-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Apr 2026 12:42:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 146.0.7680.177-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.177-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-5272: Heap buffer overflow in GPU.
       Reported by inspector-ambitious.
     - CVE-2026-5273: Use after free in CSS. Reported by Anonymous.
     - CVE-2026-5274: Integer overflow in Codecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5275: Heap buffer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5276: Insufficient policy enforcement in WebUSB.
       Reported by Ariel Simon.
     - CVE-2026-5277: Integer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5278: Use after free in Web MIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5279: Object corruption in V8.
       Reported by Hyeonjun Ahn (@_deayzl).
     - CVE-2026-5280: Use after free in WebCodecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5281: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5282: Out of bounds read in WebCodecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5283: Inappropriate implementation in ANGLE.
       Reported by sweetchip.
     - CVE-2026-5284: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5285: Use after free in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5286: Use after free in Dawn. Reported by sweetchip.
     - CVE-2026-5287: Use after free in PDF. Reported by Syn4pse.
     - CVE-2026-5288: Use after free in WebView. Reported by Google.
     - CVE-2026-5289: Use after free in Navigation. Reported by Google.
     - CVE-2026-5290: Use after free in Compositing. Reported by Google.
     - CVE-2026-5291: Inappropriate implementation in WebGL.
       Reported by heapracer (@heapracer).
     - CVE-2026-5292: Out of bounds read in WebCodecs. Reported by Google.
   * d/patches:
     - upstream/Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch:
       drop, merged upstream.
     - ungoogled/disable-ai.patch: resync with u-c.
 .
   [ Daniel Richard G. ]
   * d/copyright: Exclude *.pb (protobuf) binary files.
   * d/patches: Various ungoogled-chromium-related updates.
     - disable/glic.patch: Drop, replaced with disable-ai.patch from the
       ungoogled-chromium project.
     - ungoogled/disable-ai.patch: Import new patch from ungoogled-chromium
       that zaps glic, screen_ai, and various other adjacent AI-based features.
     - ungoogled/disable-mei-preload.patch: Import patch to allow building
       without *.pb files.
     - ungoogled/disable-privacy-sandbox.patch: Update imported patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0005-blink-add-audio-vector-support.patch: Fix FBTFS from
       upstream adding vector-accelerated audio delay functions
 .
   [ Jianfeng Liu ]
   * d/patches/upstream:
     - Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch: Fix
       FBTFS from upstream for blink audio delay function on loong64
Checksums-Sha1:
 4cc462aa3a42a9a930cf314f8b2ac9dd1dfbbbd0 6289748 chromium-common-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 6ef28784a751a1099711e735f2567119d9ff8738 34113720 chromium-common_146.0.7680.177-1~deb12u1_arm64.deb
 cc49be6f86855b66973ab6db2cde25e5386cbaf9 36117860 chromium-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 dc80ef5a6c9b486673934a119eff7f48d582a5db 6641684 chromium-driver_146.0.7680.177-1~deb12u1_arm64.deb
 2721ed3a903fac3bf3f4114a3152ef2472871f7c 29420472 chromium-headless-shell-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 1491724c014a9aae84e3b5d90a13052a5fb6aa8a 49879560 chromium-headless-shell_146.0.7680.177-1~deb12u1_arm64.deb
 d159754eaae124f96c6e0b077bc0084db2f14e28 20264 chromium-sandbox-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 55a013aa00572ec61d4e261519f6bfc7a01fa9ee 114900 chromium-sandbox_146.0.7680.177-1~deb12u1_arm64.deb
 eaef7d66cf2c51861ba454e023299c120bf293a3 31702416 chromium-shell-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 79fae5b3969acc95ed87107c65605cc574e58ab9 54419556 chromium-shell_146.0.7680.177-1~deb12u1_arm64.deb
