-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 19:35:31 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 146.0.7680.153-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1130569
Changes:
 chromium (146.0.7680.153-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-4439: Out of bounds memory access in WebGL.
       Reported by Goodluck.
     - CVE-2026-4440: Out of bounds read and write in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4441: Use after free in Base. Reported by Google.
     - CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse.
     - CVE-2026-4443: Heap buffer overflow in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4444: Stack buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4445: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4446: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge.
     - CVE-2026-4448: Heap buffer overflow in ANGLE.
       Reported by M. Fauzan Wijaya (Gh05t666nero).
     - CVE-2026-4449: Use after free in Blink. Reported by Syn4pse.
     - CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c.
     - CVE-2026-4451: Insufficient validation of untrusted input in
       Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip.
     - CVE-2026-4454: Use after free in Network.
       Reported by heapracer (@heapracer).
     - CVE-2026-4455: Heap buffer overflow in PDFium.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4456: Use after free in Digital Credentials API.
       Reported by sean wong.
     - CVE-2026-4457: Type Confusion in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim.
     - CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by
       Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern)
     - CVE-2026-4460: Out of bounds read in Skia.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4461: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-4462: Out of bounds read in Blink.
       Reported by heapracer (@heapracer).
     - CVE-2026-4463: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun.
   * d/patches/disable/glic.patch: refresh for upstream tab nudging changes
 .
   [ Jianfeng Liu ]
   * add upstreamed patch of boringssl to fix loong64 build (closes: #1130569)
Checksums-Sha1:
 3f8822f6053895a18335e778f1986ab051e63496 5182904 chromium-common-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 520bc198cda7b298d85d95cf9ebefb10288b5366 29359128 chromium-common_146.0.7680.153-1~deb13u1_i386.deb
 8e24f21ccf528a7666ff4968affd5daae4471f44 35597084 chromium-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 13ed922f1e5680a2055657bd390039e9c4eee17b 7778532 chromium-driver_146.0.7680.153-1~deb13u1_i386.deb
 f62938bb6c487c5cdedf611cbd5eaaccbe722329 29520180 chromium-headless-shell-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 560e7b3ef89b5bf50acb5030953a9a708bc2f9d8 58152084 chromium-headless-shell_146.0.7680.153-1~deb13u1_i386.deb
 be40f34ba4368836ce5a718451c0b32e30f33e31 18984 chromium-sandbox-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 342797ccb3af20266c81831616a6558902c2fdca 111228 chromium-sandbox_146.0.7680.153-1~deb13u1_i386.deb
 4db0f024e96213c132ccd943357fd21c54d0e2ab 32292408 chromium-shell-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 ba574d748ba8ba23533a5cbd97650df038a83247 63373460 chromium-shell_146.0.7680.153-1~deb13u1_i386.deb
 7fe57b64035c4bcc3c294692853af8008fe3749d 30319 chromium_146.0.7680.153-1~deb13u1_i386-buildd.buildinfo
 4fac9d94f54f5bc377bee37cf9978dc05df1911c 75577764 chromium_146.0.7680.153-1~deb13u1_i386.deb
Checksums-Sha256:
