-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 04 Jul 2026 04:01:45 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: armhf Version: 150.0.7871.46-1~deb13u1 Distribution: trixie-security Urgency: high Maintainer: armhf Build Daemon (arm-ubc-04) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (150.0.7871.46-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-13774: Use after free in Extensions. Reported by Google. - CVE-2026-13775: Use after free in GPU. Reported by Google. - CVE-2026-14398: Use after free in ANGLE. Reported by Google. - CVE-2026-13776: Type Confusion in Dawn. Reported by Google. - CVE-2026-13777: Insufficient validation of untrusted input in iOSWeb. Reported by Google. - CVE-2026-13778: Use after free in WebUSB. Reported by Google. - CVE-2026-13779: Use after free in Chromoting. Reported by Google. - CVE-2026-13780: Insufficient validation of untrusted input in ANGLE. Reported by Google. - CVE-2026-13781: Insufficient validation of untrusted input in Skia. Reported by Google. - CVE-2026-14417: Use after free in Dawn. Reported by Google. - CVE-2026-13782: Use after free in Browser. Reported by Google. - CVE-2026-13783: Use after free in Views. Reported by Google. - CVE-2026-13784: Use after free in Views. Reported by Google. - CVE-2026-14419: Use after free in Skia. Reported by Google. - CVE-2026-13785: Use after free in Bluetooth. Reported by Google. - CVE-2026-14420: Out of bounds read and write in Dawn. Reported by Google. - CVE-2026-13786: Use after free in Ozone. Reported by Google. - CVE-2026-14427: Heap buffer overflow in Skia. Reported by Google. - CVE-2026-13787: Use after free in Chromoting. Reported by Google. - CVE-2026-13788: Use after free in Fullscreen. Reported by Google. - CVE-2026-14382: Insufficient validation of untrusted input in ANGLE. Reported by anonymous. - CVE-2026-13790: Side-channel information leakage in Scroll. Reported by Vsevolod Kokorin (Slonser) of Solidlab and Jorian Woltjer. - CVE-2026-14385: Heap buffer overflow in ANGLE. Reported by Thomas Guillem . - CVE-2026-13791: Insufficient validation of untrusted input in Downloads. Reported by Ron Masas (Imperva). - CVE-2026-13792: Use after free in Touchbar. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2026-13793: Insufficient policy enforcement in SVG. Reported by pakhunov.anton.n@gmail.com. - CVE-2026-14392: Out of bounds write in Tint. Reported by FastPL Group, Imperial College London. - CVE-2026-13794: Insufficient validation of untrusted input in WebAppInstalls. Reported by Daniel Rodríguez. - CVE-2026-14422: Out of bounds read and write in Tint. Reported by Michal Andryskowski. - CVE-2026-13795: Insufficient policy enforcement in Chrome for iOS. Reported by maitai. - CVE-2026-14426: Use after free in V8. Reported by ywatanabee. - CVE-2026-13796: Integer overflow in Chromecast. Reported by Google. - CVE-2026-13797: Insufficient validation of untrusted input in Chromecast. Reported by Google. - CVE-2026-14386: Out of bounds read in ANGLE. Reported by Google. - CVE-2026-13798: Heap buffer overflow in Chromecast. Reported by Google. - CVE-2026-13799: Use after free in QUIC. Reported by Google. - CVE-2026-13800: Inappropriate implementation in Updater. Reported by Google. - CVE-2026-13801: Integer overflow in Chromecast. Reported by Google. - CVE-2026-13802: Use after free in Views. Reported by Google. - CVE-2026-13803: Type Confusion in Chrome Tabs. Reported by Google. - CVE-2026-13804: Use after free in Chromecast. Reported by Google. - CVE-2026-13805: Use after free in GFX. Reported by Google. - CVE-2026-14390: Use after free in ANGLE. Reported by Google. - CVE-2026-13806: Insufficient validation of untrusted input in Accessibility. Reported by Google. - CVE-2026-13807: Use after free in Import. Reported by Google. - CVE-2026-13808: Insufficient data validation in Chrome for iOS. Reported by Google. - CVE-2026-13809: Side-channel information leakage in Safe Browsing. Reported by Google. - CVE-2026-13810: Inappropriate implementation in Input. Reported by dilipsc03@gmail.com. - CVE-2026-13811: Use after free in IME. Reported by Google. - CVE-2026-13812: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google. - CVE-2026-13813: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google. - CVE-2026-13814: Use after free in Views. Reported by Google. - CVE-2026-13815: Use after free in Blink. Reported by Google. - CVE-2026-13816: Insufficient validation of untrusted input in File Input. Reported by Google. - CVE-2026-14396: Out of bounds read in ANGLE. Reported by Google. - CVE-2026-13817: Insufficient validation of untrusted input in Glic. Reported by Google. - CVE-2026-13818: Inappropriate implementation in Passwords. Reported by Google. - CVE-2026-13819: Out of bounds read in ANGLE. Reported by Google. - CVE-2026-13820: Out of bounds read in Skia. Reported by Google. - CVE-2026-14400: Out of bounds write in ANGLE. Reported by Google. - CVE-2026-14401: Insufficient validation of untrusted input in ANGLE. Reported by Google. - CVE-2026-14402: Uninitialized Use in ANGLE. Reported by Google. - CVE-2026-13821: Use after free in Canvas. Reported by Google. - CVE-2026-13822: Inappropriate implementation in Extensions. Reported by Google. - CVE-2026-13823: