-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Apr 2026 03:34:02 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 147.0.7727.55-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1132651
Changes:
 chromium (147.0.7727.55-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-5858: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5859: Integer overflow in WebML. Reported by Anonymous.
     - CVE-2026-5860: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5861: Use after free in V8. Reported by 5shain.
     - CVE-2026-5862: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5863: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse.
     - CVE-2026-5865: Type Confusion in V8.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-5866: Use after free in Media.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse.
     - CVE-2026-5868: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-5869: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5870: Integer overflow in Skia. Reported by Google.
     - CVE-2026-5871: Type Confusion in V8. Reported by Google.
     - CVE-2026-5872: Use after free in Blink. Reported by Google.
     - CVE-2026-5873: Out of bounds read and write in V8. Reported by Google.
     - CVE-2026-5874: Use after free in PrivateAI. Reported by Krace.
     - CVE-2026-5875: Policy bypass in Blink.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5876: Side-channel information leakage in Navigation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5877: Use after free in Navigation.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2026-5878: Incorrect security UI in Blink.
       Reported by Shaheen Fazim.
     - CVE-2026-5879: Insufficient validation of untrusted input in ANGLE.
       Reported by parkminchan, working for SSD Labs Korea.
     - CVE-2026-5880: Incorrect security UI in browser UI.
     - CVE-2026-5881: Policy bypass in LocalNetworkAccess. Reported by asnine.
     - CVE-2026-5882: Incorrect security UI in Fullscreen.
     - CVE-2026-5883: Use after free in Media. Reported by sherkito.
     - CVE-2026-5884: Insufficient validation of untrusted input in Media.
       Reported by xmzyshypnc.
     - CVE-2026-5885: Insufficient validation of untrusted input in WebML.
       Reported by Bryan Bernhart.
     - CVE-2026-5886: Out of bounds read in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5887: Insufficient validation of untrusted input in Downloads.
       Reported by daffainfo.
     - CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by
       the Octane Security Team: Giovanni Vignone, Paolo Gentry,
       Robert van Eijk.
     - CVE-2026-5889: Cryptographic Flaw in PDFium. Reported by mlafon.
     - CVE-2026-5890: Race in WebCodecs. Reported by Casper Woudenberg.
     - CVE-2026-5891: Insufficient policy enforcement in browser UI.
       Reported by Tianyi Hu.
     - CVE-2026-5892: Insufficient policy enforcement in PWAs.
       Reported by Tianyi Hu.
     - CVE-2026-5893: Race in V8. Reported by QYmag1c.
     - CVE-2026-5894: Inappropriate implementation in PDF.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5895: Incorrect security UI in Omnibox.
       Reported by Renwa Hiwa @RenwaX23.
     - CVE-2026-5896: Policy bypass in Audio.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5897: Incorrect security UI in Downloads.
       Reported by Farras Givari.
     - CVE-2026-5898: Incorrect security UI in Omnibox.
       Reported by saidinahikam032.
     - CVE-2026-5899: Incorrect security UI in History Navigation.
       Reported by Islam Rzayev.
     - CVE-2026-5900: Policy bypass in Downloads.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5901: Policy bypass in DevTools.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5902: Race in Media. Reported by Luke Francis.
     - CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands.
     - CVE-2026-5904: Use after free in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-5905: Incorrect security UI in Permissions.
       Reported by daffainfo.
     - CVE-2026-5906: Incorrect security UI in Omnibox.
       Reported by mohamedhesham9173.
     - CVE-2026-5907: Insufficient data validation in Media.
       Reported by Luke Francis.
     - CVE-2026-5908: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5909: Integer overflow in Media.
       Reported by Mohammed Yasar B & Ameen Basha M K.
     - CVE-2026-5910: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5911: Policy bypass in ServiceWorkers. Reported by lebr0nli
       of National Yang Ming Chiao Tung University, Dept. of CS, Security
       and Systems Lab.
     - CVE-2026-5912: Integer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5913: Out of bounds read in Blink.
       Reported by Vitaly Simonovich.
     - CVE-2026-5914: Type Confusion in CSS. Reported by Syn4pse.
     - CVE-2026-5915: Insufficient validation of untrusted input in WebML.
       Reported by ningxin.hu@intel.com.
     - CVE-2026-5918: Inappropriate implementation in Navigation.
       Reported by Google.
     - CVE-2026-5919: Insufficient validation of untrusted input in WebSockets.
       Reported by Richard Belisle.
