-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 149.0.7827.102-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (149.0.7827.102-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-11628: Use after free in Ozone. Reported by Google.
     - CVE-2026-11629: Use after free in Ozone. Reported by Google.
     - CVE-2026-11630: Use after free in File Input. Reported by Google.
     - CVE-2026-11631: Use after free in Aura. Reported by Google.
     - CVE-2026-11632: Use after free in TabStrip. Reported by Google.
     - CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11634: Use after free in Gamepad. Reported by Google.
     - CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11636: Use after free in Autofill. Reported by Google.
     - CVE-2026-11637: Use after free in Views. Reported by Google.
     - CVE-2026-11638: Use after free in Printing. Reported by Google.
     - CVE-2026-11639: Use after free in Compositing. Reported by Google.
     - CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11642: Use after free in Web Apps. Reported by Google.
     - CVE-2026-11643: Use after free in Proxy. Reported by Google.
     - CVE-2026-11644: Use after free in Views. Reported by Google.
     - CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
     - CVE-2026-11646: Use after free in ViewTransitions.
       Reported by Quac Tran.
     - CVE-2026-11647: Use after free in Printing. Reported by Google.
     - CVE-2026-11648: Use after free in FullScreen.
       Reported by Mihnea Nicolau.
     - CVE-2026-11649: Use after free in V8. Reported by Google.
     - CVE-2026-11650: Use after free in V8. Reported by Google.
     - CVE-2026-11651: Use after free in Network. Reported by Google.
     - CVE-2026-11652: Use after free in Extensions. Reported by Google.
     - CVE-2026-11653: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
     - CVE-2026-11655: Integer overflow in Media. Reported by Google.
     - CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11657: Use after free in Payments. Reported by Google.
     - CVE-2026-11658: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11659: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11660: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11661: Use after free in Views. Reported by Google.
     - CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
     - CVE-2026-11663: Use after free in Skia. Reported by Google.
     - CVE-2026-11664: Use after free in Payments. Reported by Google.
     - CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-11666: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
     - CVE-2026-11669: Integer overflow in Media. Reported by Google.
     - CVE-2026-11670: Use after free in PDF. Reported by Google.
     - CVE-2026-11671: Use after free in Navigation. Reported by Google.
     - CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
     - CVE-2026-11674: Use after free in Guest View. Reported by Google.
     - CVE-2026-11675: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11677: Race in Network. Reported by Google.
     - CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11679: Use after free in Codecs. Reported by Google.
     - CVE-2026-11680: Use after free in Media. Reported by Google.
     - CVE-2026-11681: Use after free in Ozone. Reported by Google.
     - CVE-2026-11682: Insufficient validation of untrusted input in Views.
       Reported by Google.
     - CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-11684: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-11685: Insufficient data validation in MediaCapture.
       Reported by Google.
     - CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11687: Use after free in Dawn. Reported by Google.
     - CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
     - CVE-2026-11689: Insufficient validation of untrusted input in
       Passwords. Reported by Google.
     - CVE-2026-11690: Out of bounds read and write in Media.
       Reported by Google.
     - CVE-2026-11691: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11692: Use after free in Read Anything. Reported by Google.
     - CVE-2026-11693: Inappropriate implementation in Plugins.
       Reported by Google.
     - CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11695: Inappropriate implementation in Passwords.
       Reported by Google.
     - CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
     - CVE-2026-11697: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11700: Use after free in Tracing. Reported by Google.
     - CVE-2026-11701: Insufficient validation of untrusted input in Guest
       View. Reported by Google.
   * d/patches:
     - fixes/arm-logging.patch: add patch to hopefully fix build failure
       on arm*.
     - loongarch64/0024-fix-libyuv-lsx.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
       upstream changes
     - core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
