-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Apr 2026 03:34:02 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: ppc64el
Version: 147.0.7727.55-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1132651
Changes:
 chromium (147.0.7727.55-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-5858: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5859: Integer overflow in WebML. Reported by Anonymous.
     - CVE-2026-5860: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5861: Use after free in V8. Reported by 5shain.
     - CVE-2026-5862: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5863: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse.
     - CVE-2026-5865: Type Confusion in V8.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-5866: Use after free in Media.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse.
     - CVE-2026-5868: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-5869: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5870: Integer overflow in Skia. Reported by Google.
     - CVE-2026-5871: Type Confusion in V8. Reported by Google.
     - CVE-2026-5872: Use after free in Blink. Reported by Google.
     - CVE-2026-5873: Out of bounds read and write in V8. Reported by Google.
     - CVE-2026-5874: Use after free in PrivateAI. Reported by Krace.
     - CVE-2026-5875: Policy bypass in Blink.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5876: Side-channel information leakage in Navigation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5877: Use after free in Navigation.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2026-5878: Incorrect security UI in Blink.
       Reported by Shaheen Fazim.
     - CVE-2026-5879: Insufficient validation of untrusted input in ANGLE.
       Reported by parkminchan, working for SSD Labs Korea.
     - CVE-2026-5880: Incorrect security UI in browser UI.
     - CVE-2026-5881: Policy bypass in LocalNetworkAccess. Reported by asnine.
     - CVE-2026-5882: Incorrect security UI in Fullscreen.
     - CVE-2026-5883: Use after free in Media. Reported by sherkito.
     - CVE-2026-5884: Insufficient validation of untrusted input in Media.
       Reported by xmzyshypnc.
     - CVE-2026-5885: Insufficient validation of untrusted input in WebML.
       Reported by Bryan Bernhart.
     - CVE-2026-5886: Out of bounds read in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5887: Insufficient validation of untrusted input in Downloads.
       Reported by daffainfo.
     - CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by
       the Octane Security Team: Giovanni Vignone, Paolo Gentry,
       Robert van Eijk.
     - CVE-2026-5889: Cryptographic Flaw in PDFium. Reported by mlafon.
     - CVE-2026-5890: Race in WebCodecs. Reported by Casper Woudenberg.
     - CVE-2026-5891: Insufficient policy enforcement in browser UI.
       Reported by Tianyi Hu.
     - CVE-2026-5892: Insufficient policy enforcement in PWAs.
       Reported by Tianyi Hu.
     - CVE-2026-5893: Race in V8. Reported by QYmag1c.
     - CVE-2026-5894: Inappropriate implementation in PDF.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5895: Incorrect security UI in Omnibox.
       Reported by Renwa Hiwa @RenwaX23.
     - CVE-2026-5896: Policy bypass in Audio.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5897: Incorrect security UI in Downloads.
       Reported by Farras Givari.
     - CVE-2026-5898: Incorrect security UI in Omnibox.
       Reported by saidinahikam032.
     - CVE-2026-5899: Incorrect security UI in History Navigation.
       Reported by Islam Rzayev.
     - CVE-2026-5900: Policy bypass in Downloads.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5901: Policy bypass in DevTools.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5902: Race in Media. Reported by Luke Francis.
     - CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands.
     - CVE-2026-5904: Use after free in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-5905: Incorrect security UI in Permissions.
       Reported by daffainfo.
     - CVE-2026-5906: Incorrect security UI in Omnibox.
       Reported by mohamedhesham9173.
     - CVE-2026-5907: Insufficient data validation in Media.
       Reported by Luke Francis.
     - CVE-2026-5908: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5909: Integer overflow in Media.
       Reported by Mohammed Yasar B & Ameen Basha M K.
     - CVE-2026-5910: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5911: Policy bypass in ServiceWorkers. Reported by lebr0nli
       of National Yang Ming Chiao Tung University, Dept. of CS, Security
       and Systems Lab.
     - CVE-2026-5912: Integer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5913: Out of bounds read in Blink.
       Reported by Vitaly Simonovich.
     - CVE-2026-5914: Type Confusion in CSS. Reported by Syn4pse.
     - CVE-2026-5915: Insufficient validation of untrusted input in WebML.
       Reported by ningxin.hu@intel.com.
     - CVE-2026-5918: Inappropriate implementation in Navigation.
       Reported by Google.
     - CVE-2026-5919: Insufficient validation of untrusted input in WebSockets.
       Reported by Richard Belisle.