   * d/patches:
     - upstream/profile.patch: drop, merged upstream.
     - upstream/fix-boringssl-loong64.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/unrar.patch: drop, merged upstream.
     - trixie/nodejs-set-intersection.patch: update for upstream refactoring.
     - bookworm/clang19.patch: -fno-lifetime-dse is unsupported. Also move
       to llvm-19 directory.
     - ungoogled/disable-ai.patch: sync from ungoogled-chromium project.
       Also re-add code that creates new tab's search bar (closes: #1132651).
     - debianization/safe-libcxx.patch: add a patch to force building with
       libc++'s LIBCPP_HARDENING_MODE turned on. See
       https://issues.chromium.org/issues/485696265 for the
       (security-related) rationale.
     - llvm-19/static-assert.patch: add another chunk of static_assert()
       removals that clang 19 needs.
     - rust-1.85/image.patch: enable nightly features for image_v0.25
       [trixie, bookworm].
     - bookworm/constexpr.patch: update/refresh for renamed file [bookworm].
   * d/rules:
     - drop "enable_glic=false", as upstream now forces their AI on everyone;
       but we strip it out with ungoogled/disable-ai.patch.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - bookworm/gn-absl.patch: Add visibility specifier to absl/crc:crc32,
       and re-sort the patch to keep the edits organized.
     - trixie/gn-len.patch: Refresh.
     - trixie/gn-module-name.patch: New patch to address older GN not knowing
       about the {{cc_module_name}} substitution [trixie, bookworm].
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: regenerate
 .
   [ Jianfeng Liu ]
   * d/patches/loongarch64:
     - 0024-disable-BROTLI_MODEL-macro-for-some-targets.patch: add upstream
       patch to fix brotil on loong64
Checksums-Sha1:
 c084eb4dd2a48d55228898a2ccdab8c9f751130e 5141452 chromium-common-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 68535392e6391664414dc2f75efedc98efd4978b 25368580 chromium-common_147.0.7727.55-1~deb13u1_amd64.deb
 06e02bd7f4df5bc2d72ea5e650c2d1c683eb3f83 33129868 chromium-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 d96946881edda479cddb44aaff804bcc48c09694 7471492 chromium-driver_147.0.7727.55-1~deb13u1_amd64.deb
 1202186002502831485a25c26dcd4fc5a1af6ad2 28044196 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 24d00acf39b87215bab005cce2d6c2a356dff2c6 62267532 chromium-headless-shell_147.0.7727.55-1~deb13u1_amd64.deb
 338dccaf9e8d3133bf411d9391077ac45911b2fe 20220 chromium-sandbox-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 9e83a8cfdb6f70a32c4820ae04427d91970f963f 113656 chromium-sandbox_147.0.7727.55-1~deb13u1_amd64.deb
 b3e16127fc6c7ad4517a9278ec10743d6555d3ab 29558760 chromium-shell-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 ce3622a91d3c65e206870eb0cf63d2c067e5d2b5 61700532 chromium-shell_147.0.7727.55-1~deb13u1_amd64.deb
 3aa8636fd8d5c9a281d2470153b17bab7e8e16dc 30402 chromium_147.0.7727.55-1~deb13u1_amd64-buildd.buildinfo
 57ce5bdd2e20a6ea0aa27dc85a1ee84058ae8ed7 84342856 chromium_147.0.7727.55-1~deb13u1_amd64.deb
Checksums-Sha256:
 c31b92fa2540a5c5a5ab278b9dd7e87ca40733fa87fea9c8992728bcdc77e2c5 5141452 chromium-common-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 71686b509ff7728d4a6d3667d1ebbdf4cee389e4fa89405cf01107075252ac02 25368580 chromium-common_147.0.7727.55-1~deb13u1_amd64.deb