Use after free in Glic. Reported by Google. - CVE-2026-13824: Insufficient validation of untrusted input in Extensions. Reported by Google. - CVE-2026-13825: Uninitialized Use in Dawn. Reported by Google. - CVE-2026-13826: Inappropriate implementation in Autofill. Reported by Google. - CVE-2026-13827: Use after free in Updater. Reported by Google. - CVE-2026-13828: Inappropriate implementation in Enterprise. Reported by Google. - CVE-2026-13829: Insufficient validation of untrusted input in Settings. Reported by Google. - CVE-2026-13830: Use after free in Chromoting. Reported by Google. - CVE-2026-13831: Use after free in GPU. Reported by Google. - CVE-2026-13832: Use after free in Headless. Reported by Google. - CVE-2026-14411: Insufficient validation of untrusted input in ANGLE. Reported by Google. - CVE-2026-13833: Uninitialized Use in ANGLE. Reported by Google. - CVE-2026-14412: Insufficient validation of untrusted input in ANGLE. Reported by Google. - CVE-2026-14413: Uninitialized Use in ANGLE. Reported by Google. - CVE-2026-13834: Insufficient validation of untrusted input in ANGLE. Reported by Google. - CVE-2026-13835: Inappropriate implementation in XML. Reported by Google. - CVE-2026-13836: Inappropriate implementation in CSS. Reported by Google. - CVE-2026-13837: Inappropriate implementation in CSS. Reported by Google. - CVE-2026-13838: Inappropriate implementation in CSS. Reported by Google. - CVE-2026-13839: Inappropriate implementation in CSS. Reported by Google. - CVE-2026-13840: Insufficient policy enforcement in Canvas. Reported by Binglin Song. - CVE-2026-13841: Integer overflow in Skia. Reported by Google. - CVE-2026-13842: Incorrect security UI in Chrome for iOS. Reported by Azza Tegar Naufal Ataullah. - CVE-2026-14418: Uninitialized Use in ANGLE. Reported by Google. - CVE-2026-13843: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google. - CVE-2026-13844: Use after free in Updater. Reported by Google. - CVE-2026-13845: Use after free in DOM. Reported by Google. - CVE-2026-13846: Use after free in USB. Reported by Google. - CVE-2026-13847: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google. - CVE-2026-13848: Use after free in Forms. Reported by Google. - CVE-2026-13849: Insufficient validation of untrusted input in Chromoting. Reported by Google. - CVE-2026-14423: Type Confusion in Tint. Reported by Google. - CVE-2026-13850: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google. - CVE-2026-14424: Use after free in Dawn. Reported by Google. - CVE-2026-14425: Use after free in ANGLE. Reported by Google. - CVE-2026-13851: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google. - CVE-2026-14428: Insufficient validation of untrusted input in Dawn. Reported by Google. - CVE-2026-14429: Insufficient validation of untrusted input in Skia. Reported by Google. - CVE-2026-14430: Integer overflow in V8. Reported by Google. - CVE-2026-13852: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google. - CVE-2026-13853: Use after free in Journeys. Reported by Google. - CVE-2026-13854: Use after free in Ozone. Reported by Google. - CVE-2026-14431: Type Confusion in V8. Reported by OpenAI Codex Security (amyb). - CVE-2026-13855: Use after free in Ozone. Reported by Google. - CVE-2026-13856: Insufficient validation of untrusted input in Speech. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-13857: Inappropriate implementation in Geometry. Reported by Luan Herrera (@lbherrera_). - CVE-2026-13858: Out of bounds read in FFmpeg. Reported by Wongi Lee (@_qwerty_po) of Theori with Xint Code, Jungwoo Lee (@physicube). - CVE-2026-13859: Inappropriate implementation in ANGLE. Reported by Jason Villaluna. - CVE-2026-14391: Integer overflow in ANGLE. Reported by Quac Tran. - CVE-2026-13860: Incorrect security UI in Autofill. Reported by Khalil Zhani. - CVE-2026-14408: Uninitialized Use in Dawn. Reported by Chrovus. - CVE-2026-14381: Incorrect security UI in WebAppInstalls. Reported by Hafiizh. - CVE-2026-14383: Inappropriate implementation in V8. Reported by Google. - CVE-2026-13861: Use after free in Core. Reported by Google. - CVE-2026-13862: Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys). Reported by Google. - CVE-2026-13863: Insufficient validation of untrusted input in CustomTabs. Reported by Google. - CVE-2026-13864: Insufficient policy enforcement in WebHID. Reported by Google. - CVE-2026-13865: Insufficient validation of untrusted input in Enterprise. Reported by Google. - CVE-2026-13866: Insufficient validation of untrusted input in Input. Reported by Google. - CVE-2026-13867: Inappropriate implementation in Geolocation. Reported by Google. - CVE-2026-13868: Inappropriate implementation in Network. Reported by Google. - CVE-2026-14384: Out of bounds read in ANGLE. Reported by Google. - CVE-2026-13869: Use after free in Device. Reported by Google. - CVE-2026-13870: Use after free in WebView. Reported by Google. - CVE-2026-13871: Insufficient data validation in GuestView. Reported by Google. - CVE-2026-13872: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google. - CVE-2026-13873: Out of bounds memory access in Layout. Reported by Google. - CVE-2026-13874: Inappropriate implementation in DataTransfer. Reported