   * d/patches:
     - upstream/profile.patch: drop, merged upstream.
     - upstream/fix-boringssl-loong64.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/unrar.patch: drop, merged upstream.
     - trixie/nodejs-set-intersection.patch: update for upstream refactoring.
     - bookworm/clang19.patch: -fno-lifetime-dse is unsupported. Also move
       to llvm-19 directory.
     - ungoogled/disable-ai.patch: sync from ungoogled-chromium project.
       Also re-add code that creates new tab's search bar (closes: #1132651).
     - debianization/safe-libcxx.patch: add a patch to force building with
       libc++'s LIBCPP_HARDENING_MODE turned on. See
       https://issues.chromium.org/issues/485696265 for the
       (security-related) rationale.
     - llvm-19/static-assert.patch: add another chunk of static_assert()
       removals that clang 19 needs.
     - rust-1.85/image.patch: enable nightly features for image_v0.25
       [trixie, bookworm].
     - bookworm/constexpr.patch: update/refresh for renamed file [bookworm].
   * d/rules:
     - drop "enable_glic=false", as upstream now forces their AI on everyone;
       but we strip it out with ungoogled/disable-ai.patch.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - bookworm/gn-absl.patch: Add visibility specifier to absl/crc:crc32,
       and re-sort the patch to keep the edits organized.
     - trixie/gn-len.patch: Refresh.
     - trixie/gn-module-name.patch: New patch to address older GN not knowing
       about the {{cc_module_name}} substitution [trixie, bookworm].
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: regenerate
 .
   [ Jianfeng Liu ]
   * d/patches/loongarch64:
     - 0024-disable-BROTLI_MODEL-macro-for-some-targets.patch: add upstream
       patch to fix brotil on loong64
Checksums-Sha1:
 bf137d3b4d4fe28b1b8e53a2ddfedd42b642862f 5747544 chromium-common-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 7ba0f2a0b019462284006ea9f3f2398bf2af5ce9 31179404 chromium-common_147.0.7727.55-1~deb13u1_ppc64el.deb
 de9b9895b2efb82e7a7aba1e0d7cbc037fa18773 30003156 chromium-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 67b0eb9a6605e45ccc5ac17532576cadf8d9e0f5 7265412 chromium-driver_147.0.7727.55-1~deb13u1_ppc64el.deb
 ad1b030bd5fd66619af9c5d6d9455d9d4f6fdff3 24756652 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 0c03e7f7c77364aff8efec4971d54bb07f63bf73 58733952 chromium-headless-shell_147.0.7727.55-1~deb13u1_ppc64el.deb
 c4aeec0f001af5ce3bf52d5fc1d1a3d61d98ea01 20332 chromium-sandbox-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 8aeea8026701dbbf6bc947cf0bb1a9207fd612dc 113752 chromium-sandbox_147.0.7727.55-1~deb13u1_ppc64el.deb
 7321aafb8fb55f5b1ffbcdaa0bff28c41c75e1f8 25619816 chromium-shell-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 c2757ed5cf21ca04ac954845b28c283ea76618ab 58538304 chromium-shell_147.0.7727.55-1~deb13u1_ppc64el.deb
 e0b21088d1cf190fdda6100283dd2c59a015c4a1 30335 chromium_147.0.7727.55-1~deb13u1_ppc64el-buildd.buildinfo
 15699ded266f35afaa55fd1eea42f6a43ff96731 79597740 chromium_147.0.7727.55-1~deb13u1_ppc64el.deb
Checksums-Sha256:
 6dfadebda1c76b8b435964b96d1385241208f1e7cc7cf7771560bf3e401d7b94 5747544 chromium-common-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 058d153346e76bf016561477bc95834415f964a787446d0baa278fed805a305d 31179404 chromium-common_147.0.7727.55-1~deb13u1_ppc64el.deb
