-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 149.0.7827.102-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: arm64 Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (149.0.7827.102-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-11628: Use after free in Ozone. Reported by Google.
     - CVE-2026-11629: Use after free in Ozone. Reported by Google.
     - CVE-2026-11630: Use after free in File Input. Reported by Google.
     - CVE-2026-11631: Use after free in Aura. Reported by Google.
     - CVE-2026-11632: Use after free in TabStrip. Reported by Google.
     - CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11634: Use after free in Gamepad. Reported by Google.
     - CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11636: Use after free in Autofill. Reported by Google.
     - CVE-2026-11637: Use after free in Views. Reported by Google.
     - CVE-2026-11638: Use after free in Printing. Reported by Google.
     - CVE-2026-11639: Use after free in Compositing. Reported by Google.
     - CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11642: Use after free in Web Apps. Reported by Google.
     - CVE-2026-11643: Use after free in Proxy. Reported by Google.
     - CVE-2026-11644: Use after free in Views. Reported by Google.
     - CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
     - CVE-2026-11646: Use after free in ViewTransitions.
       Reported by Quac Tran.
     - CVE-2026-11647: Use after free in Printing. Reported by Google.
     - CVE-2026-11648: Use after free in FullScreen.
       Reported by Mihnea Nicolau.
     - CVE-2026-11649: Use after free in V8. Reported by Google.
     - CVE-2026-11650: Use after free in V8. Reported by Google.
     - CVE-2026-11651: Use after free in Network. Reported by Google.
     - CVE-2026-11652: Use after free in Extensions. Reported by Google.
     - CVE-2026-11653: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
     - CVE-2026-11655: Integer overflow in Media. Reported by Google.
     - CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11657: Use after free in Payments. Reported by Google.
     - CVE-2026-11658: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11659: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11660: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11661: Use after free in Views. Reported by Google.
     - CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
     - CVE-2026-11663: Use after free in Skia. Reported by Google.
     - CVE-2026-11664: Use after free in Payments. Reported by Google.
     - CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-11666: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
     - CVE-2026-11669: Integer overflow in Media. Reported by Google.
     - CVE-2026-11670: Use after free in PDF. Reported by Google.
     - CVE-2026-11671: Use after free in Navigation. Reported by Google.
     - CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
     - CVE-2026-11674: Use after free in Guest View. Reported by Google.
     - CVE-2026-11675: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11677: Race in Network. Reported by Google.
     - CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11679: Use after free in Codecs. Reported by Google.
     - CVE-2026-11680: Use after free in Media. Reported by Google.
     - CVE-2026-11681: Use after free in Ozone. Reported by Google.
     - CVE-2026-11682: Insufficient validation of untrusted input in Views.
       Reported by Google.
     - CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-11684: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-11685: Insufficient data validation in MediaCapture.
       Reported by Google.
     - CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11687: Use after free in Dawn. Reported by Google.
     - CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
     - CVE-2026-11689: Insufficient validation of untrusted input in
       Passwords. Reported by Google.
     - CVE-2026-11690: Out of bounds read and write in Media.
       Reported by Google.
     - CVE-2026-11691: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11692: Use after free in Read Anything. Reported by Google.
     - CVE-2026-11693: Inappropriate implementation in Plugins.
       Reported by Google.
     - CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11695: Inappropriate implementation in Passwords.
       Reported by Google.
     - CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
     - CVE-2026-11697: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11700: Use after free in Tracing. Reported by Google.
     - CVE-2026-11701: Insufficient validation of untrusted input in Guest
       View. Reported by Google.
   * d/patches:
     - fixes/arm-logging.patch: add patch to hopefully fix build failure
       on arm*.
     - loongarch64/0024-fix-libyuv-lsx.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
       upstream changes
     - core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
