-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Apr 2026 12:42:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 146.0.7680.177-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.177-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-5272: Heap buffer overflow in GPU.
       Reported by inspector-ambitious.
     - CVE-2026-5273: Use after free in CSS. Reported by Anonymous.
     - CVE-2026-5274: Integer overflow in Codecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5275: Heap buffer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5276: Insufficient policy enforcement in WebUSB.
       Reported by Ariel Simon.
     - CVE-2026-5277: Integer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5278: Use after free in Web MIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5279: Object corruption in V8.
       Reported by Hyeonjun Ahn (@_deayzl).
     - CVE-2026-5280: Use after free in WebCodecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5281: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5282: Out of bounds read in WebCodecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5283: Inappropriate implementation in ANGLE.
       Reported by sweetchip.
     - CVE-2026-5284: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5285: Use after free in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5286: Use after free in Dawn. Reported by sweetchip.
     - CVE-2026-5287: Use after free in PDF. Reported by Syn4pse.
     - CVE-2026-5288: Use after free in WebView. Reported by Google.
     - CVE-2026-5289: Use after free in Navigation. Reported by Google.
     - CVE-2026-5290: Use after free in Compositing. Reported by Google.
     - CVE-2026-5291: Inappropriate implementation in WebGL.
       Reported by heapracer (@heapracer).
     - CVE-2026-5292: Out of bounds read in WebCodecs. Reported by Google.
   * d/patches:
     - upstream/Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch:
       drop, merged upstream.
     - ungoogled/disable-ai.patch: resync with u-c.
 .
   [ Daniel Richard G. ]
   * d/copyright: Exclude *.pb (protobuf) binary files.
   * d/patches: Various ungoogled-chromium-related updates.
     - disable/glic.patch: Drop, replaced with disable-ai.patch from the
       ungoogled-chromium project.
     - ungoogled/disable-ai.patch: Import new patch from ungoogled-chromium
       that zaps glic, screen_ai, and various other adjacent AI-based features.
     - ungoogled/disable-mei-preload.patch: Import patch to allow building
       without *.pb files.
     - ungoogled/disable-privacy-sandbox.patch: Update imported patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0005-blink-add-audio-vector-support.patch: Fix FBTFS from
       upstream adding vector-accelerated audio delay functions
 .
   [ Jianfeng Liu ]
   * d/patches/upstream:
     - Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch: Fix
       FBTFS from upstream for blink audio delay function on loong64
Checksums-Sha1:
 7dcde3103c0f1e323b7c1caff5d8837918f94803 5198876 chromium-common-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 810bcb175009310dbe5cef257a595c3d7012f652 29392880 chromium-common_146.0.7680.177-1~deb12u1_i386.deb
 8495f783f53bb5c62c9637171de490790f5ec65b 35537760 chromium-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 934fa084d7e60c5f0b4d5098d687880cf3b0458a 7780328 chromium-driver_146.0.7680.177-1~deb12u1_i386.deb
 2f0c81c63a18ec09a1d80f02a769868be23575b0 29509408 chromium-headless-shell-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 9129cef756def4967fbaeb14cb4c62e88cb74385 58153524 chromium-headless-shell_146.0.7680.177-1~deb12u1_i386.deb
 6a68b29c4017aa2d76a109cfbe28068e71c3be91 17824 chromium-sandbox-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 4b0c1a9ee6fa4ea743c023cf607b65e1220a83af 114108 chromium-sandbox_146.0.7680.177-1~deb12u1_i386.deb
 79764a5d1348f3a4ce562a6ce58e24b2b8fcb3cf 32283708 chromium-shell-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 0a511a3dedf665b282b6adcac6f1a471ed023ea6 63400348 chromium-shell_146.0.7680.177-1~deb12u1_i386.deb
