-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 149.0.7827.102-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: armhf Build Daemon (arm-ubc-04) <buildd_arm64-arm-ubc-04@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (149.0.7827.102-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-11628: Use after free in Ozone. Reported by Google.
     - CVE-2026-11629: Use after free in Ozone. Reported by Google.
     - CVE-2026-11630: Use after free in File Input. Reported by Google.
     - CVE-2026-11631: Use after free in Aura. Reported by Google.
     - CVE-2026-11632: Use after free in TabStrip. Reported by Google.
     - CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11634: Use after free in Gamepad. Reported by Google.
     - CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11636: Use after free in Autofill. Reported by Google.
     - CVE-2026-11637: Use after free in Views. Reported by Google.
     - CVE-2026-11638: Use after free in Printing. Reported by Google.
     - CVE-2026-11639: Use after free in Compositing. Reported by Google.
     - CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11642: Use after free in Web Apps. Reported by Google.
     - CVE-2026-11643: Use after free in Proxy. Reported by Google.
     - CVE-2026-11644: Use after free in Views. Reported by Google.
     - CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
     - CVE-2026-11646: Use after free in ViewTransitions.
       Reported by Quac Tran.
     - CVE-2026-11647: Use after free in Printing. Reported by Google.
     - CVE-2026-11648: Use after free in FullScreen.
       Reported by Mihnea Nicolau.
     - CVE-2026-11649: Use after free in V8. Reported by Google.
     - CVE-2026-11650: Use after free in V8. Reported by Google.
     - CVE-2026-11651: Use after free in Network. Reported by Google.
     - CVE-2026-11652: Use after free in Extensions. Reported by Google.
     - CVE-2026-11653: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
     - CVE-2026-11655: Integer overflow in Media. Reported by Google.
     - CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11657: Use after free in Payments. Reported by Google.
     - CVE-2026-11658: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11659: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11660: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11661: Use after free in Views. Reported by Google.
     - CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
     - CVE-2026-11663: Use after free in Skia. Reported by Google.
     - CVE-2026-11664: Use after free in Payments. Reported by Google.
     - CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-11666: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
     - CVE-2026-11669: Integer overflow in Media. Reported by Google.
     - CVE-2026-11670: Use after free in PDF. Reported by Google.
     - CVE-2026-11671: Use after free in Navigation. Reported by Google.
     - CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
     - CVE-2026-11674: Use after free in Guest View. Reported by Google.
     - CVE-2026-11675: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11677: Race in Network. Reported by Google.
     - CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11679: Use after free in Codecs. Reported by Google.
     - CVE-2026-11680: Use after free in Media. Reported by Google.
     - CVE-2026-11681: Use after free in Ozone. Reported by Google.
     - CVE-2026-11682: Insufficient validation of untrusted input in Views.
       Reported by Google.
     - CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-11684: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-11685: Insufficient data validation in MediaCapture.
       Reported by Google.
     - CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11687: Use after free in Dawn. Reported by Google.
     - CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
     - CVE-2026-11689: Insufficient validation of untrusted input in
       Passwords. Reported by Google.
     - CVE-2026-11690: Out of bounds read and write in Media.
       Reported by Google.
     - CVE-2026-11691: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11692: Use after free in Read Anything. Reported by Google.
     - CVE-2026-11693: Inappropriate implementation in Plugins.
       Reported by Google.
     - CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11695: Inappropriate implementation in Passwords.
       Reported by Google.
     - CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
     - CVE-2026-11697: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11700: Use after free in Tracing. Reported by Google.
     - CVE-2026-11701: Insufficient validation of untrusted input in Guest
       View. Reported by Google.
   * d/patches:
     - fixes/arm-logging.patch: add patch to hopefully fix build failure
       on arm*.
     - loongarch64/0024-fix-libyuv-lsx.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
       upstream changes
