported by Google.
     - CVE-2026-9987: Insufficient validation of untrusted input in
       WebAppInstalls. Reported by Google.
     - CVE-2026-9988: Use after free in WebRTC. Reported by Google.
     - CVE-2026-9989: Inappropriate implementation in Media. Reported by Google
     - CVE-2026-9990: Use after free in WebAppInstalls. Reported by Google.
     - CVE-2026-9991: Inappropriate implementation in Media. Reported by Google
     - CVE-2026-9992: Use after free in Network. Reported by Google.
     - CVE-2026-9993: Use after free in Views. Reported by Google.
     - CVE-2026-9994: Use after free in Core. Reported by Google.
     - CVE-2026-9995: Use after free in WebXR. Reported by Google.
     - CVE-2026-9996: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-9997: Use after free in Input. Reported by Google.
     - CVE-2026-9998: Integer overflow in Skia. Reported by Google.
     - CVE-2026-9999: Inappropriate implementation in ANGLE. Reported by Google
     - CVE-2026-10000: Use after free in Passwords. Reported by Google.
     - CVE-2026-10001: Use after free in PerformanceManager. Reported by Google
     - CVE-2026-10002: Use after free in PDFium. Reported by Google.
     - CVE-2026-10003: Use after free in Views. Reported by Google.
     - CVE-2026-10004: Insufficient validation of untrusted input in Passwords.
       Reported by Google.
     - CVE-2026-10005: Use after free in WebAppInstalls. Reported by Google.
     - CVE-2026-10006: Race in WebAudio. Reported by Google.
     - CVE-2026-10007: Use after free in SVG. Reported by Google.
     - CVE-2026-10008: Uninitialized Use in GPU. Reported by Google.
     - CVE-2026-10009: Integer overflow in Skia. Reported by Google.
     - CVE-2026-10010: Inappropriate implementation in Input.
       Reported by Google.
     - CVE-2026-10011: Inappropriate implementation in Skia. Reported by Google
     - CVE-2026-10012: Use after free in Skia. Reported by Google.
     - CVE-2026-10013: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-10014: Use after free in WebMIDI. Reported by Google.
     - CVE-2026-10015: Integer overflow in WTF. Reported by Google.
     - CVE-2026-10016: Use after free in DOM. Reported by pwn2addr.
     - CVE-2026-10017: Out of bounds read in Headless.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-10018: Integer overflow in ANGLE. Reported by Rahul Raj.
     - CVE-2026-10019: Integer overflow in ANGLE.
       Reported by Mufeed VH from Winfunc Research (winfunc.com).
     - CVE-2026-10020: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-10021: Insufficient validation of untrusted input in USB.
       Reported by Google.
     - CVE-2026-10022: Type Confusion in V8. Reported by ggwhyp.
Checksums-Sha1:
 1afebd96d676e96d4f5e0942f054a15501108520 6073632 chromium-common-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 a7e63db927ffceeab06467669c5b8e37a953a4c3 32484660 chromium-common_148.0.7778.215-1~deb12u1_ppc64el.deb
 e55970d47563b408524778d7579e8b7d1e631ffc 32156048 chromium-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 ba15d6989c41c3a97d21bb999bdf39839ab590a0 7791884 chromium-driver_148.0.7778.215-1~deb12u1_ppc64el.deb
 e18db76de11925efd8e1d2495ee562639fe5b704 25498076 chromium-headless-shell-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 63fca76fd49200625c6f9174a1bbd5240e550ba5 56336768 chromium-headless-shell_148.0.7778.215-1~deb12u1_ppc64el.deb
 2bf27aa80ee635e77cd255fbce439ba71be80137 19256 chromium-sandbox-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 00882f6c7cdf53712a5b180e918c24064374fe6a 121292 chromium-sandbox_148.0.7778.215-1~deb12u1_ppc64el.deb
 877ea76f912a54520cd99ec60e157717e2132677 27662560 chromium-shell-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 4705992329280424c69d186f91603369c4fcb0d3 61599484 chromium-shell_148.0.7778.215-1~deb12u1_ppc64el.deb
 796f52da90eafd63236f68e942c0e276bdc60a81 30399 chromium_148.0.7778.215-1~deb12u1_ppc64el-buildd.buildinfo