 52c7a1255f6db4795b3f1064cb00af4a42f4f9d5a1f426347b8b15417f182899 30003156 chromium-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 3b25be696cbe474ce460bd6aa5c863532780f26cf1f20e80377c4a95144ffb4a 7265412 chromium-driver_147.0.7727.55-1~deb13u1_ppc64el.deb
 df8c7ae869c75c5013f888a8ad48619707b7c45720a2241b2fff49d09e3013ec 24756652 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 728c64a62f4f5c83972cab0902cef9965a65db222054a92329445857eca7c0f6 58733952 chromium-headless-shell_147.0.7727.55-1~deb13u1_ppc64el.deb
 892cd8b298038bf894051a71a96bbf589f50872e1be24c4b94e71e3bb8ef9f61 20332 chromium-sandbox-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 b53efeeb77293e81db81e9015768f9bb5b7228d14ae7a759005f6246cd093e6f 113752 chromium-sandbox_147.0.7727.55-1~deb13u1_ppc64el.deb
 ec84a0d6ba30a60eb8e9b83902cccfcd9292c7c66d6bb8244b4aced8e481c87d 25619816 chromium-shell-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 76669697a029036024a7335546f13d940018578fd402ab04d31f450593b027b4 58538304 chromium-shell_147.0.7727.55-1~deb13u1_ppc64el.deb
 3acada5298b3bc266afba4ee6ec718cdc4ea009dab94bdfb735b6f1009395cb7 30335 chromium_147.0.7727.55-1~deb13u1_ppc64el-buildd.buildinfo
 b669543fd8df81abe238713fbd4a557e294c320ecfb534856c092603d9614546 79597740 chromium_147.0.7727.55-1~deb13u1_ppc64el.deb
Files:
 a246702d523aafb7e2e4e32e59ab88bf 5747544 debug optional chromium-common-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 c47ae04075865edd08808a647de2f0f8 31179404 web optional chromium-common_147.0.7727.55-1~deb13u1_ppc64el.deb
 e0bdc69f2bbf1e300bb6f1bcba4decb6 30003156 debug optional chromium-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 128e44bb294ccf0cdc8763f8375f7031 7265412 web optional chromium-driver_147.0.7727.55-1~deb13u1_ppc64el.deb
 b1757d9984f8f9176003693ceec3b572 24756652 debug optional chromium-headless-shell-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 6db118c2644f2958994e3df4c91024c9 58733952 web optional chromium-headless-shell_147.0.7727.55-1~deb13u1_ppc64el.deb
 93154281515c84a875553656854c5701 20332 debug optional chromium-sandbox-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 604416d78d576aa1d91330a7d55b10b7 113752 web optional chromium-sandbox_147.0.7727.55-1~deb13u1_ppc64el.deb
 91fa98a4ca6ed9dc46ee4e71750725b0 25619816 debug optional chromium-shell-dbgsym_147.0.7727.55-1~deb13u1_ppc64el.deb
 b365fda9f37f0b052c539a976f98c455 58538304 web optional chromium-shell_147.0.7727.55-1~deb13u1_ppc64el.deb
 551d290049dad37b2d4b2cd344fe0bbb 30335 web optional chromium_147.0.7727.55-1~deb13u1_ppc64el-buildd.buildinfo
 2621e6d9a3bfe80943678b72e872ec1d 79597740 web optional chromium_147.0.7727.55-1~deb13u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEGHWM+bJZRznwgySGOrVShFbIMGEFAmnZBpIACgkQOrVShFbI
MGEKKw//REJ8OeaumJLH4Es5HmiCilmO+75dxXpwy4Z03MeUStugABUINbujhHis
xugmczA6UiHos5VyDrwjiiGn79D+hHoD14oudk9dBL3HSRIeF+tUgbM0e8AInShh
+Zu59tig+mrqDmTLgffCWfJoonbiuTPwV6K8jZSpQkIo0Puy5YEkiULpC90PhPm7
euMrjGZ2UkS5VXzyp8leEhf8vocHMRJChYTOQ1AWuZPIBuTHe0d9I/Z2c6mqK/2B
B/b/4E79+HMIv+IANzXQhfe+fSXw91olNfV0m2p3ooIKSsgtc4zdgVE1rGLPj9jD
+OUqD4hebJhudH6dTmCHaN+Imuno2VmwcYJJ1ER9WkZHK7W9r/kMSxtD5cAdFEYO
7z1CIj1c9/b1c/OgQWtFS/AKmNSS9DVPNr4NI8TrChVBJrDmfZCcqX8qYOge22Um
w5hr1ZgtUb8w47kOEOmWAalOWPzW0+BIC3cRpF54em49jGP8x/0pY9U5OfxXk8jK
BgLM9jGO6zeKwNTPj7YxJ87RoRiHVrlsgAXPg2kQ4GHlB2LmpQQ7651Xxt1R4tFy
22QX9nxdIXncMJ3qM32HRdO2KyCOyoz/CzkaGEWlmEsEwyfRjmQR5LE3ACdFTKME
Gi3p4wlVoZ/HI7GeZgkB7ot/aCk+E36FKb1mMO4Cu1wWQJ4RNQM=
=z8Rv
-----END PGP SIGNATURE-----