-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 149.0.7827.102-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: armhf Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (149.0.7827.102-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-11628: Use after free in Ozone. Reported by Google.
     - CVE-2026-11629: Use after free in Ozone. Reported by Google.
     - CVE-2026-11630: Use after free in File Input. Reported by Google.
     - CVE-2026-11631: Use after free in Aura. Reported by Google.
     - CVE-2026-11632: Use after free in TabStrip. Reported by Google.
     - CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11634: Use after free in Gamepad. Reported by Google.
     - CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11636: Use after free in Autofill. Reported by Google.
     - CVE-2026-11637: Use after free in Views. Reported by Google.
     - CVE-2026-11638: Use after free in Printing. Reported by Google.
     - CVE-2026-11639: Use after free in Compositing. Reported by Google.
     - CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11642: Use after free in Web Apps. Reported by Google.
     - CVE-2026-11643: Use after free in Proxy. Reported by Google.
     - CVE-2026-11644: Use after free in Views. Reported by Google.
     - CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
     - CVE-2026-11646: Use after free in ViewTransitions.
       Reported by Quac Tran.
     - CVE-2026-11647: Use after free in Printing. Reported by Google.
     - CVE-2026-11648: Use after free in FullScreen.
       Reported by Mihnea Nicolau.
     - CVE-2026-11649: Use after free in V8. Reported by Google.
     - CVE-2026-11650: Use after free in V8. Reported by Google.
     - CVE-2026-11651: Use after free in Network. Reported by Google.
     - CVE-2026-11652: Use after free in Extensions. Reported by Google.
     - CVE-2026-11653: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
     - CVE-2026-11655: Integer overflow in Media. Reported by Google.
     - CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11657: Use after free in Payments. Reported by Google.
     - CVE-2026-11658: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11659: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11660: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11661: Use after free in Views. Reported by Google.
     - CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
     - CVE-2026-11663: Use after free in Skia. Reported by Google.
     - CVE-2026-11664: Use after free in Payments. Reported by Google.
     - CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-11666: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
     - CVE-2026-11669: Integer overflow in Media. Reported by Google.
     - CVE-2026-11670: Use after free in PDF. Reported by Google.
     - CVE-2026-11671: Use after free in Navigation. Reported by Google.
     - CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
     - CVE-2026-11674: Use after free in Guest View. Reported by Google.
     - CVE-2026-11675: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11677: Race in Network. Reported by Google.
     - CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11679: Use after free in Codecs. Reported by Google.
     - CVE-2026-11680: Use after free in Media. Reported by Google.
     - CVE-2026-11681: Use after free in Ozone. Reported by Google.
     - CVE-2026-11682: Insufficient validation of untrusted input in Views.
       Reported by Google.
     - CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-11684: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-11685: Insufficient data validation in MediaCapture.
       Reported by Google.
     - CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11687: Use after free in Dawn. Reported by Google.
     - CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
     - CVE-2026-11689: Insufficient validation of untrusted input in
       Passwords. Reported by Google.
     - CVE-2026-11690: Out of bounds read and write in Media.
       Reported by Google.
     - CVE-2026-11691: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11692: Use after free in Read Anything. Reported by Google.
     - CVE-2026-11693: Inappropriate implementation in Plugins.
       Reported by Google.
     - CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11695: Inappropriate implementation in Passwords.
       Reported by Google.
     - CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
     - CVE-2026-11697: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11700: Use after free in Tracing. Reported by Google.
     - CVE-2026-11701: Insufficient validation of untrusted input in Guest
       View. Reported by Google.
   * d/patches:
     - fixes/arm-logging.patch: add patch to hopefully fix build failure
       on arm*.
     - loongarch64/0024-fix-libyuv-lsx.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
       upstream changes