 be60166cb8c20a455b1e0b29a1426148df0fd9d9 73924248 chromium_148.0.7778.215-1~deb12u1_ppc64el.deb
Checksums-Sha256:
 22c3f7ddcd0de5ab166f8be9bb7344f4ec1fce2f44570e19d2e1fb46dc055f08 6073632 chromium-common-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 d58917a0d9e22ae0ca4d6e9f2b432ec133b7ac0a954932c2c990b48a9b6613b0 32484660 chromium-common_148.0.7778.215-1~deb12u1_ppc64el.deb
 dcda24e12b0d497c560388d6a4f342df82b982cfd5953efe94225a6a580a5657 32156048 chromium-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 03f268c92d8ddb10cf3a8afb6e6c4fe01e02159d56c274b1e1fd894f408dea6b 7791884 chromium-driver_148.0.7778.215-1~deb12u1_ppc64el.deb
 a5defb1fc8ccaafe90a7bc6b7f36bcb754f1b04ec54d0f18d36a361c9c3563c0 25498076 chromium-headless-shell-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 7b0ed70f6112c4ee54a65f6416a213534088b685f938921cabdc03ccda525823 56336768 chromium-headless-shell_148.0.7778.215-1~deb12u1_ppc64el.deb
 2a606a5b724a014aeaaa79ad778759bf365b175ccb3e1f0f1b71e76b1c6fec77 19256 chromium-sandbox-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 fd51595da4cb4614f7543716212098a83d12388a1c83f60dcde388e1a077b3f8 121292 chromium-sandbox_148.0.7778.215-1~deb12u1_ppc64el.deb
 99dc0da98cb0efd55d00d9ffd6d0707d8818a11ae43f4d7eb2e52b5c542886bc 27662560 chromium-shell-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 5670cd812b68db03e5d1b9a80cd27f519ea41908164c9b40a8507f90bb390042 61599484 chromium-shell_148.0.7778.215-1~deb12u1_ppc64el.deb
 1040f4305d81de736ce3b05b8f0c55b5da691364bd5c31ab7e76878aeb88f14d 30399 chromium_148.0.7778.215-1~deb12u1_ppc64el-buildd.buildinfo
 8b6be0d85b79b6ce17913e8722a978b99f6c9f393d1a36a9741f3bb095f5124e 73924248 chromium_148.0.7778.215-1~deb12u1_ppc64el.deb
Files:
 8671d175a796e4280044b79b705b9ff2 6073632 debug optional chromium-common-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 9e0ffa58b3012b205bd0bca466ac081f 32484660 web optional chromium-common_148.0.7778.215-1~deb12u1_ppc64el.deb
 ac6577fd222ca4adb4a7cf737b1cac68 32156048 debug optional chromium-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 4bea22a2a3ea8b2775ffa50ad099f43c 7791884 web optional chromium-driver_148.0.7778.215-1~deb12u1_ppc64el.deb
 f18c3645ec69fe1ff57b27fd63cab034 25498076 debug optional chromium-headless-shell-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 cb8e9d5402860c6a4577398107ec7167 56336768 web optional chromium-headless-shell_148.0.7778.215-1~deb12u1_ppc64el.deb
 bd5ffea9b1ff9fb3365507810406e526 19256 debug optional chromium-sandbox-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 94b7f4c14dd12fce585f554d59f74a07 121292 web optional chromium-sandbox_148.0.7778.215-1~deb12u1_ppc64el.deb
 8fa51c445bf84f4506f70a22498e7582 27662560 debug optional chromium-shell-dbgsym_148.0.7778.215-1~deb12u1_ppc64el.deb
 d3cb7a67555699c5130cb48bc844c595 61599484 web optional chromium-shell_148.0.7778.215-1~deb12u1_ppc64el.deb
 b1109ed81b9369f763d4b1b840790dc4 30399 web optional chromium_148.0.7778.215-1~deb12u1_ppc64el-buildd.buildinfo
 5d392d067c4b7ae55d6ea85179efb892 73924248 web optional chromium_148.0.7778.215-1~deb12u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEySUEQfg5pZeb/U372FRWNm40e2YFAmodfjkACgkQ2FRWNm40
e2bz8A//b48jRZUA8U3IuFFkP0KaUfhkqT93kVkzYkSC6IjABhBRqqYR5dFwxBuq
cesAJltzPsrKliHbZ7ZqZLnK5544b1U6Jmjv8BoldTH76i08w/Ip3BnvL/0F10eQ
sA+U0Yrh2N18OSYBWD6nDJqBTbgL/vsCydV76LzXVy6v+SFOZG4QLj0nwXMyL5zM
Ds2tH+XqvRcjUqogtKN407eNtYRw3eIXQ8VApx72+AoWm4EEu6I8+fTmkhs1jMGX
oj7LlMYkOKpY2Ga6B01mNDhxDsOkTLeMwxmxWahy6sCscOSZ0dDtxHLkntRqSMfd
BiJZ6ZDhsTJTWDxQ84EVInW1PCuhzEc/j3SdWGAHcDAzgEMlbKxbQWh6O7aV3pMT
g+qVQkML9dBM2UxXjNDlthasjN6ZtQ0pEPEJF+dxnruZwbV6CcnyKMndpCfiKYE+
ZiatB4t5x3n600SmFADTn6LZyjq/aN0JbOTwk4HsiGQVhPnUpxQgv5OMb6wJ2vaP
4FSJ59cDuZrPb8lUeZOa9GAl3gsHmhFNJPEuio5pvMzFcoUaKO6x/DYEcYP+tRpN
Kb1ws5jVeQg483tG3lA9BudtsobZGebxWFrzKB+R230oAOOE/sIxboVpT06QknTv
54/NnCq85hJeXU+uoSufUrIutErXHJkF1hsSL5T63EZlq41MKFA=
=4hSU
-----END PGP SIGNATURE-----