by Google. - CVE-2026-13875: Insufficient validation of untrusted input in GPU. Reported by Google. - CVE-2026-13876: Inappropriate implementation in Network. Reported by Google. - CVE-2026-13877: Insufficient validation of untrusted input in ANGLE. Reported by Google. - CVE-2026-13878: Use after free in Bluetooth. Reported by Google. - CVE-2026-13879: Use after free in Bluetooth. Reported by Google. - CVE-2026-13880: Use after free in USB. Reported by Google. - CVE-2026-13881: Insufficient data validation in WebAppInstalls. Reported by Google. - CVE-2026-13882: Inappropriate implementation in USB. Reported by Google - CVE-2026-13883: Type Confusion in ANGLE. Reported by Google. - CVE-2026-13884: Heap buffer overflow in Chromecast. Reported by Google. - CVE-2026-14387: Integer overflow in Skia. Reported by Google. - CVE-2026-13885: Use after free in Skia. Reported by Google. - CVE-2026-13886: Policy bypass in Isolated Web Apps. Reported by Google. - CVE-2026-14388: Out of bounds read in ANGLE. Reported by Google. - CVE-2026-14389: Integer overflow in Skia. Reported by Google. - CVE-2026-13887: Insufficient policy enforcement in NFC. Reported by Google. - CVE-2026-13888: Use after free in Extensions. Reported by Google. - CVE-2026-13889: Insufficient validation of untrusted input in WebAuthentication. Reported by Google. - CVE-2026-13890: Out of bounds read in Chromecast. Reported by Google. - CVE-2026-13891: Insufficient validation of untrusted input in Extensions. Reported by Google. - CVE-2026-13892: Inappropriate implementation in Chrome for iOS. Reported by Google. - CVE-2026-13893: Insufficient validation of untrusted input in WebUI. Reported by Google. - CVE-2026-13894: Insufficient policy enforcement in Network. Reported by Google. - CVE-2026-13895: Inappropriate implementation in Autofill. Reported by Google. - CVE-2026-13896: Insufficient policy enforcement in Glic. Reported by Google. - CVE-2026-13897: Insufficient policy enforcement in Chromecast. Reported by Google. - CVE-2026-13898: Use after free in Cast Receiver. Reported by Google. - CVE-2026-13899: Use after free in HTML. Reported by Google. - CVE-2026-13900: Insufficient validation of untrusted input in Chromecast. Reported by Google. - CVE-2026-13901: Insufficient validation of untrusted input in Serial. Reported by Google. - CVE-2026-13902: Inappropriate implementation in Chrome for iOS. Reported by Google. - CVE-2026-13903: Insufficient policy enforcement in Bluetooth. Reported by Google. - CVE-2026-13904: Incorrect security UI in Safe Browsing. Reported by Google. - CVE-2026-13905: Incorrect security UI in Chrome for iOS. Reported by Google. - CVE-2026-13906: Out of bounds read in Codecs. Reported by Google. - CVE-2026-13907: Inappropriate implementation in iOSWeb. Reported by Google. - CVE-2026-13908: Insufficient validation of untrusted input in Omnibox. Reported by Google. - CVE-2026-13909: Insufficient policy enforcement in DevTools. Reported by Google. - CVE-2026-13910: Insufficient policy enforcement in WebXR. Reported by Google. - CVE-2026-13911: Insufficient data validation in Spellcheck. Reported by Google. - CVE-2026-13912: Incorrect security UI in Safe Browsing. Reported by Google. - CVE-2026-13913: Insufficient policy enforcement in Autofill. Reported by Google. - CVE-2026-13914: Inappropriate implementation in Passwords. Reported by Google. - CVE-2026-13915: Use after free in Chrome for iOS. Reported by Google. - CVE-2026-13916: Inappropriate implementation in Chrome for iOS. Reported by Google. - CVE-2026-13917: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google. - CVE-2026-13918: Use after free in Chrome for iOS. Reported by Google. - CVE-2026-13919: Insufficient data validation in Extensions. Reported by Google. - CVE-2026-14393: Use after free in V8. Reported by Google. - CVE-2026-13920: Insufficient validation of untrusted input in Media. Reported by Google. - CVE-2026-13921: Insufficient validation of untrusted input in DeviceBoundSessionCredentials. Reported by Google. - CVE-2026-13922: Side-channel information leakage in Paint. Reported by Google. - CVE-2026-13923: Uninitialized Use in GPU. Reported by Google. - CVE-2026-14397: Out of bounds write in ANGLE. Reported by Google. - CVE-2026-13924: Insufficient validation of untrusted input in WebView. Reported by Google. - CVE-2026-13925: Inappropriate implementation in Downloads. Reported by Google. - CVE-2026-13926: Insufficient validation of untrusted input in Network. Reported by Google. - CVE-2026-13927: Insufficient validation of untrusted input in UI. Reported by Google. - CVE-2026-13928: Insufficient validation of untrusted input in Enterprise. Reported by Google. - CVE-2026-13929: Insufficient validation of untrusted input in DevTools. Reported by LegioSec. - CVE-2026-13930: Insufficient policy enforcement in Actor. Reported by Google. - CVE-2026-13931: Inappropriate implementation in Media. Reported by Google. - CVE-2026-13932: Inappropriate implementation in Sharing. Reported by Google. - CVE-2026-13933: Insufficient policy enforcement in Passwords. Reported by Google. - CVE-2026-13934: Insufficient validation of untrusted input in Dawn. Reported by Google. - CVE-2026-14399: Uninitialized Use in Dawn. Reported