-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 149.0.7827.102-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (149.0.7827.102-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-11628: Use after free in Ozone. Reported by Google.
     - CVE-2026-11629: Use after free in Ozone. Reported by Google.
     - CVE-2026-11630: Use after free in File Input. Reported by Google.
     - CVE-2026-11631: Use after free in Aura. Reported by Google.
     - CVE-2026-11632: Use after free in TabStrip. Reported by Google.
     - CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11634: Use after free in Gamepad. Reported by Google.
     - CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11636: Use after free in Autofill. Reported by Google.
     - CVE-2026-11637: Use after free in Views. Reported by Google.
     - CVE-2026-11638: Use after free in Printing. Reported by Google.
     - CVE-2026-11639: Use after free in Compositing. Reported by Google.
     - CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11642: Use after free in Web Apps. Reported by Google.
     - CVE-2026-11643: Use after free in Proxy. Reported by Google.
     - CVE-2026-11644: Use after free in Views. Reported by Google.
     - CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
     - CVE-2026-11646: Use after free in ViewTransitions.
       Reported by Quac Tran.
     - CVE-2026-11647: Use after free in Printing. Reported by Google.
     - CVE-2026-11648: Use after free in FullScreen.
       Reported by Mihnea Nicolau.
     - CVE-2026-11649: Use after free in V8. Reported by Google.
     - CVE-2026-11650: Use after free in V8. Reported by Google.
     - CVE-2026-11651: Use after free in Network. Reported by Google.
     - CVE-2026-11652: Use after free in Extensions. Reported by Google.
     - CVE-2026-11653: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
     - CVE-2026-11655: Integer overflow in Media. Reported by Google.
     - CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11657: Use after free in Payments. Reported by Google.
     - CVE-2026-11658: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11659: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11660: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11661: Use after free in Views. Reported by Google.
     - CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
     - CVE-2026-11663: Use after free in Skia. Reported by Google.
     - CVE-2026-11664: Use after free in Payments. Reported by Google.
     - CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-11666: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
     - CVE-2026-11669: Integer overflow in Media. Reported by Google.
     - CVE-2026-11670: Use after free in PDF. Reported by Google.
     - CVE-2026-11671: Use after free in Navigation. Reported by Google.
     - CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
     - CVE-2026-11674: Use after free in Guest View. Reported by Google.
     - CVE-2026-11675: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11677: Race in Network. Reported by Google.
     - CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11679: Use after free in Codecs. Reported by Google.
     - CVE-2026-11680: Use after free in Media. Reported by Google.
     - CVE-2026-11681: Use after free in Ozone. Reported by Google.
     - CVE-2026-11682: Insufficient validation of untrusted input in Views.
       Reported by Google.
     - CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-11684: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-11685: Insufficient data validation in MediaCapture.
       Reported by Google.
     - CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11687: Use after free in Dawn. Reported by Google.
     - CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
     - CVE-2026-11689: Insufficient validation of untrusted input in
       Passwords. Reported by Google.
     - CVE-2026-11690: Out of bounds read and write in Media.
       Reported by Google.
     - CVE-2026-11691: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11692: Use after free in Read Anything. Reported by Google.
     - CVE-2026-11693: Inappropriate implementation in Plugins.
       Reported by Google.
     - CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11695: Inappropriate implementation in Passwords.
       Reported by Google.
     - CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
     - CVE-2026-11697: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11700: Use after free in Tracing. Reported by Google.
     - CVE-2026-11701: Insufficient validation of untrusted input in Guest
       View. Reported by Google.
   * d/patches:
     - fixes/arm-logging.patch: add patch to hopefully fix build failure
       on arm*.
     - loongarch64/0024-fix-libyuv-lsx.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
       upstream changes
     - core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