     - core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
 9afe8804e995b21798f6d0238264e23b69323922 5796736 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 5e5bd8eb738db76c92b7623a07d98344c6d2a5fc 26040692 chromium-common_149.0.7827.102-1~deb12u1_armhf.deb
 4d3947a858aa19d10ab0d06f0eeeedf3f1ba5da2 35492800 chromium-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 39004c1a136442a3f2dc61a378298c3f2386e902 7380584 chromium-driver_149.0.7827.102-1~deb12u1_armhf.deb
 13db80e6e8444f67766dd650f8e2132746c4f325 27544564 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 0bf79f09e4d7f9e7f725297b673c879d6055383c 54978760 chromium-headless-shell_149.0.7827.102-1~deb12u1_armhf.deb
 2c6a405165da2432f43469e2048b4dfb0b56b9fd 18000 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 7462dfd8af150009aa0b198cca35720ea7759c34 127112 chromium-sandbox_149.0.7827.102-1~deb12u1_armhf.deb
 fca7679a537af72f21131d8d930392c7198a527e 30037984 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 7107fd53d0b916d5788dc2c088e020fc517a0b89 60390812 chromium-shell_149.0.7827.102-1~deb12u1_armhf.deb
 97863f4a2f62ec793557c81f04c5217799e37261 30379 chromium_149.0.7827.102-1~deb12u1_armhf-buildd.buildinfo
 43ab153894007d3d7a0b365c949c8f8c040cf24d 71944936 chromium_149.0.7827.102-1~deb12u1_armhf.deb
Checksums-Sha256:
 fbd02f2974901f92bf1594561294ed247b249eaef938b496a78eb3ab4a8ad57f 5796736 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 dda624a0a0386fbb6cf69643468c0845bb807062c6c3053afad0f0a6a15c51a0 26040692 chromium-common_149.0.7827.102-1~deb12u1_armhf.deb
 8208874c442665d892add78045d6410cb13dd3850b3680beb2056ef32f549889 35492800 chromium-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 ab273c45122482bda529aa34179ff1a490cd6c80e10113ca89ed9e8e8229a8e7 7380584 chromium-driver_149.0.7827.102-1~deb12u1_armhf.deb
 435e07bd6f3ed211be6881e1ac8996241eadb41d47f8c346cc3a5894ae2953fb 27544564 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 7838279a3022d4c661c1830b2aa7e6b3b4cc33418fe169b3d18ae1c15bfea94d 54978760 chromium-headless-shell_149.0.7827.102-1~deb12u1_armhf.deb
 5decbd48fd5085bc9019cfe27a698255425cc59a69cccd68ec8e6b9ea4be48f0 18000 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 2b6d31b0e92dcf5d5ca8e0e76b92f8c29e787a7f61574169f9fa7398559dfc8e 127112 chromium-sandbox_149.0.7827.102-1~deb12u1_armhf.deb
 862c6e8839bf4d6e2e110402411d8b6897587932e781900d52b2e8b986a8b41e 30037984 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 e83f6103059fe9d54ef3dd20739a2087810327da928cdf5d6310bdc20cd3313b 60390812 chromium-shell_149.0.7827.102-1~deb12u1_armhf.deb
 1e0089f4a008b9ccc11b0af5dac4bd77123453e284fbb41adf69b8142f1f19aa 30379 chromium_149.0.7827.102-1~deb12u1_armhf-buildd.buildinfo
 3700ffddf4012c49a25b5770dc8dff199b16cb9bd8105776f614e91a72bc0b18 71944936 chromium_149.0.7827.102-1~deb12u1_armhf.deb
Files:
 3560e87c9f93058a970e47c3a219709e 5796736 debug optional chromium-common-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 d0fb63bfe89617da403ed5de002f27a8 26040692 web optional chromium-common_149.0.7827.102-1~deb12u1_armhf.deb
 b86456e86cbbc023029b68433c773a53 35492800 debug optional chromium-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 a0b22ef2fd90b1136c2b945c02676324 7380584 web optional chromium-driver_149.0.7827.102-1~deb12u1_armhf.deb
 e1fabde16acdc7af7d72cd303ad6abdc 27544564 debug optional chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 cc24652f505bb5a831c0a23c37e42c96 54978760 web optional chromium-headless-shell_149.0.7827.102-1~deb12u1_armhf.deb
 f2d6dba6f7859187315f22195d4e18a7 18000 debug optional chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 1fe469a2d5775fc1bb5225d07842cb73 127112 web optional chromium-sandbox_149.0.7827.102-1~deb12u1_armhf.deb
 d57d23e1f28624be6d98e8431d108857 30037984 debug optional chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_armhf.deb
 464ec17470eb883687a783f379194f5e 60390812 web optional chromium-shell_149.0.7827.102-1~deb12u1_armhf.deb
 b024298587cb722b004e92a58739e353 30379 web optional chromium_149.0.7827.102-1~deb12u1_armhf-buildd.buildinfo
 dba83dc08c4a42aeac919d5f52bcbac2 71944936 web optional chromium_149.0.7827.102-1~deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO4qAQUSIo2p/kVRf8U6eOZMpj68FAmop1aIACgkQ8U6eOZMp
j68Sow//Z+T503I2PUS5nCcZZh5hwLtxofwlg1/hw2b/CLVLXaYA1e2a1wvfZpZt
+Q66dnB6rumVSwWEARiZaOHZMVzJB7eBLlNzQdJuXqsRA4syhgV+PMrsnOSwa9lU
LdqR7bgBLu/qtql4v+76uBLYici4KacEWvKzaLLyp/T12QdPR+pzTVvsFQDsgEyi
8/yKVl958XW/rob63chcprw9xv62pG0+w1WSrWJm2CE+oQJcGGKx//pnm304QAaZ
VBm8eE1ptwYRoMzh/aJgI3SXJHQiU9qPs8ftNTwbZpZCpuemb5jaEml8BTGJhB5v
ieu1eUxkCIsZAc2UVyvkkBJ1HR9DoJRiGhZGNZAO8Ahvi+oT9bm/aEvHnu9nCbPv
HoPte1ffLY3NoRhyEYQbttBiCQrWZROKtADLW14K3oBpg95c0gSNnEHGNewa1NCh
qTBepA2Z20ULy8y7Ljbw7ybUKjXhRNUbaG1m1iVtMEz2k87AXHV/WEASS+zv7lzS
FR99cAP4/INx7Y3TEnfg0IVezY85pjvNUdo1YwPdxKUvFiI5EdW5iYQMzr9wy81J
Tc8PLHLxsr7bXNUwhShPZrwouAocLoPXbcgA3DmHpMHJ9enyqHW1B4NXkkF9UQaj
RgeHx3ezA3U4EkrcKM2MrcC63JJhtSEswTmc+QqhCrkI2Bd9xDo=
=EWRM
-----END PGP SIGNATURE-----