 4f2751192edf20e9ffbada9a8bc1b33e83fe4788692263299a45365a85dc576b 33129868 chromium-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 364660700e696dddc9abefb5158429304831b55b95ae4d5e1f6a94e8852972f2 7471492 chromium-driver_147.0.7727.55-1~deb13u1_amd64.deb
 66187302af2c197fa5c17329e1b0eb1e34eba13a8ed90c360156d7c6dd8534b1 28044196 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 c611880ccc3910375ca13f4c69a761e83d798788942ff2a32f2ed681a29e2209 62267532 chromium-headless-shell_147.0.7727.55-1~deb13u1_amd64.deb
 c1253dcaa677c963e6de245b771ed91fa0efa30bcb708cea55f9c05dd38a9989 20220 chromium-sandbox-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 7a81aff79d312bc5844dc322342c5eaeb7935c2065b99c5902ab31619a516b97 113656 chromium-sandbox_147.0.7727.55-1~deb13u1_amd64.deb
 ee235bf71cfa0ee6bfe5e99f18b20bfcb80b030238e5746319452c370b33474e 29558760 chromium-shell-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 fa3316558e2f689ff42e20e5889f4e5cf9eb6442ceea88f5936d2cfde054f744 61700532 chromium-shell_147.0.7727.55-1~deb13u1_amd64.deb
 e878c71fdf9d4b7e21908ffdb9083091b5d9afa925efeb29a5e90f109f1c32ef 30402 chromium_147.0.7727.55-1~deb13u1_amd64-buildd.buildinfo
 c9bc37e9a9a3cbda7e664afaf846e4cca50fbe764637bb5bdfc01b62fe7e6d7e 84342856 chromium_147.0.7727.55-1~deb13u1_amd64.deb
Files:
 a6a25fbe7892bde86df8f3257b8d4b26 5141452 debug optional chromium-common-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 ef499081ecb83b573ab90f99dda70468 25368580 web optional chromium-common_147.0.7727.55-1~deb13u1_amd64.deb
 521a5996a6e72279e8589c8be436798c 33129868 debug optional chromium-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 035ee64c10c81055049815a20de643c1 7471492 web optional chromium-driver_147.0.7727.55-1~deb13u1_amd64.deb
 41936df1a52e097791d3b92ad027967e 28044196 debug optional chromium-headless-shell-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 4208efbb110429531db845a4baafa25e 62267532 web optional chromium-headless-shell_147.0.7727.55-1~deb13u1_amd64.deb
 56f2753b577ba17339f28a784f42210d 20220 debug optional chromium-sandbox-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 48e5d5a2eb420934b575358513954808 113656 web optional chromium-sandbox_147.0.7727.55-1~deb13u1_amd64.deb
 d825e4723cc52471083fd73d0c39b9c6 29558760 debug optional chromium-shell-dbgsym_147.0.7727.55-1~deb13u1_amd64.deb
 dc0273a539d095027f3c7470246aacbf 61700532 web optional chromium-shell_147.0.7727.55-1~deb13u1_amd64.deb
 2e07a33eefc4e3c2f2cea4780ec6f4e5 30402 web optional chromium_147.0.7727.55-1~deb13u1_amd64-buildd.buildinfo
 4fa77073a15c202f0d2ba1e413d09bf7 84342856 web optional chromium_147.0.7727.55-1~deb13u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmnYwNkACgkQGNGWmfrq
ILHy0w/9Ew+FF1DexKvfVXNv2pgrAw0zYwe+1LCEH6Qs59YVxd+D+j+bA0H5c5PZ
eVZ2mCg7KdiSFZEzsW9vPTT04KDOIzGVYvjKtHZoXj0614L3nufc3u82BMJA/L7m
0zZYKyCscrcOOWxWUipBGwP4GB7w7SAHaGta1svOe5tvbb/5wZX5h+vqKp1MHtnY
xL7njWbKLoJj20CxEzuFL1l+RLhsGwSRWDQ7GdPaoTy89oPO4iTAGPcdeWswx6vG
vcZzSnkArSYzJDTLgQQhplBUkzzoeC5a1IdePZnq1vw5VxfpSE34BY/bQmLHwo0A
AOC3F3yiSV5w9uXsVzAwSGOpn7j7usKyEuLtcuxPRh29psi8XjxJ6NnsXIUFUF5C
TwJUzs3333AQ2N3JgR+foxjaFjUItZxKIT9M3vqalMWZd1dRmzMjbm56i2eo8PaO
/1U/1GjgpBCgKZOEcosLwqWwfq3D+zTBNz4alfiJrEMkq93l2ADcmyMO8JmGJhNX
C3PZZlDEKn4ZJ0GIv1q7HrO8PBTZYgd+avSqZEH1MNc4L4+KLrXLOtYCSuuAcvEE
XUxyREySqupuG38W6OoIn7K8odH5V0Tlo7E/g0rrtYS9nn/M8WiNiP00E0onbKqS
gt3Uk0LzEMt5vlQ1tLy4CU3P34jGxxpVGuTw0uJwo4TZ8xbcaCQ=
=yTv5
-----END PGP SIGNATURE-----