     - core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
 f1425582915dbabca1974a3c017074dd38824c85 5781464 chromium-common-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 4d18b5958a1ed8f5f7dc5703bd81efdaf39710b4 26014876 chromium-common_149.0.7827.102-1~deb13u1_armhf.deb
 34aadb3e0f55628f282ab3fa2ea6a6e85652247e 35516676 chromium-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 085bdded08db8f8ae1ffe0e1ffbe6a8c3f30ea71 7377804 chromium-driver_149.0.7827.102-1~deb13u1_armhf.deb
 929890ffc2bd7f4ca3676a7879d54ebbcb6e8f13 27563376 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 21ccf8b75db28a6098c2ede0cf921b996865002b 54951680 chromium-headless-shell_149.0.7827.102-1~deb13u1_armhf.deb
 427ac98d58014550f9cdefbbde3db9599cec2935 19260 chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 60bb63202868b0c06ea9cbcd69e66085c86df14e 124900 chromium-sandbox_149.0.7827.102-1~deb13u1_armhf.deb
 5501904800c566e43a7bf3f7ec43c1a1b3416c5f 30064808 chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 0ea13d795af7c81a63d6083c65df9b474e5908a3 60367244 chromium-shell_149.0.7827.102-1~deb13u1_armhf.deb
 2d3d533b2bf40d0ca0332c7c1ffdd6d5c13864b1 30555 chromium_149.0.7827.102-1~deb13u1_armhf-buildd.buildinfo
 4481a2c50b4448c43106b3ff2a72a75c81268d4c 71941768 chromium_149.0.7827.102-1~deb13u1_armhf.deb
Checksums-Sha256:
 abe60603c6fe8686f87c05e29f3ed87edb1055775fde1f5fa270724630141ee8 5781464 chromium-common-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 5b8f571416cedec11b1368f568c76f874d3283040a2a4b97b1b3c99aa99f9335 26014876 chromium-common_149.0.7827.102-1~deb13u1_armhf.deb
 1a13dc46f546533057720f1701ac145152760afe94218d43c0351b9ca5263527 35516676 chromium-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 848dd98af3b53583d34ef742cf0e02153544a7afcbeabc47389e407cd0b1674e 7377804 chromium-driver_149.0.7827.102-1~deb13u1_armhf.deb
 c89bdc9de3b5674e87b153c84731c1b75abc7e09798fe091ec2cad97fda96d7b 27563376 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 5ab9a2285ea931e56b1e779a19877eb336b30330dab61e80d2fc9a0840fbd1f3 54951680 chromium-headless-shell_149.0.7827.102-1~deb13u1_armhf.deb
 13f92096f086dd51028479202b2d2ed83cb0ba71409b3ece8be1a66172e8d986 19260 chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 c94cd6d09a1d7e88d950124347ab602cf58fe223284f32b726626afb3e1d8cd9 124900 chromium-sandbox_149.0.7827.102-1~deb13u1_armhf.deb
 8fb659ee2bb6bc3a1b4d373f9459763fb7e9dbbfe267d18190cde14d4d6cbec4 30064808 chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 665ed93b097b3746280577cc2d167c310d6d34b20f39f62cf236e9668a72a958 60367244 chromium-shell_149.0.7827.102-1~deb13u1_armhf.deb
 1eb4cb9889dfca940b8f4f1964d9c82eec0a78bcc55de8733e545688336245fd 30555 chromium_149.0.7827.102-1~deb13u1_armhf-buildd.buildinfo
 5f43fc400975a679c202075ab762e1f714ed8a2dbe800ae0a9e885bd16b8e630 71941768 chromium_149.0.7827.102-1~deb13u1_armhf.deb
Files:
 d5afdf311277f0a5352eaa6342a4c44e 5781464 debug optional chromium-common-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 b13cb79eccfa647d6d3585bc29542457 26014876 web optional chromium-common_149.0.7827.102-1~deb13u1_armhf.deb
 61744e955da4776b9103ca56b20629f5 35516676 debug optional chromium-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 7c904782827e175b549d5e1a96ac730e 7377804 web optional chromium-driver_149.0.7827.102-1~deb13u1_armhf.deb
 a9ff30739a7e7de2fe9b3938757e514e 27563376 debug optional chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 22bccac305bfea691881207157ab62ac 54951680 web optional chromium-headless-shell_149.0.7827.102-1~deb13u1_armhf.deb
 9eee49e8c6da3159328eb8ec0eeb6399 19260 debug optional chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 1a838feefbcd33a1fc0585d8f790e0e8 124900 web optional chromium-sandbox_149.0.7827.102-1~deb13u1_armhf.deb
 d4712cf35f8f9b78a382d5399fe6d970 30064808 debug optional chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_armhf.deb
 12e04b9e5042fdfccc754d8212078cee 60367244 web optional chromium-shell_149.0.7827.102-1~deb13u1_armhf.deb
 edca903580e6b123931cfda5c0c21856 30555 web optional chromium_149.0.7827.102-1~deb13u1_armhf-buildd.buildinfo
 252b1e5f6e05c8b408b7e8882a5bd2a9 71941768 web optional chromium_149.0.7827.102-1~deb13u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECx5fXZYVNP9tMtwlK1PZBedPspoFAmoqGwcACgkQK1PZBedP
spq/uA//dRh3fDku8bFuOso3noWbESgC8K2/4va9pANoUW1otaEoI7r7aMWQf9Zx
Rbggi04T8psGgUZ5rWNFHTTuWQ1XQy0HI9Igx948LXd3QF2e4sbRUulZPp7oWE41
NuQzJUVV8CAkYdRVpEsMq0bRpdXADwM6+9wiZ+J3ZgG4WIeyNL25aJX0cKxXRjXO
bVDeuDdkfaEBiD+cCyjaPgeKYg4rvk5C1E1hjPfWCXMYu6KUYm+t/v9Py8lkbBGx
xksuzi0BQjgF8gjQt+PiVfU8fM/JGpTzIGaziQSnCGkICDhdxMIm0AFzv42rI1gj
U80/SsMKmb69XHG16Znk7k5ys5ysrRBmok7kbtcCyCOQRJq6nqIazkldsppxKYLE
nuA0SsGRiCh+Z557PNFrYBbOOF6iwv/PCB5OyphSkG1ywuM2F5XOJmgWLWqvPKPF
g3mC6d0SszK3oKn0urUs6nSqGD+a+D2aDVOBT6+Uvwow4SQg7e/njjCwE1MX4ASh
apmdmaXf/XxIk0U10XXy8qHZxK8vImaz7avG0lo8yVV1hzvUllNkY2TuwTmUKzIJ
IMwWUMKUt2P0XVR7JkvuibRjWhe4ni94bszIOohHrWEbtkrPkheaez3PFVv/Bq1i
BOH7HkDQAu0VlgoWZLXXRNFVGcqJEWuuVOl7aa9EtoIzWkq7bJ8=
=A1D/
-----END PGP SIGNATURE-----