 3c29269ddd31e7f42fed34fb48c16f70c676ba2e224b93805ebb8481fce18208 5182904 chromium-common-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 cdc37460980046334f901f6c87409b26117a7bc14eaaae2eccf45c6d85cee75d 29359128 chromium-common_146.0.7680.153-1~deb13u1_i386.deb
 8d89f2216c728a3d9e29249fb04f8bcdcb988fd36a3e9f63c38c28ec4d28cbbb 35597084 chromium-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 3765f15246c462e553f3544727d85c2b28cd8fa701a4307d520b64952f22f0a8 7778532 chromium-driver_146.0.7680.153-1~deb13u1_i386.deb
 82ff8f52607c8734214f2a5b7a89d4a3ca5da80908bfadb727756001e5cba757 29520180 chromium-headless-shell-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 b24e9b26a5d97f5c04967ceb025928c75fe69e9572011e4bdd75e4a2c35087a3 58152084 chromium-headless-shell_146.0.7680.153-1~deb13u1_i386.deb
 3ece181fbb185f38a78662cfad586004f7882672f47f94ca682cdca68432455c 18984 chromium-sandbox-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 ddcd0ab7966a73190d89683871a675b6de8cb1786aca97f0b5798a61ead74816 111228 chromium-sandbox_146.0.7680.153-1~deb13u1_i386.deb
 88f786c7a5808b307a3f8fa88fa5bbe69e68ee33d458a3f214d433b087bf236a 32292408 chromium-shell-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 29cf5d8007ad0e4efb24492ba10bd3f88ec56c9554d5ac7c131ed76323d34328 63373460 chromium-shell_146.0.7680.153-1~deb13u1_i386.deb
 a2c4e3afbb941000e04733f14720825d07f67187a2448b3a144f0d9d143c5da3 30319 chromium_146.0.7680.153-1~deb13u1_i386-buildd.buildinfo
 f965b01013506d1a0477e4c762f6e5cf4221aac969711230e3bd1407bf48ec82 75577764 chromium_146.0.7680.153-1~deb13u1_i386.deb
Files:
 8e75e630332e96b35cb1c948f8b1f09d 5182904 debug optional chromium-common-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 3c9f3428cda3ac3826c9cd17fab563f4 29359128 web optional chromium-common_146.0.7680.153-1~deb13u1_i386.deb
 811d98319c293b621fd57f514c9d11be 35597084 debug optional chromium-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 866291b40729f2ebe13493f20ab525a1 7778532 web optional chromium-driver_146.0.7680.153-1~deb13u1_i386.deb
 a7f339ddee2ac52737beb23510aea1f4 29520180 debug optional chromium-headless-shell-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 1e85a27f96edbd2dce377d56fb4ae696 58152084 web optional chromium-headless-shell_146.0.7680.153-1~deb13u1_i386.deb
 438f68c3a14954f3f2764e6791f45f9a 18984 debug optional chromium-sandbox-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 44474192c68387910d87c4944e33c180 111228 web optional chromium-sandbox_146.0.7680.153-1~deb13u1_i386.deb
 83c5bddefce15bec7e8478403d2b2358 32292408 debug optional chromium-shell-dbgsym_146.0.7680.153-1~deb13u1_i386.deb
 722a870ec3e821c7e8256afdd6e64149 63373460 web optional chromium-shell_146.0.7680.153-1~deb13u1_i386.deb
 a0d7328ed49ad9d34157ee43fe43806b 30319 web optional chromium_146.0.7680.153-1~deb13u1_i386-buildd.buildinfo
 96110071c49e178c01b04f290d2c8596 75577764 web optional chromium_146.0.7680.153-1~deb13u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmm9jCEACgkQf2INRiCd
aWIrBQ/9FLYPopXf5omUZKyYbXomVy8S/XiAqJsxLV/7K24LNgRs6Fg5I/zqxFd7
901l84yHctd+TS1+V7afFfYXTAqLXooEzlne0cncv5ZxeP49Fx+wK8FflFMhHX4u
swvrBMbn/+g4mF7+9oqfVDqd5GDteUyEmI35GaRBp+wrDOQE2RPtzEXyKvmlP0G1
/bhqKnq199p9srzFq1Fw78NYNfGBq5I63JCcW2ZnXgp+CBRfjwD87OJ25X0zLUtb
3PYt5xTEt30NRkY+XqwaOxnWxIBAZFrNW1OWX7gt4+aRhoM7IheT1AaZxlkfKxeD
4Uw7qbzTybqA8c+8ADLoPYDFVhZHK5g2+zMsBdHH07sJNMdGLj7yb52qU7FMDcfH
kEDXXd1V7pdhDgxrI2UZaBu3BVfnL03Dv3/ugXpDna6nG7d5NiuuTLrqgu5TOQ9+
7ZjCromT2hQNE8onrMsejkTaqiCdXKR8MvOqWbOt86Kk+aHDeiPj8S9EoP7pPTFQ
5iZJFLXJ/KOXUUKB4V78SIUrRaHk/X/gjN7Ddvn5qYiqJysTuGR8S4VVc/80ituI
KYN33M1QGf+O4y6sanO2C5HZy+DYAbfGQsD/MXyBZCcN3pH2z3ejQy+Zry5vJJ15
Nwg8j8+ggcViRd7fDeJWbk0sDiZNOx+mTlC/ZQTDuSSmXJc8xFE=
=dvtd
-----END PGP SIGNATURE-----