-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Apr 2026 03:34:02 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 147.0.7727.55-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1132651
Changes:
 chromium (147.0.7727.55-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-5858: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5859: Integer overflow in WebML. Reported by Anonymous.
     - CVE-2026-5860: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5861: Use after free in V8. Reported by 5shain.
     - CVE-2026-5862: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5863: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse.
     - CVE-2026-5865: Type Confusion in V8.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-5866: Use after free in Media.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse.
     - CVE-2026-5868: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-5869: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5870: Integer overflow in Skia. Reported by Google.
     - CVE-2026-5871: Type Confusion in V8. Reported by Google.
     - CVE-2026-5872: Use after free in Blink. Reported by Google.
     - CVE-2026-5873: Out of bounds read and write in V8. Reported by Google.
     - CVE-2026-5874: Use after free in PrivateAI. Reported by Krace.
     - CVE-2026-5875: Policy bypass in Blink.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5876: Side-channel information leakage in Navigation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5877: Use after free in Navigation.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2026-5878: Incorrect security UI in Blink.
       Reported by Shaheen Fazim.
     - CVE-2026-5879: Insufficient validation of untrusted input in ANGLE.
       Reported by parkminchan, working for SSD Labs Korea.
     - CVE-2026-5880: Incorrect security UI in browser UI.
     - CVE-2026-5881: Policy bypass in LocalNetworkAccess. Reported by asnine.
     - CVE-2026-5882: Incorrect security UI in Fullscreen.
     - CVE-2026-5883: Use after free in Media. Reported by sherkito.
     - CVE-2026-5884: Insufficient validation of untrusted input in Media.
       Reported by xmzyshypnc.
     - CVE-2026-5885: Insufficient validation of untrusted input in WebML.
       Reported by Bryan Bernhart.
     - CVE-2026-5886: Out of bounds read in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5887: Insufficient validation of untrusted input in Downloads.
       Reported by daffainfo.
     - CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by
       the Octane Security Team: Giovanni Vignone, Paolo Gentry,
       Robert van Eijk.
     - CVE-2026-5889: Cryptographic Flaw in PDFium. Reported by mlafon.
     - CVE-2026-5890: Race in WebCodecs. Reported by Casper Woudenberg.
     - CVE-2026-5891: Insufficient policy enforcement in browser UI.
       Reported by Tianyi Hu.
     - CVE-2026-5892: Insufficient policy enforcement in PWAs.
       Reported by Tianyi Hu.
     - CVE-2026-5893: Race in V8. Reported by QYmag1c.
     - CVE-2026-5894: Inappropriate implementation in PDF.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5895: Incorrect security UI in Omnibox.
       Reported by Renwa Hiwa @RenwaX23.
     - CVE-2026-5896: Policy bypass in Audio.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5897: Incorrect security UI in Downloads.
       Reported by Farras Givari.
     - CVE-2026-5898: Incorrect security UI in Omnibox.
       Reported by saidinahikam032.
     - CVE-2026-5899: Incorrect security UI in History Navigation.
       Reported by Islam Rzayev.
     - CVE-2026-5900: Policy bypass in Downloads.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5901: Policy bypass in DevTools.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5902: Race in Media. Reported by Luke Francis.
     - CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands.
     - CVE-2026-5904: Use after free in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-5905: Incorrect security UI in Permissions.
       Reported by daffainfo.
     - CVE-2026-5906: Incorrect security UI in Omnibox.
       Reported by mohamedhesham9173.
     - CVE-2026-5907: Insufficient data validation in Media.
       Reported by Luke Francis.
     - CVE-2026-5908: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5909: Integer overflow in Media.
       Reported by Mohammed Yasar B & Ameen Basha M K.
     - CVE-2026-5910: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5911: Policy bypass in ServiceWorkers. Reported by lebr0nli
       of National Yang Ming Chiao Tung University, Dept. of CS, Security
       and Systems Lab.
     - CVE-2026-5912: Integer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5913: Out of bounds read in Blink.
       Reported by Vitaly Simonovich.
     - CVE-2026-5914: Type Confusion in CSS. Reported by Syn4pse.
     - CVE-2026-5915: Insufficient validation of untrusted input in WebML.
       Reported by ningxin.hu@intel.com.
     - CVE-2026-5918: Inappropriate implementation in Navigation.
       Reported by Google.
     - CVE-2026-5919: Insufficient validation of untrusted input in WebSockets.