 2ffa41b0a1e7be160eab62f0f405a3c4db21adfd 5491492 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 47747cd6ddde60ce52b9dd25d0de915f7b78143e 26270084 chromium-common_149.0.7827.102-1~deb12u1_amd64.deb
 9b91809c348e505105b4d26cc88e916b13362412 35983640 chromium-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 cfb539a46e274a017f226b8be91db48fa58d5886 7742476 chromium-driver_149.0.7827.102-1~deb12u1_amd64.deb
 2707c9bb0a7e7cd39e6cc2f24b705da2a94cf59f 29605620 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 bfa5796296fbe4b4615552d61afae966180d55d1 58166964 chromium-headless-shell_149.0.7827.102-1~deb12u1_amd64.deb
 0e7d7d7682431c25c833a2696a846e2295c15707 19284 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 8fc1a6c3ddf510e620c5c9c5c29a088ab45fbfb5 127444 chromium-sandbox_149.0.7827.102-1~deb12u1_amd64.deb
 b41f057ba0d326a18d5e8ba87c1312eca8fc2b9a 32539404 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 afe21d095686b205ad93d5685ae0aa0c7dfd5f7e 63810672 chromium-shell_149.0.7827.102-1~deb12u1_amd64.deb
 49e973ca2a62030d845b99b49578f10152c70ca8 30488 chromium_149.0.7827.102-1~deb12u1_amd64-buildd.buildinfo
 a0e30cbd7c90ab83daa478eb4edbf35b2ea16938 75540856 chromium_149.0.7827.102-1~deb12u1_amd64.deb
Checksums-Sha256:
 0d4b5e6298b4c6ca2e1cb0be377b349f9ffb9a50c9878e67be6c63ffb14445e2 5491492 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 5a84c77c62d1d14b58494d9509f9cd4a459bd94483e8ec7e9a6a2df0de2a208e 26270084 chromium-common_149.0.7827.102-1~deb12u1_amd64.deb
 25ea6d0207a63dd489226ddb48a4a4077aafa5d4a63ccbcf47d8a0691ba3b98a 35983640 chromium-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 c4cd6909e00ee95222ec4d9312089389112d699b275ccf18de3cc5b7345e42e9 7742476 chromium-driver_149.0.7827.102-1~deb12u1_amd64.deb
 1cfa2dbb348b1394d44d714907bead7cdd774615407cece29f33685c5da51d5a 29605620 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 6ba3ba8ed2b93b8d233680e74e260a83b95cce2ab6de62755ecafa8ef182e518 58166964 chromium-headless-shell_149.0.7827.102-1~deb12u1_amd64.deb
 38bbdf04dceeb79cef544d823e5955df81ed45abe05d2d1ad7fc2e558409ca8a 19284 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 1abe6a5f86264c6f2c452a145853b2f368acb486a3928b4c90b78ab6abf01a71 127444 chromium-sandbox_149.0.7827.102-1~deb12u1_amd64.deb
 fcde84e9bb5395d7503ee4ecffaba766f21df827b03fe1b246890478eddb6644 32539404 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 f0c4ea80258dd7b99652c0b0af82d532cc36ead1251879280dafe73043146d2d 63810672 chromium-shell_149.0.7827.102-1~deb12u1_amd64.deb
 cd662af9cb851f31def4fdc2dd8376b8c2b135706a70c41737e42d9ba6e906a9 30488 chromium_149.0.7827.102-1~deb12u1_amd64-buildd.buildinfo
 af3ef19b5f8afc1e4f1394d6f7188d84841f4f2f02395b040009a82cf3ada5c6 75540856 chromium_149.0.7827.102-1~deb12u1_amd64.deb
Files:
 6a15fef96f22380555496fea54a8e7e8 5491492 debug optional chromium-common-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 2d654dad7fd0a83e9207803d7c558124 26270084 web optional chromium-common_149.0.7827.102-1~deb12u1_amd64.deb
 cff0f13ecd81d372901a227d650bbf3b 35983640 debug optional chromium-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 a64564404e4350f8d2670001e0e17312 7742476 web optional chromium-driver_149.0.7827.102-1~deb12u1_amd64.deb
 236b32235151c11637ccc064a4a91333 29605620 debug optional chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 feb6ed07444cc4664f3e35e27f6afcfe 58166964 web optional chromium-headless-shell_149.0.7827.102-1~deb12u1_amd64.deb
 39c18d3aa266784a100cc6e0eabdad54 19284 debug optional chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 290063c3e5ffaeb138a5144b6ff6cacc 127444 web optional chromium-sandbox_149.0.7827.102-1~deb12u1_amd64.deb
 7d77d05bafbc0e69dc189812c529a18d 32539404 debug optional chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_amd64.deb
 e067e2c3e49815fc5bb9e83e0a33b0df 63810672 web optional chromium-shell_149.0.7827.102-1~deb12u1_amd64.deb
 570c1fb17bd23a2b40cddc18435b53ea 30488 web optional chromium_149.0.7827.102-1~deb12u1_amd64-buildd.buildinfo
 a72b4d89e89eb74cee062f7184146595 75540856 web optional chromium_149.0.7827.102-1~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmopfgYACgkQPkCWRKsh
20csgQ/+N9mXc9kCIhrjoJnNAUu5WQGLKzWM+qb2rfIlhwrQfIenieVC/z7jSCjm
Yy1VTDol8m2SYxXaidn4qJHfQc5WXpXaTLGHOZqXxaZxk29L5X+59nFpQ4GlMIPv
po4YDH6HaKKb2bfCO2AGwl0YsEHby98ldD5GVAAf/kwbc0eosrjEXcEWtnfSJxq7
39NIe0cP89jBEcI9XLSFsclFON3WsZuqU6IsIPTQS09SdjXq6RuCzHSDtPTNs7Fl
ljwmeHiztjrAtIKpwdS4+ViPXD0dlZ6rv4uuu5MItcRf3Vg8iH5wuqJcy6pOfmn4
keHsD4EmlVRvDr+/1NmfzLZj3zn/jxkVRyMfBTqZDD66Esei4BRRizqzNYhvct4+
IrJf01Jfg6/kx9l3XqP1Fc3RYQbEoOxGJ7PdMunU3020pybUUFT+Y/Jg0F3ch6RR
tsk2fqDh2infSUXDgvp2aNFDCRvbUEpp0cqvAGzIJ++BjnM0oqfP+CL+qur2Yt1J
12wXgRiBuUhimevOmvvxf2Kbgc3QhXRrMWdewRieCjMODukmZXlV4uygahWidS5X
bsS9hNTW+AMFxADnxxdnFyNgyl3NIhKnpmPw+gqR4EZX4TYpU8HE07qfuq4M5Asv
ATGtyZybEiUieKSrz2F9bjec9RHKd7P54aEZg1XZahKxCTUva+k=
=eQ/R
-----END PGP SIGNATURE-----