-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: ppc64el
Version: 149.0.7827.102-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (149.0.7827.102-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-11628: Use after free in Ozone. Reported by Google.
     - CVE-2026-11629: Use after free in Ozone. Reported by Google.
     - CVE-2026-11630: Use after free in File Input. Reported by Google.
     - CVE-2026-11631: Use after free in Aura. Reported by Google.
     - CVE-2026-11632: Use after free in TabStrip. Reported by Google.
     - CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11634: Use after free in Gamepad. Reported by Google.
     - CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11636: Use after free in Autofill. Reported by Google.
     - CVE-2026-11637: Use after free in Views. Reported by Google.
     - CVE-2026-11638: Use after free in Printing. Reported by Google.
     - CVE-2026-11639: Use after free in Compositing. Reported by Google.
     - CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11642: Use after free in Web Apps. Reported by Google.
     - CVE-2026-11643: Use after free in Proxy. Reported by Google.
     - CVE-2026-11644: Use after free in Views. Reported by Google.
     - CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
     - CVE-2026-11646: Use after free in ViewTransitions.
       Reported by Quac Tran.
     - CVE-2026-11647: Use after free in Printing. Reported by Google.
     - CVE-2026-11648: Use after free in FullScreen.
       Reported by Mihnea Nicolau.
     - CVE-2026-11649: Use after free in V8. Reported by Google.
     - CVE-2026-11650: Use after free in V8. Reported by Google.
     - CVE-2026-11651: Use after free in Network. Reported by Google.
     - CVE-2026-11652: Use after free in Extensions. Reported by Google.
     - CVE-2026-11653: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
     - CVE-2026-11655: Integer overflow in Media. Reported by Google.
     - CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11657: Use after free in Payments. Reported by Google.
     - CVE-2026-11658: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-11659: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11660: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11661: Use after free in Views. Reported by Google.
     - CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
     - CVE-2026-11663: Use after free in Skia. Reported by Google.
     - CVE-2026-11664: Use after free in Payments. Reported by Google.
     - CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-11666: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
     - CVE-2026-11669: Integer overflow in Media. Reported by Google.
     - CVE-2026-11670: Use after free in PDF. Reported by Google.
     - CVE-2026-11671: Use after free in Navigation. Reported by Google.
     - CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
     - CVE-2026-11674: Use after free in Guest View. Reported by Google.
     - CVE-2026-11675: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11677: Race in Network. Reported by Google.
     - CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
     - CVE-2026-11679: Use after free in Codecs. Reported by Google.
     - CVE-2026-11680: Use after free in Media. Reported by Google.
     - CVE-2026-11681: Use after free in Ozone. Reported by Google.
     - CVE-2026-11682: Insufficient validation of untrusted input in Views.
       Reported by Google.
     - CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-11684: Insufficient policy enforcement in Network.
       Reported by Google.
     - CVE-2026-11685: Insufficient data validation in MediaCapture.
       Reported by Google.
     - CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
       Reported by Google.
     - CVE-2026-11687: Use after free in Dawn. Reported by Google.
     - CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
     - CVE-2026-11689: Insufficient validation of untrusted input in
       Passwords. Reported by Google.
     - CVE-2026-11690: Out of bounds read and write in Media.
       Reported by Google.
     - CVE-2026-11691: Insufficient validation of untrusted input in
       New Tab Page. Reported by Google.
     - CVE-2026-11692: Use after free in Read Anything. Reported by Google.
     - CVE-2026-11693: Inappropriate implementation in Plugins.
       Reported by Google.
     - CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
     - CVE-2026-11695: Inappropriate implementation in Passwords.
       Reported by Google.
     - CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
     - CVE-2026-11697: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-11700: Use after free in Tracing. Reported by Google.
     - CVE-2026-11701: Insufficient validation of untrusted input in Guest
       View. Reported by Google.
   * d/patches:
     - fixes/arm-logging.patch: add patch to hopefully fix build failure
       on arm*.
     - loongarch64/0024-fix-libyuv-lsx.patch: refresh.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
       upstream changes