 9c6c9f613452be9ad6971b6c79add11b3bd1e951 30387 chromium_146.0.7680.177-1~deb12u1_arm64-buildd.buildinfo
 468ec841f3ab10c95903e0eda92e081a925cfbb4 63400096 chromium_146.0.7680.177-1~deb12u1_arm64.deb
Checksums-Sha256:
 38c73a574866a10a721c6a4b97491bd3acf196371382b2ade3c7b642d2f6685c 6289748 chromium-common-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 2760643e9271b3c9adb1cc35624852db2d1c15e4f242238a12d4e7ed83af2f14 34113720 chromium-common_146.0.7680.177-1~deb12u1_arm64.deb
 d44fe008a15d305244d1a44a248cc2f852d4f9f98ab36222edcd475047dbd0fb 36117860 chromium-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 4f91bb3c2a0d862ccd23527a59f9b28605ff26a2d45d4e3894b5acf2bd9e64a4 6641684 chromium-driver_146.0.7680.177-1~deb12u1_arm64.deb
 93ce97334dd9c85e1d1a7c71a024df273b85147f9a2c4f6a1b8df9b447bdbeff 29420472 chromium-headless-shell-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 bb99d32877ee7a165a162725f95ca8b166516fc1ba0bd908ab19ec996544dfa7 49879560 chromium-headless-shell_146.0.7680.177-1~deb12u1_arm64.deb
 9ef90713d5c0e52dad6db6cb22e809bb3d67d0f2e780681ac8fbc15e9ac6bf86 20264 chromium-sandbox-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 b5854f25c11b719e694225465eb8517dcdcaff4f9141d2338971570955c4727e 114900 chromium-sandbox_146.0.7680.177-1~deb12u1_arm64.deb
 5d19fad376aa6431be730d5054224ed3577b01c5ce17c60a00b1b0c388604aab 31702416 chromium-shell-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 bb7cb63cc82eb2cbf867a448950d63057f23afc18ec1ad739d1442f4793df596 54419556 chromium-shell_146.0.7680.177-1~deb12u1_arm64.deb
 56f11ce0302fe111edb4be29bc4090f2bbe2415657faa3d8f97c71e01dbd05e0 30387 chromium_146.0.7680.177-1~deb12u1_arm64-buildd.buildinfo
 7d2e82457e042138a6292f3e396e2a88d962bdf656efd42dbc051fe1a59354d0 63400096 chromium_146.0.7680.177-1~deb12u1_arm64.deb
Files:
 8f67785975ed72dfe040ff1a42a4da7a 6289748 debug optional chromium-common-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 9f2ec247970d400432c7d8bc9b3054c8 34113720 web optional chromium-common_146.0.7680.177-1~deb12u1_arm64.deb
 e724a60acaa5632dcf1c0b61e1c5653a 36117860 debug optional chromium-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 10979322a8256c45565d153f59b7cbe3 6641684 web optional chromium-driver_146.0.7680.177-1~deb12u1_arm64.deb
 ea8901bd5ff40f1026738567caf22a90 29420472 debug optional chromium-headless-shell-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 f60a5a9f6393748551ade14b339416d0 49879560 web optional chromium-headless-shell_146.0.7680.177-1~deb12u1_arm64.deb
 3bf7a4e6d64de27f4d3efc25d7b05662 20264 debug optional chromium-sandbox-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 3e004833ae636beebde0dd53273bc398 114900 web optional chromium-sandbox_146.0.7680.177-1~deb12u1_arm64.deb
 80e800db94e5f4aa4f07b1c4273651d6 31702416 debug optional chromium-shell-dbgsym_146.0.7680.177-1~deb12u1_arm64.deb
 02e47634b104bae6a3564ab361828423 54419556 web optional chromium-shell_146.0.7680.177-1~deb12u1_arm64.deb
 e2fae2a07b9a75a98c45551c3c02dfb6 30387 web optional chromium_146.0.7680.177-1~deb12u1_arm64-buildd.buildinfo
 f55beccc925f2f24a034568212521006 63400096 web optional chromium_146.0.7680.177-1~deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmnO30wACgkQScpU3dYu
lLhwuA//UyTf8f0NSDi40NI+RZoVR57FpjQdtSzTYyVM1Tt39R9OieYVh8wrHb2e
WvWAHwSDpuLXaCFVEiyCuP0Oqu5BlM1o6MGvY3Q3pvhp64VXm/s43u4pTEtapw7J
8y1ojsg8U3VlVMy7XBL877CWdJ2k0jrOKvH0ZVTaNvMvaKsBHoFY/+yVQbGydL6S
7Xm4RXUH6jxd2N5fcU6a1ta9YvPWq8k07r19JzHicWaJKL7e7SAb/ZGyUkTKKNHh
6SytTWNSk7MzDXD4XQ7rP3qnjTF0Sv99rCrTf1Jk34uup8+Vz4e71qwcE1IU5iSo
161BU4mtfXZieFYQsQfCz4188CcxYA5cz9gvIRpACd8KaunrQ5sbngZSHFU81507
CyiNTu20Bi1KQF6OzA8kELGPZ7+0a5ed9H6aUXu908ysiQPf3uCeuLdWKm4UbLWv
Hrx7n+yl3xI0ofRzXozWNQp0jmUglCTyh/o6tkp9NRHAhBrYhWKQ/YAaqLVyshYA
hpgubOuILGIRZ0Lqqr+z+36+KJRpVS6vLurySBil/b4kWCzMW6CrG52rv2FqVVOp
c5vlKTMC54EIniCH6uoWlxHubNQwOUr3tsdFsNf2an2pWWG6n3+iSC9bam7kmoUB
jV9xN0i4szPAZfttZlghCLGcQ9yUNOr9YwGRsw1EfZ5SxLnSHkg=
=6spa
-----END PGP SIGNATURE-----