 4c94d35d0166817be8117f8f06818a0c10d6c207 5313884 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 8656e862ae77f82f5761aa7e48ddee7e5122eabe 26272432 chromium-common_149.0.7827.102-1~deb12u1_i386.deb
 08f6001bfa3cce3565525e93128977dcf02a469e 36203472 chromium-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 b1d755400dddec4e0796cab218b85d2b1cb321d0 8114852 chromium-driver_149.0.7827.102-1~deb12u1_i386.deb
 86f320ae7dee1333dcbc57b1a1157c428264dc76 29785744 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 1aea74753bf10d94377496adf9224460959c6c56 59811476 chromium-headless-shell_149.0.7827.102-1~deb12u1_i386.deb
 28b2e813cc054e305783e117b4c9701d05cd2977 17820 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 0fda8673f5a2c27e6e392492f658e724448a4acc 127344 chromium-sandbox_149.0.7827.102-1~deb12u1_i386.deb
 1fa4b86ad7667167fd012e02c950f53fd9b9008a 32717828 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 56aa16da0042a94896ef0b010b068e261fa116fa 65578660 chromium-shell_149.0.7827.102-1~deb12u1_i386.deb
 6caeaffacd5bc93d14a53076252d7099aee013b0 30470 chromium_149.0.7827.102-1~deb12u1_i386-buildd.buildinfo
 f721b0e3a161968425c570b884dea84bdb85ee9a 78073008 chromium_149.0.7827.102-1~deb12u1_i386.deb
Checksums-Sha256:
 c9fa7ac78e4cbb5d223b0f29b8555d12a683dffbda8aead42342cdf94b891ec5 5313884 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 bc4fc68f528ac9f17ecb4b4ce25f0c0ee133b2b71a1b4faf683182bf8825aa72 26272432 chromium-common_149.0.7827.102-1~deb12u1_i386.deb
 0ce93392bc8db51ee0a93ea2fe392667b120b42617732ea8c792f15e6324b44c 36203472 chromium-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 b2eb46659553dbb51b5a5281bab6fe84b4a8d204f9a7a7b841e1d3290a379487 8114852 chromium-driver_149.0.7827.102-1~deb12u1_i386.deb
 b39a799b0d16c6418607562f4c243624b265e6167caf366c9244a377a0183120 29785744 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 1b6990981f0f4aa30d5ce7687eee98394a1ab9bbd48ba62c5393cbbdfd9541b8 59811476 chromium-headless-shell_149.0.7827.102-1~deb12u1_i386.deb
 bea3ce63a464162077d157c4a9001aee2d3b7fe45612994fbb1ea1fad8539cc8 17820 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 8a5d8edc92bbf873bc7f3cf6b2636babd22f2fae599f3dcbeb9fbc757a024b87 127344 chromium-sandbox_149.0.7827.102-1~deb12u1_i386.deb
 137fbc3d67a6741f5099d78686e488b0d5f6cc779f86a54575a282aaf9ae308b 32717828 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 edef77991c31287d2f792acbbf419b58f7ba1ecb03dfa56795030cbe3cd7c8d8 65578660 chromium-shell_149.0.7827.102-1~deb12u1_i386.deb
 79099978fd65333e67609310be779824374ccf6c368cd845d0a01f786ae6d7fe 30470 chromium_149.0.7827.102-1~deb12u1_i386-buildd.buildinfo
 363fd96174d5fc0da1a73158b134c6bf4df33b7e81156d434adfd364b49f0d9e 78073008 chromium_149.0.7827.102-1~deb12u1_i386.deb
Files:
 6fa61b1b0f0c12d78be7863ce14e0174 5313884 debug optional chromium-common-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 413d0bd9f07870ff5be87ea2307a9b80 26272432 web optional chromium-common_149.0.7827.102-1~deb12u1_i386.deb
 2797347f8b08c8a15b67ee6f1b5fe4be 36203472 debug optional chromium-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 9c28bb396379d13144928c14c2ac5c31 8114852 web optional chromium-driver_149.0.7827.102-1~deb12u1_i386.deb
 af02b94c9f7c07b39d3c2c0d17f95352 29785744 debug optional chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 fdd7542d0927dfcbdb41b6c00796ab23 59811476 web optional chromium-headless-shell_149.0.7827.102-1~deb12u1_i386.deb
 fb3478960624ef24303e299e9dc15b36 17820 debug optional chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 1b5a1dba0bbec6bf79966761326c297f 127344 web optional chromium-sandbox_149.0.7827.102-1~deb12u1_i386.deb
 034d2eafee95a1deabc8b6f2ac5f00c3 32717828 debug optional chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_i386.deb
 89dba4dfed5ec5cc1821a5fa4e3147a5 65578660 web optional chromium-shell_149.0.7827.102-1~deb12u1_i386.deb
 1254cde229042a6be53b5556ef6f12d3 30470 web optional chromium_149.0.7827.102-1~deb12u1_i386-buildd.buildinfo
 7f07ab8e352766126370fe5e4a24bd05 78073008 web optional chromium_149.0.7827.102-1~deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEb5EwsJvHBEjqIJYIbheoBegwXLIFAmoprFEACgkQbheoBegw
XLJzsg//UbT5fq+Gos1Y3WXZDGa9Ck4yjK92i0Q4jowuVF39/JkJIX8yOffG15W4
e1qur+YM/CBjb1ffU3LaNoXYoqgxo87V4KAf1ZWq7ZKM6c0ZN89qK4HEmS5PhzDT
5yzlLWQQYZd147/cd9+GYPvaW3p9/hXShlcGXiFUmVlEiEze5rBdC0Q4VZKnTPS1
44q5b9b5eF2HlqiJJZBgW8Jd/GYdG/2AE2GSj8klYO/eyx0h5y2UcxQukuyxm4St
aAIssDUhPBcFmaI4kB0joXeLUIG0DNBO4slPwF6WtlGvMg33ALMuGaPGFvhwuUce
HYhPB34YPypXBCkrDtUPHVTjDsuSsbQ2/dMHNXCaf8YWyUXUw2gFcSVUXFRq75Tz
uiCHjJoYUhLCoPHzDTkvrPGBb5o/+aqQWoS/rlt2v2DjdEGHw50FGlcYSklXPtgp
oNINxz3csaIeAOMFv25OXxQVKJ+OEUevsXz0bY1FBSJ7ZxykdpBvt9+Sv2EbAO/M
tQpijlRb5wbVi7Es2FE1H29KoK2EFZWX1dirEywjJbJdJ5qqCyfOqki5V6ijmpda
SBokQJUVI5EJSVlBSlvMYvgj2psz9SOA4yKoUKuG1iljtIWSwDcMKOMhdbs4XT76
+d779NIEKeYxPZ8Vl5B7cIuTWz975lR32A0iXxMd/3GiJBmbf/o=
=WBb2
-----END PGP SIGNATURE-----