by Google. - CVE-2026-13935: Side-channel information leakage in ComputePressure. Reported by Google. - CVE-2026-13936: Inappropriate implementation in Passwords. Reported by Google. - CVE-2026-13937: Insufficient policy enforcement in Passwords. Reported by Google. - CVE-2026-13938: Integer overflow in Fonts. Reported by Google. - CVE-2026-13939: Insufficient validation of untrusted input in WebShare. Reported by Google. - CVE-2026-13940: Uninitialized Use in Cast. Reported by Google. - CVE-2026-13941: Inappropriate implementation in SiteSettings. Reported by Google. - CVE-2026-13942: Insufficient validation of untrusted input in Video Capture. Reported by Google. - CVE-2026-13943: Uninitialized Use in CSS. Reported by Google. - CVE-2026-13944: Inappropriate implementation in DataTransfer. Reported by Google. - CVE-2026-13945: Insufficient policy enforcement in Extensions. Reported by Google. - CVE-2026-13946: Inappropriate implementation in ScriptInjections. Reported by Google. - CVE-2026-13947: Uninitialized Use in XR. Reported by Google. - CVE-2026-13948: Insufficient policy enforcement in Extensions. Reported by Google. - CVE-2026-13949: Insufficient policy enforcement in Payments. Reported by Google. - CVE-2026-14404: Inappropriate implementation in PDFium. Reported by Google. - CVE-2026-13950: Uninitialized Use in GPU. Reported by Google. - CVE-2026-13951: Policy bypass in USB. Reported by Google. - CVE-2026-13952: Inappropriate implementation in PerformanceAPIs. Reported by Google. - CVE-2026-14406: Out of bounds read in V8. Reported by Google. - CVE-2026-13953: Inappropriate implementation in SplitView. Reported by Google. - CVE-2026-13954: Insufficient policy enforcement in XML. Reported by Google. - CVE-2026-13955: Insufficient validation of untrusted input in CustomTabs. Reported by Google. - CVE-2026-13956: Incorrect security UI in PageInfo. Reported by Google. - CVE-2026-13957: Incorrect security UI in Extensions. Reported by Google - CVE-2026-13958: Uninitialized Use in Codecs. Reported by Google. - CVE-2026-14407: Inappropriate implementation in V8. Reported by Google. - CVE-2026-13959: Insufficient validation of untrusted input in Blink. Reported by Google. - CVE-2026-13960: Inappropriate implementation in Passwords. Reported by Google. - CVE-2026-13961: Insufficient validation of untrusted input in DevTools. Reported by Google. - CVE-2026-13962: Insufficient data validation in PDF. Reported by Google - CVE-2026-13963: Inappropriate implementation in DevTools. Reported by Google. - CVE-2026-13964: Insufficient policy enforcement in WebView. Reported by Google. - CVE-2026-13965: Use after free in Oilpan. Reported by Google. - CVE-2026-13966: Inappropriate implementation in History. Reported by Google. - CVE-2026-13967: Type Confusion in V8. Reported by Google. - CVE-2026-13968: Insufficient validation of untrusted input in DevTools. Reported by Google. - CVE-2026-13969: Uninitialized Use in UI. Reported by Google. - CVE-2026-13970: Uninitialized Use in Media. Reported by Google. - CVE-2026-13971: Uninitialized Use in Skia. Reported by Google. - CVE-2026-13972: Inappropriate implementation in Paint. Reported by Google. - CVE-2026-13973: Inappropriate implementation in UI. Reported by Google. - CVE-2026-13974: Integer overflow in Safe Browsing. Reported by Google. - CVE-2026-13975: Out of bounds read in ANGLE. Reported by Google. - CVE-2026-13976: Heap buffer overflow in Storage. Reported by Google. - CVE-2026-13977: Inappropriate implementation in HTMLParser. Reported by Google. - CVE-2026-13978: Insufficient policy enforcement in PageInfo. Reported by Google. - CVE-2026-14414: Insufficient validation of untrusted input in Skia. Reported by Google. - CVE-2026-13979: Inappropriate implementation in Paint. Reported by Google. - CVE-2026-13980: Incorrect security UI in Chrome for iOS. Reported by Google. - CVE-2026-13981: Inappropriate implementation in Chrome for iOS. Reported by Google. - CVE-2026-13982: Incorrect security UI in Passwords. Reported by Google. - CVE-2026-13983: Incorrect security UI in Chrome for iOS. Reported by Google. - CVE-2026-13984: Incorrect security UI in TabStrip. Reported by Google. - CVE-2026-13985: Inappropriate implementation in MediaCapture. Reported by Google. - CVE-2026-13986: Inappropriate implementation in Media UI. Reported by Google. - CVE-2026-13987: Incorrect security UI in Mobile. Reported by Google. - CVE-2026-13988: Inappropriate implementation in Paint. Reported by Google. - CVE-2026-13989: Insufficient policy enforcement in PageInfo. Reported by Google. - CVE-2026-13990: Insufficient validation of untrusted input in DataTransfer. Reported by Google. - CVE-2026-13991: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google. - CVE-2026-13992: Inappropriate implementation in UI. Reported by Google. - CVE-2026-13993: Incorrect security UI in WebAppInstalls. Reported by Google. - CVE-2026-13994: Inappropriate implementation in Credential Management. Reported by Google. - CVE-2026-13995: Insufficient validation of untrusted input in Autofill. Reported by Google. - CVE-2026-13996: Incorrect security UI in Permissions. Reported by Google. - CVE-2026-13997: Incorrect security UI in Extensions. Reported by