-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Apr 2026 03:34:02 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 147.0.7727.55-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1132651
Changes:
 chromium (147.0.7727.55-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-5858: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5859: Integer overflow in WebML. Reported by Anonymous.
     - CVE-2026-5860: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5861: Use after free in V8. Reported by 5shain.
     - CVE-2026-5862: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5863: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse.
     - CVE-2026-5865: Type Confusion in V8.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-5866: Use after free in Media.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse.
     - CVE-2026-5868: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-5869: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5870: Integer overflow in Skia. Reported by Google.
     - CVE-2026-5871: Type Confusion in V8. Reported by Google.
     - CVE-2026-5872: Use after free in Blink. Reported by Google.
     - CVE-2026-5873: Out of bounds read and write in V8. Reported by Google.
     - CVE-2026-5874: Use after free in PrivateAI. Reported by Krace.
     - CVE-2026-5875: Policy bypass in Blink.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5876: Side-channel information leakage in Navigation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5877: Use after free in Navigation.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2026-5878: Incorrect security UI in Blink.
       Reported by Shaheen Fazim.
     - CVE-2026-5879: Insufficient validation of untrusted input in ANGLE.
       Reported by parkminchan, working for SSD Labs Korea.
     - CVE-2026-5880: Incorrect security UI in browser UI.
     - CVE-2026-5881: Policy bypass in LocalNetworkAccess. Reported by asnine.
     - CVE-2026-5882: Incorrect security UI in Fullscreen.
     - CVE-2026-5883: Use after free in Media. Reported by sherkito.
     - CVE-2026-5884: Insufficient validation of untrusted input in Media.
       Reported by xmzyshypnc.
     - CVE-2026-5885: Insufficient validation of untrusted input in WebML.
       Reported by Bryan Bernhart.
     - CVE-2026-5886: Out of bounds read in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5887: Insufficient validation of untrusted input in Downloads.
       Reported by daffainfo.
     - CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by
       the Octane Security Team: Giovanni Vignone, Paolo Gentry,
       Robert van Eijk.
     - CVE-2026-5889: Cryptographic Flaw in PDFium. Reported by mlafon.
     - CVE-2026-5890: Race in WebCodecs. Reported by Casper Woudenberg.
     - CVE-2026-5891: Insufficient policy enforcement in browser UI.
       Reported by Tianyi Hu.
     - CVE-2026-5892: Insufficient policy enforcement in PWAs.
       Reported by Tianyi Hu.
     - CVE-2026-5893: Race in V8. Reported by QYmag1c.
     - CVE-2026-5894: Inappropriate implementation in PDF.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5895: Incorrect security UI in Omnibox.
       Reported by Renwa Hiwa @RenwaX23.
     - CVE-2026-5896: Policy bypass in Audio.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5897: Incorrect security UI in Downloads.
       Reported by Farras Givari.
     - CVE-2026-5898: Incorrect security UI in Omnibox.
       Reported by saidinahikam032.
     - CVE-2026-5899: Incorrect security UI in History Navigation.
       Reported by Islam Rzayev.
     - CVE-2026-5900: Policy bypass in Downloads.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5901: Policy bypass in DevTools.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5902: Race in Media. Reported by Luke Francis.
     - CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands.
     - CVE-2026-5904: Use after free in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-5905: Incorrect security UI in Permissions.
       Reported by daffainfo.
     - CVE-2026-5906: Incorrect security UI in Omnibox.
       Reported by mohamedhesham9173.
     - CVE-2026-5907: Insufficient data validation in Media.
       Reported by Luke Francis.
     - CVE-2026-5908: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5909: Integer overflow in Media.
       Reported by Mohammed Yasar B & Ameen Basha M K.
     - CVE-2026-5910: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5911: Policy bypass in ServiceWorkers. Reported by lebr0nli
       of National Yang Ming Chiao Tung University, Dept. of CS, Security
       and Systems Lab.
     - CVE-2026-5912: Integer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5913: Out of bounds read in Blink.
       Reported by Vitaly Simonovich.
     - CVE-2026-5914: Type Confusion in CSS. Reported by Syn4pse.
     - CVE-2026-5915: Insufficient validation of untrusted input in WebML.
       Reported by ningxin.hu@intel.com.
     - CVE-2026-5918: Inappropriate implementation in Navigation.
       Reported by Google.
     - CVE-2026-5919: Insufficient validation of untrusted input in WebSockets.
