-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 149.0.7827.102-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm64 Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (149.0.7827.102-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-11628: Use after free in Ozone. Reported by Google.
     - CVE-2026-11629: Use after free in Ozone. Reported by Google.
     - CVE-2026-11630: Use after free in File Input. Reported by Google.
     - CVE-2026-11631: Use after free in Aura. Reported by Google.
     - CVE-2026-11632: Use after free in TabStrip. Reported by Google.
     - CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11634: Use after free in Gamepad. Reported by Google.
     - CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11636: Use after free in Autofill. Reported by Google.
     - CVE-2026-11637: Use after free in Views. Reported by Google.
     - CVE-2026-11638: Use after free in Printing. Reported by Google.
     - CVE-2026-11639: Use after free in Compositing. Reported by Google.
     - CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11642: Use after free in Web Apps. Reported by Google.
     - CVE-2026-11643: Use after free in Proxy. Reported by Google.
     - CVE-2026-11644: Use after free in Views. Reported by Google.
     - CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
     - CVE-2026-11646: Use after free in ViewTransitions.
       Reported by Quac Tran.
     - CVE-2026-11647: Use after free in Printing. Reported by Google.
     - CVE-2026-11648: Use after free in FullScreen.
       Reported by Mihnea Nicolau.
     - CVE-2026-11649: Use after free in V8. Reported by Google.
     - CVE-2026-11650: Use after free in V8. Reported by Google.
     - CVE-2026-11651: Use after free in Network. Reported by Google.
     - CVE-2026-11652: Use after free in Extensions. Reported by Google.
     - CVE-2026-11653: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
     - CVE-2026-11655: Integer overflow in Media. Reported by Google.
     - CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11657: Use after free in Payments. Reported by Google.
     - CVE-2026-11658: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11659: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11660: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11661: Use after free in Views. Reported by Google.
     - CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
     - CVE-2026-11663: Use after free in Skia. Reported by Google.
     - CVE-2026-11664: Use after free in Payments. Reported by Google.
     - CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-11666: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
     - CVE-2026-11669: Integer overflow in Media. Reported by Google.
     - CVE-2026-11670: Use after free in PDF. Reported by Google.
     - CVE-2026-11671: Use after free in Navigation. Reported by Google.
     - CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
     - CVE-2026-11674: Use after free in Guest View. Reported by Google.
     - CVE-2026-11675: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11677: Race in Network. Reported by Google.
     - CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11679: Use after free in Codecs. Reported by Google.
     - CVE-2026-11680: Use after free in Media. Reported by Google.
     - CVE-2026-11681: Use after free in Ozone. Reported by Google.
     - CVE-2026-11682: Insufficient validation of untrusted input in Views.
       Reported by Google.
     - CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-11684: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-11685: Insufficient data validation in MediaCapture.
       Reported by Google.
     - CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11687: Use after free in Dawn. Reported by Google.
     - CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
     - CVE-2026-11689: Insufficient validation of untrusted input in
       Passwords. Reported by Google.
     - CVE-2026-11690: Out of bounds read and write in Media.
       Reported by Google.
     - CVE-2026-11691: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11692: Use after free in Read Anything. Reported by Google.
     - CVE-2026-11693: Inappropriate implementation in Plugins.
       Reported by Google.
     - CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11695: Inappropriate implementation in Passwords.
       Reported by Google.
     - CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
     - CVE-2026-11697: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11700: Use after free in Tracing. Reported by Google.
     - CVE-2026-11701: Insufficient validation of untrusted input in Guest
       View. Reported by Google.
   * d/patches:
     - fixes/arm-logging.patch: add patch to hopefully fix build failure
       on arm*.
     - loongarch64/0024-fix-libyuv-lsx.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
       upstream changes