 1c5ff837055afec626449d92723a824925817ed1 6137144 chromium-common-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 c6adc3e570a5676d79622814f19def30189cd0d8 30837960 chromium-common_149.0.7827.102-1~deb13u1_arm64.deb
 945455bcb44f2cd96f55b1cee209bef2c4a46f5f 34838108 chromium-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 3ae285db68edffe2e12cd14800a86c4ac201ace0 6808164 chromium-driver_149.0.7827.102-1~deb13u1_arm64.deb
 850a1b157f340652e31756386306f3b53aff1e93 29033072 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 dee97e7f09a532515382008edefd228f8ad641e7 55470532 chromium-headless-shell_149.0.7827.102-1~deb13u1_arm64.deb
 ca9cbb2a6138be0b8971c12048740092fba4dfd6 21088 chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 c5541e8226156c765b90402cfa36e24634afe9ab 126040 chromium-sandbox_149.0.7827.102-1~deb13u1_arm64.deb
 a8844a3ca97add80e15b746209d7b6256b064ed5 30513952 chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 172554d03f6cc118fd4382707f8bf5185a9e6a0f 55263200 chromium-shell_149.0.7827.102-1~deb13u1_arm64.deb
 36eebd6bed12f216f740cad3bd3fc661d34f5a64 30646 chromium_149.0.7827.102-1~deb13u1_arm64-buildd.buildinfo
 588d461d3312cd195062b744c82f18d957c7125c 73985536 chromium_149.0.7827.102-1~deb13u1_arm64.deb
Checksums-Sha256:
 96b7fbcae9f08ebcf3085bca9c9b092821b3a25538371eb0371a05e2a68e8a92 6137144 chromium-common-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 bf5f2b7254790c8e03b5a0714c5dd4c38ff3957031dc45b13282addb043037d9 30837960 chromium-common_149.0.7827.102-1~deb13u1_arm64.deb
 2d02ded8472f75cc75d49f654c0c8493c25d0be93e527b6c41b232035ffcbbc2 34838108 chromium-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 1525f6c8bd4186803328e7810e4eb6630d90199345b2c0e116e8cf4dce3e4375 6808164 chromium-driver_149.0.7827.102-1~deb13u1_arm64.deb
 b212d4a42d68dbdfa750194e7b02f9f16661ab3683beb5d4b8ea0e973d092b19 29033072 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 d77701b109462633298f1fbbc24b2628ff46aa3d3d5d47602ccf525b0d846573 55470532 chromium-headless-shell_149.0.7827.102-1~deb13u1_arm64.deb
 6941bde0a66d5f471b14a0931f3e0451722a9e2d8cad3a3773a2de6a71df5ae6 21088 chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 4a17d6cc62e5bff5dc2b29408278fd117d1f958d6325847e00e79d555e9c7322 126040 chromium-sandbox_149.0.7827.102-1~deb13u1_arm64.deb
 26fa34c6f25a2fe17e7316f0c7bf0395b8cb8ea0d3cc7b10e821b23852539ad5 30513952 chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 2fb4c83960b3c0a9860691e9c5ad686eeaf7bdecfdcee6af50ba3f881431ba17 55263200 chromium-shell_149.0.7827.102-1~deb13u1_arm64.deb
 e1c0fbe03a7c5872e97a4f073ae4874bbb2c0f5a9213b01096ae0023451d054c 30646 chromium_149.0.7827.102-1~deb13u1_arm64-buildd.buildinfo
 b4001ca7482c6ee89dd4825158ff9c40975d7e89518589fece6af58903e06ef1 73985536 chromium_149.0.7827.102-1~deb13u1_arm64.deb
Files:
 d343db5a1e47291765fc87017e9dbd7e 6137144 debug optional chromium-common-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 7f5563e418510bc1e46fa2fa2d3459fd 30837960 web optional chromium-common_149.0.7827.102-1~deb13u1_arm64.deb
 78f002002b7ed8b2a0ce26e48531cb49 34838108 debug optional chromium-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 ef2263aee80b94739b295816fdad9ad0 6808164 web optional chromium-driver_149.0.7827.102-1~deb13u1_arm64.deb
 231b25dca39ec1581c7390558d63f025 29033072 debug optional chromium-headless-shell-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 bbe8586ae335c3a91ddd1e2c15953497 55470532 web optional chromium-headless-shell_149.0.7827.102-1~deb13u1_arm64.deb
 3840c717d9a317bb3a43292ae52e12b7 21088 debug optional chromium-sandbox-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 638df0233f6bf2c8cf2d0246cf6a4335 126040 web optional chromium-sandbox_149.0.7827.102-1~deb13u1_arm64.deb
 9778cffcb71796c3a141eb5eef74dc70 30513952 debug optional chromium-shell-dbgsym_149.0.7827.102-1~deb13u1_arm64.deb
 e4eacd14575c8c2b09d08c2e0fede5ec 55263200 web optional chromium-shell_149.0.7827.102-1~deb13u1_arm64.deb
 70507d29da47b19eeebcfd07aa7faf5d 30646 web optional chromium_149.0.7827.102-1~deb13u1_arm64-buildd.buildinfo
 a0facd10ddfc005515921314178e02e5 73985536 web optional chromium_149.0.7827.102-1~deb13u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmop38AACgkQScpU3dYu
lLhnpRAAlov9BdKTiHyHYqZl4uV6CmQjbcm+cQy/paz6XGcK3Wh4eske+Z3qOHAh
T5vY+jNckFkaBOjyrpuu3hvDahkE21t8xqCPCCNhUGacMmOiKVgaNDQd1kHhPVWU
zYNWLw9vgM/z6OZwPK69iBzQBUzLeRAX0jGQPTuLugNiwmvEyL45TSotAtcyc6k2
aXdKzwmb5Kfj/6EsWGEhp8sF5eg+4RlVZxEJiEQvX3tZSt5CE3zCB6uszLWFfnko
n2Eo+b+Z88f1SLHvvGVsN/qk2X7EJRuPWRNNuY/SD1+gOLcRcfkw/sd7/PKGu0gB
QKNYbv96cHCogXXAWsIVl1wk8stfuB9IwgC9ZxYQ1Jo2qkTPUEWxd66Lg4wt+A3u
CbuVRtxUMR+WBg+7+bs5ok10NtSvpDAEU4LUmHIiZ9ybuJ6+789QHG7oQznhZU+N
VBUIvOItbjnkv9j8xD9pa4VWkmJD0Jp2YHDI5dj6CwBQNi4F5KMPC5xSDigZEERx
DQZ8m8M8exYzPULPic6tXCSucdrpqurOdyCVY1yHk3zZvyTbahuNG5kOzPZFYw+C
ijtJHiQnTTimuTerNPRXFXKAKNaYEB71pbddyde5YSNMzh/J+QU8Y4WyjurvV2Gr
SlM3Op8LffxFZhGUKzD5QHZ37nC5lbijNAF9fjDL387kwr6CeuM=
=Gubg
-----END PGP SIGNATURE-----