       Reported by Richard Belisle.
   * d/patches:
     - upstream/profile.patch: drop, merged upstream.
     - upstream/fix-boringssl-loong64.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/unrar.patch: drop, merged upstream.
     - trixie/nodejs-set-intersection.patch: update for upstream refactoring.
     - bookworm/clang19.patch: -fno-lifetime-dse is unsupported. Also move
       to llvm-19 directory.
     - ungoogled/disable-ai.patch: sync from ungoogled-chromium project.
       Also re-add code that creates new tab's search bar (closes: #1132651).
     - debianization/safe-libcxx.patch: add a patch to force building with
       libc++'s LIBCPP_HARDENING_MODE turned on. See
       https://issues.chromium.org/issues/485696265 for the
       (security-related) rationale.
     - llvm-19/static-assert.patch: add another chunk of static_assert()
       removals that clang 19 needs.
     - rust-1.85/image.patch: enable nightly features for image_v0.25
       [trixie, bookworm].
     - bookworm/constexpr.patch: update/refresh for renamed file [bookworm].
   * d/rules:
     - drop "enable_glic=false", as upstream now forces their AI on everyone;
       but we strip it out with ungoogled/disable-ai.patch.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - bookworm/gn-absl.patch: Add visibility specifier to absl/crc:crc32,
       and re-sort the patch to keep the edits organized.
     - trixie/gn-len.patch: Refresh.
     - trixie/gn-module-name.patch: New patch to address older GN not knowing
       about the {{cc_module_name}} substitution [trixie, bookworm].
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: regenerate
 .
   [ Jianfeng Liu ]
   * d/patches/loongarch64:
     - 0024-disable-BROTLI_MODEL-macro-for-some-targets.patch: add upstream
       patch to fix brotil on loong64
Checksums-Sha1:
 6586ab61cfe05290278c68edffe6d0a6ae8d4240 5316876 chromium-common-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 f9e68d62920ee76878201d3da90fd78354f70743 25382144 chromium-common_147.0.7727.55-1~deb12u1_i386.deb
 72ab74a70a0715749a02992591e049594cf0813f 35888412 chromium-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 fefb67a31dc0c5f5d74606cf4d2474fb4dc8f6e9 7882100 chromium-driver_147.0.7727.55-1~deb12u1_i386.deb
 61945bf1cb1bd0eea584360ed21996d2f300041b 29650200 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 709e5c78d9e2cd595befd2848541dcfd2d3ebe5b 58745656 chromium-headless-shell_147.0.7727.55-1~deb12u1_i386.deb
 987c18a07dd2f1d738f82230a197bae1984f8ff8 17824 chromium-sandbox-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 bbfa53f433cbce0d1e0996683074b23fbd534f16 115640 chromium-sandbox_147.0.7727.55-1~deb12u1_i386.deb
 1ca581483520f0c4d781278d2e8004c202a80500 32461516 chromium-shell-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 332f4ee3cf9e39e4b557124df965dfd6363892fb 64113380 chromium-shell_147.0.7727.55-1~deb12u1_i386.deb
 1b99fa24439c278078cea651a6ea2c328a52d8d2 30369 chromium_147.0.7727.55-1~deb12u1_i386-buildd.buildinfo
 3874f43d2d1d438d005e52dbf4e2317034516eee 76814040 chromium_147.0.7727.55-1~deb12u1_i386.deb
Checksums-Sha256:
 ea28087429c5cc507ce748cd76209c32c24b0baf4c6873f7c6e4f289e0c12737 5316876 chromium-common-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 30af6b062ce901623349b27c5ed5ead64c6ebbc55759d1231ac2ee0ed6b25b3d 25382144 chromium-common_147.0.7727.55-1~deb12u1_i386.deb