     - core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
 131a3c2bde215f38854f13fc58752dc33d24fc78 6489200 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 55ce565aefa3b6b3bc9525b1876972fd2d50ad5d 30963596 chromium-common_149.0.7827.102-1~deb12u1_arm64.deb
 18d2874d6a95adf06b113dc9a9d156efe31889d6 37843264 chromium-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 43a121d12988877e5acc8ef8765ac24469f75db1 6921244 chromium-driver_149.0.7827.102-1~deb12u1_arm64.deb
 cbe125fd21e1749368521d3626b12c0af1fb4051 30673592 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 7dd7cd956986dd99563371cc0bc945a6ca84d027 51555748 chromium-headless-shell_149.0.7827.102-1~deb12u1_arm64.deb
 f6ff41cb63c20870fdde4c5e4d8e1462bf294a7c 20260 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 478fc298d3faa3a35d50dda35778788188f5b561 128180 chromium-sandbox_149.0.7827.102-1~deb12u1_arm64.deb
 b894c3239cc694c88256310b1af97bc5c2e253e8 33145240 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 1f4491ec38951356302281520cd41d69fdc6c29b 56472648 chromium-shell_149.0.7827.102-1~deb12u1_arm64.deb
 11bfa08c1df7a100926b92004a14ea61493653d4 30469 chromium_149.0.7827.102-1~deb12u1_arm64-buildd.buildinfo
 6a06049d61777ea8648c2932450297530f57d228 65739992 chromium_149.0.7827.102-1~deb12u1_arm64.deb
Checksums-Sha256:
 d3554f1668d6a94d736304c1d319fd4d0e7ddc8effb1c00144410ad9dd0419b8 6489200 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 198ac9e7116b512bb175628e6267e55b96fb90898cf584b4bc1c5d8cf318c040 30963596 chromium-common_149.0.7827.102-1~deb12u1_arm64.deb
 cabb47c2b5111be63fe116fa8d5e3625e8ccdabde4d99f8060b31dd1c375d2b0 37843264 chromium-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 04c96e3b2ca1114aa2be36edce19e970a7eef05b21371c0a3d884f00b9051c7a 6921244 chromium-driver_149.0.7827.102-1~deb12u1_arm64.deb
 8f899ce4cd507b32d01f1ebef50bc61434a56c858c55974c7449ae3ed7ce64ad 30673592 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 65d21b2b2dd6a17a2de35382f1f25ecaa56f11a7df680b2c4c06c2ff9f08f57e 51555748 chromium-headless-shell_149.0.7827.102-1~deb12u1_arm64.deb
 62acad311314b7d0c7d9f4f66951ab6ce97c36ca22140a679afd12dcf30b5df0 20260 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 b6ce60d3a2695d3f02f91a5a8184bfd1801abdbe727e23fe596292619538db6f 128180 chromium-sandbox_149.0.7827.102-1~deb12u1_arm64.deb
 93f1cc89bd1c750c611d6482165e6f8c82cb8bf7d4d534f5fa7402ff48a14560 33145240 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 c521f502e31e503027bee82de3cff824fb1a8fac4caa72eb38e3ccf241c2dd71 56472648 chromium-shell_149.0.7827.102-1~deb12u1_arm64.deb
 9561c4e3d7e5360be45dac5995a4fe2d88bca92893fe9033b352fa241c63462d 30469 chromium_149.0.7827.102-1~deb12u1_arm64-buildd.buildinfo
 ae8068ac5491183ac6470fc53ec28bfa6829466e76d75b1b92a1be498b3ed98b 65739992 chromium_149.0.7827.102-1~deb12u1_arm64.deb
Files:
 f4e6e592f50ae7e12ee77eb8717425aa 6489200 debug optional chromium-common-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 87769cee078a26ef7e8bab716f6eb9d1 30963596 web optional chromium-common_149.0.7827.102-1~deb12u1_arm64.deb
 c64de5840237f62dafc1c249113e227a 37843264 debug optional chromium-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 e7689b9ed991f9ab76bc20a2b9911d3e 6921244 web optional chromium-driver_149.0.7827.102-1~deb12u1_arm64.deb
 477d16269aa01d53da2a1b2bd5e5ea62 30673592 debug optional chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 c65ef95b3e8f3fb24f1046c5e9a23371 51555748 web optional chromium-headless-shell_149.0.7827.102-1~deb12u1_arm64.deb
 867d13a6eeb84c047ce1f40ab288dc89 20260 debug optional chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 4c3a88be4587a17ed307c49c774784a5 128180 web optional chromium-sandbox_149.0.7827.102-1~deb12u1_arm64.deb
 7a5683f750b4fe425e3b61ab8ad68d27 33145240 debug optional chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_arm64.deb
 5ebd3c45c4cc8bc536592d5a3c907a12 56472648 web optional chromium-shell_149.0.7827.102-1~deb12u1_arm64.deb
 13b9ee3cccb0372e9881d0323f399367 30469 web optional chromium_149.0.7827.102-1~deb12u1_arm64-buildd.buildinfo
 294f66e65278ed1f37dd4f3956120811 65739992 web optional chromium_149.0.7827.102-1~deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0Ha//LlsGOpbQ/H4xqCFmsOWgoYFAmop2HkACgkQxqCFmsOW
goY5thAAgyXJGuSu8fu5CVxwjQkXngT0KLrbZmayLLDKghtkkNlf8h2VsPFo9hhy
waVUEfnllQ5v/I+wnP1932nEELuhppxeh35F5EuYV1vUoC9I763wttKk8/uNPlds
NQ6vXXIn3tOsfEQ+gKyXsUOiEl5X5y3H5IksDPDeHFvLfpvXvwtiO5z26bHM0glp
yJKZkeB9b5r/vZVUxxBUuBRwsWVr2kZTCKXVotBp9mz0pC+fxMzAVFeHPyZGovSv
VvcyOFQNnbicF+UZMKePCyTcpwHg6Kw/zl4J8Kwh/jRfKgcnskiNy53rgggFwhcu
dyzGMTdE9jfC4vVfMQ1rpAvl8GpxLb4FnVYWR71FIqY220dsR4Bunmu7qZrfkJZQ
pyAppAzyplm57HCsxlfSlK2RJAdKTVL8QCxbJdB1r00/iMqh69is3us38eL/Ts0x
BLSsIsDIbGoDvL7rRB5IsBf6tbBdXorEJblAQ+NQCyWglpDpFeIv7UbeEmJ69gcQ
iA7R7v4UDhCVCAH8VJz7bAoqnUdj8Keh5lTZSiQtUBn/4+t+SCVKd5PjkCyYe8dG
cyO3IxKXyUHN8VOYuQFJlk4XF6e2PaSN45V4JUQ4gPz+IjnbQZAR9fh/7muA8dVq
7rUtUBrtwDigmuESpMA6BXfe6rIEGrtcx5oni7GHSFOQZuqLqRU=
=mdgX
-----END PGP SIGNATURE-----