 2e9dc1d461e3be45cfa8db5557a9e0b81ec7eebb 30404 chromium_146.0.7680.177-1~deb12u1_i386-buildd.buildinfo
 cfa3530bdbb3c4dfaf6088d33153dd79c730d2a0 75396660 chromium_146.0.7680.177-1~deb12u1_i386.deb
Checksums-Sha256:
 8f60df43bbf433a6297cd3e5b2ca67d506090cd84884195d5dbbd3631fc6431f 5198876 chromium-common-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 4f15b4ab920dad130d519bc2de6a3663faf8966dea8d874cfd01f3179fa1c163 29392880 chromium-common_146.0.7680.177-1~deb12u1_i386.deb
 35dba03c8fd0195c85ab4ee34f63aaf58ef9f6514c6e70f4668181dd17be2bb1 35537760 chromium-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 a12481a7fd6b41efa4561af44de3f77a624fb156b4aedb6e5264345a66bd1cbc 7780328 chromium-driver_146.0.7680.177-1~deb12u1_i386.deb
 d3d3db337aee3dc9294a67d538969c2594a2af9b8ec5214f1f3582247739bb25 29509408 chromium-headless-shell-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 8d916b33a29d6afe5b05b43ef2ae27bac2f8261488a083a5c51bc8d2af761463 58153524 chromium-headless-shell_146.0.7680.177-1~deb12u1_i386.deb
 7b482d8eb1797ba41e36ca7bd09daa6b86e1942a030304a7af52d0c219c76195 17824 chromium-sandbox-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 a48493b1934166a3fdb13f55d8b7ad27b7433a990a61489e68c88dcf2da6299d 114108 chromium-sandbox_146.0.7680.177-1~deb12u1_i386.deb
 56734216b932bd324b2e4d8cd9ab1413bfe0a94e4e82db19d7304c6c9119e662 32283708 chromium-shell-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 2da8aa693bfeb71d65ca401cc2f192926d18be42e7f53421aa7a23ea39d67aa9 63400348 chromium-shell_146.0.7680.177-1~deb12u1_i386.deb
 f84aafe49a4809c4465bd908fd0afd7c43a74970efb6fd6e216774a4479d1244 30404 chromium_146.0.7680.177-1~deb12u1_i386-buildd.buildinfo
 d25442233affe83ddf9155cd5eee674394d6541a6bed142ab866aa4227a82de7 75396660 chromium_146.0.7680.177-1~deb12u1_i386.deb
Files:
 3950ed77094c5fc32ec10bf5b05b0a1c 5198876 debug optional chromium-common-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 859e4602a7c4047f40835c7df49edae8 29392880 web optional chromium-common_146.0.7680.177-1~deb12u1_i386.deb
 7541768697d209b364e2c1f17c25609d 35537760 debug optional chromium-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 5c1cb980c7b8b53bb309e97d5429e693 7780328 web optional chromium-driver_146.0.7680.177-1~deb12u1_i386.deb
 e30b010183204a1a0fd5a9ff0c9eb972 29509408 debug optional chromium-headless-shell-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 3e966d29bcca7a8431a607bf3d65e3ef 58153524 web optional chromium-headless-shell_146.0.7680.177-1~deb12u1_i386.deb
 e49fb178086ca5ad73a895ff4422c383 17824 debug optional chromium-sandbox-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 fa1bf10d43d6ed454fda9bbe407ac71b 114108 web optional chromium-sandbox_146.0.7680.177-1~deb12u1_i386.deb
 8252a8c9feab1ad33090d591e450acc5 32283708 debug optional chromium-shell-dbgsym_146.0.7680.177-1~deb12u1_i386.deb
 54c13fc9bbbac028b67ff8960e981c96 63400348 web optional chromium-shell_146.0.7680.177-1~deb12u1_i386.deb
 1350d28d7595cb0a0eb31a53b50ea214 30404 web optional chromium_146.0.7680.177-1~deb12u1_i386-buildd.buildinfo
 ecd36eac2c60134e9d4f854f7449655a 75396660 web optional chromium_146.0.7680.177-1~deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmnO+AkACgkQPkCWRKsh
20dzqQ//ZiW2pheOnsEc8Nnt3JNoaswkvuf1SCKYKSQ69YoIZ8CzU1SZEpo1MZWx
EPaUwS9mwWqUEHfCre6blPnTKPiUtmAXoAlf+I8zkeCCTdYkzF8VnJON5WHxqQFv
8E171qlYXNpnyG5g7v5a052SuoghSLKoXZf2P+mbDZMzGW8iT+kwyCHLxSNcUiQj
K53GLHCJmsvvczha7sU3u3JIjl1QC+XQBtq38QzOIasp2nTl16QgvHRKXK945JtW
Bz75xMbY00Bm64l0/i6ueMT97uXvJgglTrE5q5sOEAkYl1k1mA2ggKzozfSh9han
dssPw8PtNWqJBhIwXmYO6SD3Z6ou5DTs5xcMW4sLpLH6cMoEzTf6zmsWPdV0/NS/
K/yuzaOe9w5BKF+u3EGYYCY7qHplvg/1PCQHWW3Fj/jQ4nLiP1Kyou630rqtH7De
Y9JHYddJz8UlfnXozA4bFWVpOeE7i08Ye9NiBJgsK01WlOOD6ovjETxmJVJWp4gp
7MMqQYbJU4w5EDNVoBTf40EyJl714K3MKRsLobHny8VXG6Kh2gfzFshE/MJHvvZA
noKAEJQNy7Gs1We4N9wGcIxwjV8Z0NyWE1KmUw2A6ksMJoFlgmfJ7mJhmyfKhnDR
GDHYauBbC4u9Oezadp0e5rWGYVY392LhlaXlUzKEekzZ2NfdBAw=
=gBuU
-----END PGP SIGNATURE-----