Google - CVE-2026-13998: Incorrect security UI in File Input. Reported by Google - CVE-2026-13999: Inappropriate implementation in Extensions. Reported by Google. - CVE-2026-14000: Inappropriate implementation in XML. Reported by Google - CVE-2026-14001: Inappropriate implementation in Network. Reported by Google. - CVE-2026-14002: Inappropriate implementation in Geolocation. Reported by Google. - CVE-2026-14003: Insufficient policy enforcement in Extensions. Reported by Google. - CVE-2026-14004: Inappropriate implementation in CSS. Reported by Google - CVE-2026-14005: Use after free in Omnibox. Reported by Google. - CVE-2026-14006: Use after free in Navigation. Reported by Google. - CVE-2026-14007: Insufficient policy enforcement in PermissionsPolicy. Reported by Google. - CVE-2026-14008: Uninitialized Use in WebXR. Reported by Google. - CVE-2026-14009: Insufficient data validation in Passwords. Reported by Google. - CVE-2026-14010: Uninitialized Use in Codecs. Reported by Google. - CVE-2026-14011: Out of bounds read in SurfaceCapture. Reported by Google. - CVE-2026-14421: Uninitialized Use in Dawn. Reported by Google. - CVE-2026-14012: Side-channel information leakage in CSS. Reported by Google. - CVE-2026-14013: Inappropriate implementation in SVG. Reported by Google - CVE-2026-14014: Inappropriate implementation in Paint. Reported by Google. - CVE-2026-14015: Inappropriate implementation in WebRTC. Reported by Google. - CVE-2026-14016: Insufficient policy enforcement in SVG. Reported by Google. - CVE-2026-14017: Inappropriate implementation in Navigation. Reported by Google. - CVE-2026-14018: Use after free in Updater. Reported by Google. - CVE-2026-14019: Inappropriate implementation in Passwords. Reported by Google. - CVE-2026-14020: Insufficient validation of untrusted input in WebXR. Reported by Google. - CVE-2026-14021: Insufficient validation of untrusted input in StorageAccessAPI. Reported by Google. - CVE-2026-14022: Insufficient validation of untrusted input in Network. Reported by Google. - CVE-2026-14023: Insufficient validation of untrusted input in SanitizerAPI. Reported by Google. - CVE-2026-14024: Use after free in Ozone. Reported by Google. - CVE-2026-14432: Use after free in V8. Reported by Google. - CVE-2026-14025: Use after free in Views. Reported by asjidkalam. - CVE-2026-14026: Incorrect security UI in SplitView. Reported by adisahilna35@gmail.com. - CVE-2026-14027: Use after free in SignIn. Reported by Sven Dysthe (@svn-dys). - CVE-2026-14028: Incorrect security UI in Chrome for iOS. Reported by Ameen Basha M K. - CVE-2026-14030: Incorrect security UI in SplitView. Reported by Khalil Zhani. - CVE-2026-14031: Incorrect security UI in File Input. Reported by Google - CVE-2026-14032: Use after free in Bluetooth. Reported by Google. - CVE-2026-14033: Insufficient policy enforcement in Media. Reported by Google. - CVE-2026-14034: Inappropriate implementation in WebXR. Reported by Google. - CVE-2026-14035: Insufficient policy enforcement in Bluetooth. Reported by Google. - CVE-2026-14036: Insufficient policy enforcement in Bluetooth. Reported by Google. - CVE-2026-14037: Insufficient policy enforcement in GPU. Reported by Google. - CVE-2026-14038: Insufficient validation of untrusted input in New Tab Page. Reported by Google. - CVE-2026-14039: Insufficient policy enforcement in GetUserMedia. Reported by Google. - CVE-2026-14040: Use after free in BrowserTag. Reported by Google. - CVE-2026-14041: Insufficient policy enforcement in Serial. Reported by Google. - CVE-2026-14042: Inappropriate implementation in Isolated Web Apps. Reported by Google. - CVE-2026-14043: Use after free in GetUserMedia. Reported by Google. - CVE-2026-14044: Use after free in ANGLE. Reported by Google. - CVE-2026-14045: Insufficient validation of untrusted input in Network. Reported by Google. - CVE-2026-14046: Inappropriate implementation in CustomTabs. Reported by Google. - CVE-2026-14047: Insufficient policy enforcement in Extensions. Reported by Google. - CVE-2026-14048: Use after free in Chromecast. Reported by Google. - CVE-2026-14049: Inappropriate implementation in GPU. Reported by Google - CVE-2026-14050: Insufficient policy enforcement in Passwords. Reported by Google. - CVE-2026-14051: Uninitialized Use in GamepadAPI. Reported by Google. - CVE-2026-14052: Insufficient policy enforcement in FileSystem. Reported by Google. - CVE-2026-14053: Insufficient policy enforcement in Extensions. Reported by Google. - CVE-2026-14054: Insufficient policy enforcement in Network. Reported by Google. - CVE-2026-14055: Insufficient validation of untrusted input in Device Trust. Reported by Google. - CVE-2026-14056: Insufficient validation of untrusted input in Media. Reported by Google. - CVE-2026-14057: Insufficient policy enforcement in FedCM. Reported by Google. - CVE-2026-14058: Policy bypass in Parser. Reported by Google. - CVE-2026-14059: Insufficient policy enforcement in Related-Website-Sets. Reported by Google. - CVE-2026-14060: Insufficient validation of untrusted input in Chromoting. Reported by Google. - CVE-2026-14061: Inappropriate implementation in Dawn. Reported by Google. - CVE-2026-14062: Inappropriate implementation in Views. Reported by Google. - CVE-2026-14063: Out of bounds memory access in Chromecast. Reported by Google. - CVE-2026-14064: Use after free in PageInfo. Reported by Google. - CVE-2026-14065: Insufficient validation of untrusted input in PageInfo. Reported by Google. - CVE-2026-14066: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google. - CVE-2026-14067: Use after free in Chrome for iOS. Reported by Google. - CVE-2026-14068: Inappropriate implementation in Omnibox. Reported by Google. - CVE-2026-14069: Integer overflow in WebNN. Reported by Google. - CVE-2026-14070: Uninitialized Use in WebNN. Reported by Google. - CVE-2026-14071: Side-channel information leakage in WebAudio. Reported by Google. - CVE-2026-14072: Incorrect security UI in SplitView. Reported by FARISSAL B. - CVE-2026-14073: Insufficient policy enforcement in WebXR. Reported by Google. - CVE-2026-14394: Use after free in V8. Reported by Google. - CVE-2026-14395: Out of bounds write in V8. Reported by Google. - CVE-2026-14074: Side-channel information leakage in WebAuthentication. Reported by Google. - CVE-2026-14075: Policy bypass in Chrome for iOS. Reported by Google. - CVE-2026-14076: Policy bypass in Network. Reported by Google. - CVE-2026-14077: Incorrect security UI in Select. Reported by pwn.ai. - CVE-2026-14078: Policy bypass in WebRTC. Reported by Google. - CVE-2026-14079: Policy bypass in Network. Reported by Google. - CVE-2026-14080: Insufficient validation of untrusted input in TabSwitcher. Reported by Google. - CVE-2026-14081: Insufficient policy enforcement in DevTools. Reported by Google. - CVE-2026-14082: Race in Storage. Reported by Google. - CVE-2026-14083: Insufficient validation of untrusted input in HTML. Reported by Google. - CVE-2026-14084: Insufficient validation of untrusted input in Chromoting. Reported by Google. - CVE-2026-14085: Side-channel information leakage in CSS. Reported by Google. - CVE-2026-14086: Insufficient policy enforcement in HID. Reported by Google. - CVE-2026-14087: Insufficient validation of untrusted input in WebNN. Reported by Google. - CVE-2026-14088: Uninitialized Use in Canvas. Reported by Google. - CVE-2026-14089: Insufficient validation of untrusted input in PopupBlocker. Reported by Google. - CVE-2026-14090: Out of bounds read in CameraCapture. Reported by Google - CVE-2026-14091: Use after free in DevTools. Reported by Google. - CVE-2026-14092: Insufficient policy enforcement in Privacy. Reported by Google. - CVE-2026-14093: Use after free in Cast. Reported by Google. - CVE-2026-14094: Use after free in Installer. Reported by Google. - CVE-2026-14095: Insufficient validation of untrusted input in Browser. Reported by Google. - CVE-2026-14403: Use after free in V8. Reported by Google. - CVE-2026-14096: Object lifecycle issue in Input. Reported by Google. - CVE-2026-14097: Inappropriate implementation in WebAppInstalls. Reported by Google. - CVE-2026-14098: Inappropriate implementation in CSS. Reported by Google - CVE-2026-14405: Uninitialized Use in V8. Reported by Google. - CVE-2026-14099: Use after free in Chrome for iOS. Reported by Google. - CVE-2026-14100: Insufficient data validation in NetworkCache. Reported by Google. - CVE-2026-14101: Insufficient policy enforcement in Sandbox. Reported by Google. - CVE-2026-14102: Use after free in Passwords. Reported by Google. - CVE-2026-14103: Use after free in SSL. Reported by Google. - CVE-2026-14104: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google. - CVE-2026-14105: Insufficient policy enforcement in Speech. Reported by Google. - CVE-2026-14106: Insufficient validation of untrusted input in Text. Reported by Google. - CVE-2026-14107: Use after free in Scheduling. Reported by Google. - CVE-2026-14108: Use after free in PDFium. Reported by Google. - CVE-2026-14109: Insufficient policy enforcement in Mojo. Reported by Google. - CVE-2026-14110: Inappropriate implementation in DarkMode. Reported by Google. - CVE-2026-14111: Use after free in WebProtect. Reported by Google. - CVE-2026-14112: Inappropriate implementation in Enterprise. Reported by Google. - CVE-2026-14113: Use after free in Updater. Reported by Google. - CVE-2026-14114: Inappropriate implementation in WebAppInstalls. Reported by Google. - CVE-2026-14115: Insufficient validation of untrusted input in Cast. Reported by Google. - CVE-2026-14116: Insufficient validation of untrusted input in DevTools. Reported by Google. - CVE-2026-14117: Insufficient validation of untrusted input in DevTools. Reported by Google. - CVE-2026-14118: Insufficient data validation in DevTools. Reported by Google. - CVE-2026-14119: Type Confusion in Bluetooth. Reported by Google. - CVE-2026-14120: Inappropriate implementation in DevTools. Reported by Google. - CVE-2026-14121: Use after free in Chromoting. Reported by Google. - CVE-2026-14409: Inappropriate implementation in V8. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab. - CVE-2026-14122: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google. - CVE-2026-14410: Inappropriate implementation in Skia. Reported by Google. - CVE-2026-14123: Incorrect security UI in Chrome for iOS. Reported by Google. - CVE-2026-14124: Inappropriate implementation in CredentialProvider. Reported by Google. - CVE-2026-14125: Uninitialized Use in ANGLE. Reported by Google. - CVE-2026-14126: Incorrect security UI in UI. Reported by Google. - CVE-2026-14127: Inappropriate implementation in Printing. Reported by Google. - CVE-2026-14128: Insufficient data validation in Chrome for iOS. Reported by Google. - CVE-2026-14129: Incorrect security UI in PreviewTab. Reported by Google - CVE-2026-14130: Incorrect security UI in Omnibox. Reported by Google. - CVE-2026-14131: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google. - CVE-2026-14132: Inappropriate implementation in WebXR. Reported by Google. - CVE-2026-14133: Race in History Embeddings. Reported by Google. - CVE-2026-14134: Inappropriate implementation in Autofill. Reported by Google. - CVE-2026-14135: Insufficient validation of untrusted input in Network. Reported by Google. - CVE-2026-14136: Incorrect security UI in Chrome for iOS. Reported by Google. - CVE-2026-14137: Insufficient validation of untrusted input in Chrome for iOS. Reported by Google. - CVE-2026-14138: Inappropriate implementation in WebAppInstalls. Reported by Google. - CVE-2026-14139: Inappropriate implementation in TabStrip. Reported by Google. - CVE-2026-14140: Insufficient validation of untrusted input in Input. Reported by Google. - CVE-2026-14141: Incorrect security UI in Document Picture-in-Picture. Reported by Google. - CVE-2026-14142: Inappropriate implementation in Extensions. Reported by Google. - CVE-2026-14143: Incorrect security UI in Passwords. Reported by Google. - CVE-2026-14144: Incorrect security UI in Views. Reported by Google. - CVE-2026-14145: Inappropriate implementation in CSS. Reported by Google - CVE-2026-14146: Inappropriate implementation in CSS. Reported by Google - CVE-2026-14147: Inappropriate implementation in CSS. Reported by Google - CVE-2026-14415: Inappropriate implementation in V8. Reported by Google. - CVE-2026-14148: Type Confusion in CSS. Reported by Google. - CVE-2026-14149: Use after free in Audio. Reported by Google. - CVE-2026-14416: Out of bounds read in Dawn. Reported by Google. - CVE-2026-14150: Insufficient validation of untrusted input in Speech. Reported by Google. - CVE-2026-14151: Inappropriate implementation in AI. Reported by Google. - CVE-2026-14152: Out of bounds write in ANGLE. Reported by Google. - CVE-2026-14153: Inappropriate implementation in Glic. Reported by Google. - CVE-2026-14154: Inappropriate implementation in DevTools. Reported by Google. - CVE-2026-14155: Insufficient policy enforcement in StorageAccessAPI. Reported by Google. - CVE-2026-14156: Policy bypass in StorageAccessAPI. Reported by Google. - CVE-2026-13281: Integer overflow in Mojo. Reported by Google. - CVE-2026-13282: Use after free in Payments. Reported by Google. - CVE-2026-13283: Use after free in AdFilter. Reported by Google. * d/copyright: - delete third_party/webpagereplay/. - delete tsgo (typescript compiler in Go) binary. * d/patches: - upstream/0001-Fix-build-for-CPU-yield-on-LoongArch.patch: drop, merged upstream. - disable/android.patch: drop, merged upstream. - debianization/clang-version.patch: refresh. - fixes/libcpp-headers.patch: rework parts of the patch due to upstream changes. - disable/catapult.patch: refresh. - disable/tests.patch: refresh. - llvm-19/clang19.patch: refresh. - trixie/gn-expand-dir-allowlist.patch: refresh. - ungoogled/disable-ai.patch: sync from u-c. - ungoogled/remove-navigation-source-param.patch: sync from u-c. - i386/support-i386.patch: refresh. - upstream/sysroot.patch: add a new build fix pulled from upstream. - upstream/ar-path1.patch, upstream/ar-path2.patch: add two more vendoring-related build fixes from upstream. - trixie/gn-additional-outputs.patch: add patch to partially revert usage of a newer generate-ninja feature. - llvm-19/i18n-builder-enum.patch: add a workaround for clang-19 being confused between a class declaration (with default template parameter) and definition. - llvm-19/00*-revert-v8-libm.patch: add 9 patches backing out usage of internal libc++/libm symbols; this requires a newer llvm than we have. - llvm-19/value-or.patch: work around more places where value_or() can't figure out the type of a passed init value. - trixie/node20-compat.patch: break out part of Daniel's node18-compat.patch (below) into one for trixie that also fixes nodejs 20 issues [trixie, bookworm]. - rust-1.85/std-from-utf8.patch: add workaround for str::from_utf8 added in 1.87 [trixie, bookworm]. - trixie/bindgen-boringssl.patch: add workaround for older bindgen [trixie, bookworm]. . [ Daniel Richard G. ] * d/patches: - bookworm/gn-absl.patch: Refresh [bookworm]. - bookworm/gn-funcs.patch: Zap new usage of filter_labels_include() [bookworm]. - bookworm/node18-compat.patch: Fix more cases of nodejs v18 breakage [bookworm]. - trixie/gn-module-name.patch: add more spots where the workaround is needed [trixie, bookworm]. . [ Jianfeng Liu ] * d/patches: - upstream/libyuv-loongarch-fix-row_lsx.cc-and-row_lasx.cc.patch: Fix build for libyuv loongarch64. - loongarch64/0015-ffmpeg-support-for-loongarch.patch: Refresh. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: refresh for upstream changes - fixes/fix-rust-linking.patch: refresh for upstream changes - fixes/fix-breakpad-compile.patch: refresh for upstream changes - third_party/dawn-fix-ppc64le-detection.patch: refresh for upstream changes - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for upstream changes Checksums-Sha1: 82dd2383e376fc4883b137cee2150726aa8e6718 5846776 chromium-common-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 79ac4bd1af4ae8b7d0f642673acd45cc7ffe5f31 26401808 chromium-common_150.0.7871.46-1~deb13u1_armhf.deb 8d107563897a11d0b639300706be8062ce2b929d 36102088 chromium-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb ab1f07fb912178b577dc49f8b9dd07dc8eda925a 7558000 chromium-driver_150.0.7871.46-1~deb13u1_armhf.deb 26c3430b54f44a043826b29b71c94d6296c34bad 28034964 chromium-headless-shell-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 076912c18419ce21c701d84432b7182b3821a920 55625980 chromium-headless-shell_150.0.7871.46-1~deb13u1_armhf.deb b078f3ed02d57ca0ea5d7cda10042cac8aa06b7c 19260 chromium-sandbox-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 52ae97f51e3cce8197f66e0aea369d909747b62f 130924 chromium-sandbox_150.0.7871.46-1~deb13u1_armhf.deb 80783e664f90fb8d14113ef267b8fe138c427560 30568652 chromium-shell-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 36f1eba34f1c2e9417621d747719c2a858ba7512 61164052 chromium-shell_150.0.7871.46-1~deb13u1_armhf.deb 1ee1ba2c77517ba26aaac621e510be57ffb77b3e 30656 chromium_150.0.7871.46-1~deb13u1_armhf-buildd.buildinfo f59fa7a8f2c2e7112d003144176016e1a7d00add 73040256 chromium_150.0.7871.46-1~deb13u1_armhf.deb Checksums-Sha256: f5ebc5014218726de28b56355ce266a9847eb007772c28e1f650aa079f742483 5846776 chromium-common-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb b6aa4684eb904f8fa993e616635e6f4d6a37fa3c9cd8caf2d1e8cdff0e525138 26401808 chromium-common_150.0.7871.46-1~deb13u1_armhf.deb ad1aff6c98d9614405e2e3d97ca659c737038ba2f382375ba86312ae84937779 36102088 chromium-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 7cc9beeea68f3caa076d949c4f68d873f5b2f19a051f888c0479f3589284d3ab 7558000 chromium-driver_150.0.7871.46-1~deb13u1_armhf.deb 23cc3fcc6178a4c97a31ea379beb0048e6b782125f1aa44770c29855554267fe 28034964 chromium-headless-shell-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 89f344dc9b5247c1796615f9be92a812daea492b9a990c16fe504d6c9e4f10c2 55625980 chromium-headless-shell_150.0.7871.46-1~deb13u1_armhf.deb e8d4b3ab4d44164cf902ac7cca61a15d7394df14fa59c0072c2b98532088e1e3 19260 chromium-sandbox-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 86343455dbd3abc48beaecd46c4cbc817262274dc64a30590b2ee3f53657fecf 130924 chromium-sandbox_150.0.7871.46-1~deb13u1_armhf.deb 3b1aa558c2ac618a76131501747af2bc74949d0e238035bd51523f4b60c16cf5 30568652 chromium-shell-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb ac52c3dbe03a98a48eb1b0372ae0d6d68c3f1adf894ca9fe864e7f07d49bb425 61164052 chromium-shell_150.0.7871.46-1~deb13u1_armhf.deb 6506ce1d156f36c02e109186e61c37a4bfdc957e86dc87a0438dcb6e24964a6a 30656 chromium_150.0.7871.46-1~deb13u1_armhf-buildd.buildinfo 83b688867623d4d854dd45df54dd334dc53272034cfdc094fbbf8c3f7149f727 73040256 chromium_150.0.7871.46-1~deb13u1_armhf.deb Files: 349a89037297440c5e69f4810bfa126f 5846776 debug optional chromium-common-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 01f129173074d5c36332f39d9525a8a1 26401808 web optional chromium-common_150.0.7871.46-1~deb13u1_armhf.deb a913a7944ff549a32ea96b649098b369 36102088 debug optional chromium-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb ebe5b2c8edd2fa2e53647fdccb88a788 7558000 web optional chromium-driver_150.0.7871.46-1~deb13u1_armhf.deb 06c7259e041407767c2305702766bfb7 28034964 debug optional chromium-headless-shell-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 13a48525bd3a74cc61f23f735db29c10 55625980 web optional chromium-headless-shell_150.0.7871.46-1~deb13u1_armhf.deb a3bd23d6c3b469ee1dce98f0e0e6c796 19260 debug optional chromium-sandbox-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb a2d8e2842c7f75bd95e1e90e67104538 130924 web optional chromium-sandbox_150.0.7871.46-1~deb13u1_armhf.deb 08be47e48f9d9f0306007b99c1d31e69 30568652 debug optional chromium-shell-dbgsym_150.0.7871.46-1~deb13u1_armhf.deb 0934f25010fa2577e4231714fc3975fe 61164052 web optional chromium-shell_150.0.7871.46-1~deb13u1_armhf.deb a71b5afbaad44df161f30b4599bbf02d 30656 web optional chromium_150.0.7871.46-1~deb13u1_armhf-buildd.buildinfo 5cefceb46733555bbdf999748b8a8ddd 73040256 web optional chromium_150.0.7871.46-1~deb13u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEECx5fXZYVNP9tMtwlK1PZBedPspoFAmpKEH4ACgkQK1PZBedP spoTqw/+InMwQJw1IVpSrmhUTSLl8ZdJOb7eRSINvSQhI3iulFTKDmt+AHgpJLgI kEQq6ACYY0Lun2xcPc5QWL+GPDu9KP46kxYgeI3br2nspel2dnNbBcCWUqgpPrr0 QAy/pLaAH60HBs/p3LbrWXJqGbVSz7hdIc/4OYVGG/skFfDoH7IvGiCJKQ82l5O9 27BkKA0S6MBbNthDrmPU7q7S89RlQGmoj8dk+AuyMklMSM5woG1ISaTY5CeEP68y okXV8pzuc4/CBOfLCnR0gALfBWil2mekGR97oLxW1Fll3+GY8OR2+89GmQ83nEAU 7kCjkSBnaEpMa9lS5ffsNmEI8O72PV3+EN/6i9uiMjFtDGuKP2QCrkTBNVhX6Lqf rU8BLvrSIyFbJDFkGkAEY0ZvzYOGwZb6WiFYd1D5IjVn9g+Hzae3kYaOIeYmvsw8 gE5vzmfZDLjnow/tR274aXkScQmwd2QJS0ssphf39chJUqBk+YaonP/6GCCDLVuX RXfpp+jVQNoSHbG/99BgiaWFd2Lp95vR+7ligYpjoMUJqDpDLoFq90nE9NcxwKem o83P2RDS5QQldpF7BWQxAfATpl5XpySTu9Vn5U624fVa6t0TZhhk3iq/N+CGufcY RjkVyqA1owUu/zsAi+lBW7vRNi0JmECEKOaBGMkZv32gKef1GZI= =sthk -----END PGP SIGNATURE-----