     - core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
 9eb923cf61ffb4c6402fd776eb1e5b0e35a46ded 6135480 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 2c4ca3ed5d5f3e87d397ef8aea584adf5456faa1 33048916 chromium-common_149.0.7827.102-1~deb12u1_ppc64el.deb
 c3f4d3227342fc7795b47a574ab0c0f558059d20 32265552 chromium-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 099b9277ae3164e74ef5f58a7fd07bac53474dc4 8671124 chromium-driver_149.0.7827.102-1~deb12u1_ppc64el.deb
 9a47a82f2a7d8578601276f5b8fa2e833950a45c 25526156 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 60eeabc68f0f690c50a1858dca24a9a8a4374f78 56928080 chromium-headless-shell_149.0.7827.102-1~deb12u1_ppc64el.deb
 5494644bf3c49559ca15c335c16d4723172ce5c1 19240 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 ab6716f6be9522a8801cbf544ca5adba2bc61882 127568 chromium-sandbox_149.0.7827.102-1~deb12u1_ppc64el.deb
 bf62d455fae1f0815bc54550060a4f2e6b6fb790 27784600 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 4f8fcda42fced4d4c8ff634f90ed7bd6fdc626cb 62255792 chromium-shell_149.0.7827.102-1~deb12u1_ppc64el.deb
 193c160da82d0b459e2869d471f55bca878b2b5c 30415 chromium_149.0.7827.102-1~deb12u1_ppc64el-buildd.buildinfo
 172c3fcf68bfce8a82b54a6285491efd652cc844 74467304 chromium_149.0.7827.102-1~deb12u1_ppc64el.deb
Checksums-Sha256:
 54e7019dd61988f581b6d0c9ef590af29adcad9ba338544b62681426a9fe29da 6135480 chromium-common-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 519b7a952d69bce9ba7a11a4fd76d58c5d077cabf598f6542c1fe14b75df20ea 33048916 chromium-common_149.0.7827.102-1~deb12u1_ppc64el.deb
 e1a4beb20f5b576b7ca52e4b96acbd2c14746ae1411d346ef95539e09819913f 32265552 chromium-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 2da9265ad25c022951be63d8860fb2968cb5bb2fbc75e0907e51838cde45a9b5 8671124 chromium-driver_149.0.7827.102-1~deb12u1_ppc64el.deb
 366f2fea589d80ebb89ec4f927a886272dcaf2e411b3ee341a80e35c9132f214 25526156 chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 559c8bfe147dc8d777b7c6165a88e6b3462474dbaee7b26cc2478b58fc298477 56928080 chromium-headless-shell_149.0.7827.102-1~deb12u1_ppc64el.deb
 12bb9b4b7181f92be3fba2061fc7ce77b40c70a8cf0556872cdc7b87046d7c95 19240 chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 24ed7e7997159378537e2ae67cb81809650cd52ae481d6ed1a2ee0dd19517bbb 127568 chromium-sandbox_149.0.7827.102-1~deb12u1_ppc64el.deb
 a716c44f278e9759c13803ea8a1a8592c16c198fe33055cfe8ad68a7267ba4a8 27784600 chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 3a116e131d143ff2e9cc0542321be629845d6f512a73c9220cbd6001e94c06b2 62255792 chromium-shell_149.0.7827.102-1~deb12u1_ppc64el.deb
 ba6d2d159e40c926960be4f12965314607ee3c4e2f41e10f6af2efde2d0b7d77 30415 chromium_149.0.7827.102-1~deb12u1_ppc64el-buildd.buildinfo
 0daffe0bf29ffcc7c7a2eb95b04c90549c06e0c27bb48e3b172ebad503eaa872 74467304 chromium_149.0.7827.102-1~deb12u1_ppc64el.deb
Files:
 22359c59899d9b89c442723439f0b2fc 6135480 debug optional chromium-common-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 d9b350e71b4c6aabf2f4ec72d56395ae 33048916 web optional chromium-common_149.0.7827.102-1~deb12u1_ppc64el.deb
 19e7aac3e9cf9953c153b255ef4e79bf 32265552 debug optional chromium-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 9b13f5d78753d482ab8fec06c1c3660c 8671124 web optional chromium-driver_149.0.7827.102-1~deb12u1_ppc64el.deb
 c13d570a2991f28c782b112c31c78f20 25526156 debug optional chromium-headless-shell-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 3fa3ff17c7e3d29320adc37ca052d640 56928080 web optional chromium-headless-shell_149.0.7827.102-1~deb12u1_ppc64el.deb
 0fbe01712dad35c461299e06b0f3cc11 19240 debug optional chromium-sandbox-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 d8d13ff938569a38b79e582974ad94de 127568 web optional chromium-sandbox_149.0.7827.102-1~deb12u1_ppc64el.deb
 77cec719882ec56e2dc2ab7b1b8ea4bc 27784600 debug optional chromium-shell-dbgsym_149.0.7827.102-1~deb12u1_ppc64el.deb
 8f61c4bfe81e87f7d53f09f9944cc333 62255792 web optional chromium-shell_149.0.7827.102-1~deb12u1_ppc64el.deb
 b071f131697748d227907953cbb1155f 30415 web optional chromium_149.0.7827.102-1~deb12u1_ppc64el-buildd.buildinfo
 d67beaae4143b155b0343e30b87cecc4 74467304 web optional chromium_149.0.7827.102-1~deb12u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETLpi2USYGUNSlYhoNINNphgym2QFAmoqFicACgkQNINNphgy
m2QEdxAAnnqz/6c3ApCqf4MnSwqdgkJtpbh52t/bCAOB8I97bAtzfhgEmQO+Ztrw
b30ToG++8EOXkRO+/UwmQ4hx13H/rdqFhGvu1faW9Pa1RCj5i1Y1gbdg7DvCHTV7
3X8XO6fCUI6fhaguaoU3JfkS7uoVI51qClf0z7NMitqjuCJPTMtO4QBkfZ/I/scP
ElPAUlrcixakX4YYAEGKjifjskYXBr7Mxqo7SntbWqc+mNd7aSgAoAfQKr+qL3lh
q044EJWVFC5e256OnShCLn7d2eLRnJ5BHtQu1WSbu1AURvKjEfY1gjXRcEjoJqvI
tl5O+cs1ZkRchvUoYj9BGinFmoi4skggeUL/FZXFV1S6cDk3TqeIjITd0/9Uo2W/
RSkTao1e1z+7tzhWLhsBLCsJ7E98EljU5fgjyI/eZcz6F3IXGBIqpY2KtfzKhg1Q
I0C7E/KxjflV0MDC7W2NwFUm2kNUqfEKtEW6a71hsbuFdR35OH8SMqi9Na79Nzwi
t+TuLjlIGvMA1hwW/q9UOQnLeope/TcgtBkuSHsTMcjzj1ATsBj/JL1DLBSxspdp
p8rj6X/FUe8R+FiMtXJprZZfAuSnHXSO2RYkbFCPPfFpIIOQeMOOPMLGchv9q3gk
6zJJjXESZLWp29yAI5JWzvxfhKnZe2e06g39fOt0BHwYuJ85Zvs=
=OCav
-----END PGP SIGNATURE-----