       Reported by Richard Belisle.
   * d/patches:
     - upstream/profile.patch: drop, merged upstream.
     - upstream/fix-boringssl-loong64.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/unrar.patch: drop, merged upstream.
     - trixie/nodejs-set-intersection.patch: update for upstream refactoring.
     - bookworm/clang19.patch: -fno-lifetime-dse is unsupported. Also move
       to llvm-19 directory.
     - ungoogled/disable-ai.patch: sync from ungoogled-chromium project.
       Also re-add code that creates new tab's search bar (closes: #1132651).
     - debianization/safe-libcxx.patch: add a patch to force building with
       libc++'s LIBCPP_HARDENING_MODE turned on. See
       https://issues.chromium.org/issues/485696265 for the
       (security-related) rationale.
     - llvm-19/static-assert.patch: add another chunk of static_assert()
       removals that clang 19 needs.
     - rust-1.85/image.patch: enable nightly features for image_v0.25
       [trixie, bookworm].
     - bookworm/constexpr.patch: update/refresh for renamed file [bookworm].
   * d/rules:
     - drop "enable_glic=false", as upstream now forces their AI on everyone;
       but we strip it out with ungoogled/disable-ai.patch.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - bookworm/gn-absl.patch: Add visibility specifier to absl/crc:crc32,
       and re-sort the patch to keep the edits organized.
     - trixie/gn-len.patch: Refresh.
     - trixie/gn-module-name.patch: New patch to address older GN not knowing
       about the {{cc_module_name}} substitution [trixie, bookworm].
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: regenerate
 .
   [ Jianfeng Liu ]
   * d/patches/loongarch64:
     - 0024-disable-BROTLI_MODEL-macro-for-some-targets.patch: add upstream
       patch to fix brotil on loong64
Checksums-Sha1:
 450cee31905aab143f435af2f4a5e2aab67a15a8 5306220 chromium-common-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 af501ed71f438360d39d53983de2f51bf72b2710 25350632 chromium-common_147.0.7727.55-1~deb13u1_i386.deb
 ffd551eb51d330c8805c17c03b3960306eb01c48 35911484 chromium-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 60d188dc54552be0a83bb6474fb845b78e2ff64d 7880456 chromium-driver_147.0.7727.55-1~deb13u1_i386.deb
 728a1eeaa13c8c690de3e584ec82da460f8e5a42 29670732 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 369bc4396e781e4a8c950ca62dde6667af10e26f 58731728 chromium-headless-shell_147.0.7727.55-1~deb13u1_i386.deb
 37bf46d3c884b100f96bd4e3bd0d2f807fb74d6d 18988 chromium-sandbox-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 75f9bcd438563d56d88a3a1ea3a99bf0f278be36 113536 chromium-sandbox_147.0.7727.55-1~deb13u1_i386.deb
 6d621a5882cc34ac1ca7a98f86a1b0f278651a5d 32479084 chromium-shell-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 73e1b7f72adb5fe54e530b858456af3bcbf7cfc5 64109460 chromium-shell_147.0.7727.55-1~deb13u1_i386.deb
 ec48926fc7f3a2362f848bb45450c61fc86f256d 30324 chromium_147.0.7727.55-1~deb13u1_i386-buildd.buildinfo
 2ec50edc1a5c9f66d9bc178a7dec4bb1b503cae9 76819460 chromium_147.0.7727.55-1~deb13u1_i386.deb
Checksums-Sha256:
 1003836d1331a749a4e6f4a9b0ad5bc48799de96758ef325b77c81bccadb3c78 5306220 chromium-common-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 ab099eaafa8d89885d2794e3631b912737cd7c4c7f3bd56daa4c837df14270ea 25350632 chromium-common_147.0.7727.55-1~deb13u1_i386.deb