 07031029701e0992e479183807b4929de20f7e7f2bca4d3ee246e5d8eebfed97 35888412 chromium-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 fd34ede3c402d9c915edd04f5a99842cd4ec0f3c6c76c5a6af610deda5a4b188 7882100 chromium-driver_147.0.7727.55-1~deb12u1_i386.deb
 0c375d7c0a6ece90a8af20054620f2e14b458c0b3f3708a4cf6672ba8b14868f 29650200 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 e90727fc3dbb489a853d7547d96066b913541089d11505eda09883f4b31b2b19 58745656 chromium-headless-shell_147.0.7727.55-1~deb12u1_i386.deb
 0c636957c5555e7a43e7588517fdcf1899bc03699a521c0f745c7424ec3e9340 17824 chromium-sandbox-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 68c738b0a9728099942d810ac3d9d1bd8b64bdc8831416d91b1e9288311876b1 115640 chromium-sandbox_147.0.7727.55-1~deb12u1_i386.deb
 fe7e1b4dc44d3cee62b03a21dc9e08f17a7e6e759fe8a11262a78123672b7616 32461516 chromium-shell-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 c0b49c5a5649a259703b9167aaa311434aef598579cb1c904064843972eaf936 64113380 chromium-shell_147.0.7727.55-1~deb12u1_i386.deb
 3837e3f807921dc7734af3fc755f2862f591a58dd391ea9f054091bd31e26a28 30369 chromium_147.0.7727.55-1~deb12u1_i386-buildd.buildinfo
 efc603ef1be4c1aee6e8f22bff9acaae5ab07fc8279eef3dbf18360932007e64 76814040 chromium_147.0.7727.55-1~deb12u1_i386.deb
Files:
 9a24a9c5d02e4bafb4d5aaa41514a78f 5316876 debug optional chromium-common-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 bd79e7ca21eafc2e67c35937a8e253ea 25382144 web optional chromium-common_147.0.7727.55-1~deb12u1_i386.deb
 56081297328b3eb68f7a2865bcf46709 35888412 debug optional chromium-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 214d218043e161024475242c738b5a14 7882100 web optional chromium-driver_147.0.7727.55-1~deb12u1_i386.deb
 1ef78e15aa0b473ae23a19ff2fa9efdb 29650200 debug optional chromium-headless-shell-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 a5472c3b38480f6a9d96b7d0f8f269e5 58745656 web optional chromium-headless-shell_147.0.7727.55-1~deb12u1_i386.deb
 337c84bf157189c500baa36097c58905 17824 debug optional chromium-sandbox-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 0823deb0af63a0ef1ccbd0d49a28ab84 115640 web optional chromium-sandbox_147.0.7727.55-1~deb12u1_i386.deb
 bc9e548dba40392bfd6d01f3979cf87e 32461516 debug optional chromium-shell-dbgsym_147.0.7727.55-1~deb12u1_i386.deb
 37ef6d842981e71b6f58111d21cf38b8 64113380 web optional chromium-shell_147.0.7727.55-1~deb12u1_i386.deb
 9ae99d09803f804982cdb3aaf340ec27 30369 web optional chromium_147.0.7727.55-1~deb12u1_i386-buildd.buildinfo
 d58c45118da9d4da6165a31b62b89b6e 76814040 web optional chromium_147.0.7727.55-1~deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmnYy3EACgkQTwt/65ON
6zfe+hAAkax7/w6Q7Yxkleb5QuHxy5QTVeyC+LaBnZEghBTWhrFekz5p0Ssf7+6f
M2YH0iqSYs79pTHQ7o4MzCJ5DmAz8I67DdpgwJZmAnt3lwiOQgBOk4Dmr/XTVZdc
ChiWg/iU2M0oa/jmcJoK5CtIagB6KtC1H98z+3j4lqT41+/cOeKIaD0P3IyZj1b5
Yyn/Ery1g5s9X98A/0JM3valMfDUZCvBjWagLoNEk+HATiUiKVx2SLca8wWKg2OO
8Wa+RqUgOEVpSRMSkWQoNDbXzKRclVx58QbVBdHGEvjri5hVIK9YaXSrCEhwSKKI
Dk5BGSeXO2TeclZcn6yeH42XR0NWOAuGdwXHo6GKJHakJhMfX95gWlUcGRrJHf4B
PD6iPZuIfhVDGuj07CBz6tVa7WeUKGVT7I+DcSDb3A6YUKJ9KeQeKd85mzVEWteg
VcIMdcXpxE9tjB74JEyEys1t2+8WUETUun3GbOvb3gc8wYBp0b1VG/LsoNTBxXjP
kqJ4yzrUZUylUS17nbqBkSUTrrQQ+K1ZTglDz4Z+QyltSG3skpMOtWQ/Yy/Msf/z
/a0OtXDpaQ1ipxsxvylkxGd1G2aPOZ9BYc4SlrVbUdBiHjb0nzexV6arJAQ0DTpQ
htjtYC2n9L2hQHgVbdGFB79q3qwGABOWG2G7h+Mo+lpTm4ClC+w=
=xNBY
-----END PGP SIGNATURE-----