 266d4088b3d27a03351f99705ebc05ced31753e19cc24a3c5455bbd9092ccc7a 35911484 chromium-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 2ff6d044894fa81e2ed7106d81d5bf640a79712728683873ea1451a6b883137d 7880456 chromium-driver_147.0.7727.55-1~deb13u1_i386.deb
 078bb65356d74cf7b810b4ef35f62c5b81749bf14294a7f9a0684ede4816c4af 29670732 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 0345639592cc0efc58adcf25911cbfb91a88628e6960e95f90b5034e1391c350 58731728 chromium-headless-shell_147.0.7727.55-1~deb13u1_i386.deb
 498a638a59eb7e9fd54aa49950964424ab8196193db4727d92ef45c2bb45e68f 18988 chromium-sandbox-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 c013a89a78121601f6c8012644a10714e9ba2d20083e5da27ed3ae9468eea94c 113536 chromium-sandbox_147.0.7727.55-1~deb13u1_i386.deb
 3feadad34bf123c8dc662da219366df0ed0b62b9521d9583e094b5a5897ce66e 32479084 chromium-shell-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 b259afe2f9ca5d4dad89f536d69a6b3f911065f11f5d001e9ced79a6b81434e8 64109460 chromium-shell_147.0.7727.55-1~deb13u1_i386.deb
 6b5702204c26636f230afdce42802bae0bc64b1694b83b124df4d5bf8eb61de1 30324 chromium_147.0.7727.55-1~deb13u1_i386-buildd.buildinfo
 234f9b567e04cc66139b63b4d235a9eede1cecac0fe431236af043dd3754cf62 76819460 chromium_147.0.7727.55-1~deb13u1_i386.deb
Files:
 e7557fa46cd0ca563b84b5ed21b99835 5306220 debug optional chromium-common-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 b69bc1b76126abba05de166f97a9db3f 25350632 web optional chromium-common_147.0.7727.55-1~deb13u1_i386.deb
 5296855e39361c6dbfa533c7d0111e82 35911484 debug optional chromium-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 00dd33b53b541469d9dcffc2957eb3fd 7880456 web optional chromium-driver_147.0.7727.55-1~deb13u1_i386.deb
 d3e9a2db72bf39ecf3848f18615d4a91 29670732 debug optional chromium-headless-shell-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 73ea2a1c1612320239870b4de627e55f 58731728 web optional chromium-headless-shell_147.0.7727.55-1~deb13u1_i386.deb
 5cf350058f642e5d731bb8905221e68b 18988 debug optional chromium-sandbox-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 d745e1f2c89725282d93223798edd8fa 113536 web optional chromium-sandbox_147.0.7727.55-1~deb13u1_i386.deb
 49ada7f5b95c9d3762fe7dc48ac36b9f 32479084 debug optional chromium-shell-dbgsym_147.0.7727.55-1~deb13u1_i386.deb
 35aec6e818be27626c1865d8961ae698 64109460 web optional chromium-shell_147.0.7727.55-1~deb13u1_i386.deb
 a323994aeba059aeeed83d5b550faa8a 30324 web optional chromium_147.0.7727.55-1~deb13u1_i386-buildd.buildinfo
 44344c97332922b8deff87e7facb6323 76819460 web optional chromium_147.0.7727.55-1~deb13u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmnY4SkACgkQf2INRiCd
aWKuZxAAg3R2dfcvGZDgQgUZhdNvOWMx6BGgptVEoQklH659kNusthsdChppOLre
I40kwVUEzbJezMu6Zktr6jGgqiVX3UYTDZ7FkiYUMWg1mVAp6BnEwUfONikQEooO
25vMrTlebI8kCvI1SDFrS4wmDug9gDj7S0Je/1OvfgDNULDZ9uhD7Fd+e4J6f/A+
Ampk+dLhny+J9ksnzg3Ia7cqakpSQo+ND9aJA4qKfhTS0s3uDvQwbQkfnJw8KNyC
uAHMRe6NGfw9W6sDFGF4IcyaboQYURTzuQIqd2mcLtY/GjnBQwShm47R+Ow2JEyV
otGDwjUW8+qxvX2W5mNgNZQVJw1YJK+JExNMG213SxyxaLP+Clobsqo4P1ccefmW
a9o2mE9Hb19ytC7q+ZhQy5INtnRO4w7Pz76Oj0SbnEwrXCWQgTr1UvADw1xodTOM
d15LsYOvzwojft46Q98r5BKW5lKdhY756jjqHs2t4sfj3LRdRKG24sDBAx0NleK+
yJj487d24kNjznJgxbsPEQZwG2V6Ci/zULBH9mHzW53jAb3dPVzKWVunJi1CAJ+L
+KCBNLSAxNjWDsLeOMTD5+43e52epAG+rpyWokf68j8upCCTWJ4dW0KYc1GCegd3
8Zlw8VjqvdL5s5XUM1AfDfIx7u1uwooFQgmNVdQ4HIE6Kp37m4E=
=2eFg
-----END PGP SIGNATURE-----