-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 13 Feb 2026 04:52:11 -0500
Source: chromium
Architecture: source
Version: 145.0.7632.75-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (145.0.7632.75-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream security release.
     - CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim.
 .
 chromium (145.0.7632.45-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive),
       Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive).
     - CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google.
     - CVE-2026-2315: Inappropriate implementation in WebGPU.
       Reported by Google.
     - CVE-2026-2316: Insufficient policy enforcement in Frames.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-2317: Inappropriate implementation in Animation.
       Reported by Brendan Draper.
     - CVE-2026-2318: Inappropriate implementation in PictureInPicture.
       Reported by Shaheen Fazim.
     - CVE-2026-2319: Race in DevTools. Reported by Anonymous.
     - CVE-2026-2320: Inappropriate implementation in File input.
       Reported by Alesandro Ortiz.
     - CVE-2026-2321: Use after free in Ozone. Reported by Google.
     - CVE-2026-2322: Inappropriate implementation in File input.
       Reported by Robbe Van Roey | PinkDraconian.
     - CVE-2026-2323: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
   * d/copyright:
     - delete third_party/litert/src, Google's new WebAI thing.
     - delete esbuild directory so we can use debian's esbuild.
     - delete new rollup binary rollup-linux-x64-gnu.
   * d/rules:
     - build with webnn_use_tflite=false to fix build.
     - disable building a bunch more unit tests.
     - copy esbuild libs and binary from the system.
   * d/control:
     - build-dep on libpthreadpool-dev.
     - build-dep on esbuild.
   * d/patches:
     - CVE-2026-1861.patch: drop, merged upstream.
     - CVE-2026-1862.patch: drop, merged upstream.
     - upstream/fix-rk3588-v4l2-av1-decoder.patch: drop, merged upstream.
     - debianization/manpage.patch: refresh.
     - debianization/rustc-bootstrap.patch: refresh.
     - fixes/armhf-no-thumb.patch: rework patch due to upstream dropping
       non-thumb.
     - disable/tests.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/widevine-cdm-cu.patch: refresh.
     - upstream/disable-unrar.patch: add upstream fix for disabling unrar.
     - trixie/gn-string-hash.patch: add a workaround for older gn missing
       string_hash() function.
     - disable/enterprise-tests.patch: add patch to fix build error
       related to building unnecessary unit tests.
     - system/rollup.patch: update for upstream changes around switching
       some rollup calls to esbuild and away from rollup-wasm.
     - llvm-19/static-assert.patch: add build fixes specific to clang-19.
     - disable/unrar.patch: add another build fix for deleting unrar.
     - trixie/gn-len.patch: add build fix for trixie's older gn.
     - trixie/nodejs-main.patch: add build fix for trixie's older nodejs.
     - rust-1.85/jxl-features.patch: enable some unstable features for jxl.
     - rust-1.85/jxl-simd-avx512.patch: enable unstable features for
       jxl_simd, and also mark a bunch of avx-related calls as unsafe due to
       an older rustc bug.
     - rust-1.85/parsing.patch: add unstable let_chains features.
 .
   [ Timothy Pearson ]
   * d/patches:
     - patches/fixes/swiftshader-dependencies.patch: Fix SwiftShader include
       dependencies
   * d/patches/ppc64le:
     - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: Remove
       obsolete Clang 7 workaround and refresh for upstream changes
     - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - ppc64le/third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.pa:
       refresh for upstream changes
     - ppc64le/fixes/fix-page-allocator-overflow.patch: Refresh for upstream
       changes
     - ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       Regenerate from upstream sources
     - ppc64le/sandbox/0009-sandbox-ignore-byte-span-error.patch: Work around upstream
       byte_span_from_ref issues
 .
   [ Jianfeng Liu ]
   * d/patches:
     - loongarch64/0012-sandbox-linux-add-statx-support-for-loongarch64.patch:
       update for upstream changes.
     - loongarch64/0016-medium-cmodel-support-for-loongarch64.patch: refresh.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - trixie/rust-is-multiple-of.patch: Drop the -Zallow-features= bit.
     - disable/rustc-allow-features.patch: move the -Zallow-features=
       flag here so that it's separate from individual rust fixes.
Checksums-Sha1:
 e05009608e247122ea340df6394bd3c8beb3e095 4106 chromium_145.0.7632.75-1~deb13u1.dsc
 095b839b85ed46d3e8ccfaca94732aa5983c3323 749398580 chromium_145.0.7632.75.orig.tar.xz
 8e1411fb5a5e3873de21cdbf9bd5af16d526a8f3 453568 chromium_145.0.7632.75-1~deb13u1.debian.tar.xz
 b99a83c49f5fe48c9f28a790347240fbccf5c78b 26889 chromium_145.0.7632.75-1~deb13u1_source.buildinfo
Checksums-Sha256:
 7e6f340d28b52994a406f0f427eedce8d78c4f8a4a1043a18802cd0f9cbb7738 4106 chromium_145.0.7632.75-1~deb13u1.dsc
 bffb79d531284fdf48c63c4a79223b55f62ff7f6dc14068e5d16f685deee077d 749398580 chromium_145.0.7632.75.orig.tar.xz
 57bff62a2ff21d595212dc7679e8014ce4688478a7de5980af40c380180e054c 453568 chromium_145.0.7632.75-1~deb13u1.debian.tar.xz
 898ecc1c8a2db8165119329a20d20964f7c9bee489dc908a6e625cb5094b9ff7 26889 chromium_145.0.7632.75-1~deb13u1_source.buildinfo
Files:
 9f9969626248a3c27792f9b9ef08a00a 4106 web optional chromium_145.0.7632.75-1~deb13u1.dsc
 4dd125e5d12945ff07913c7aff1293b4 749398580 web optional chromium_145.0.7632.75.orig.tar.xz
 6b68ae8f84c21e0a79f7e386bade3e45 453568 web optional chromium_145.0.7632.75-1~deb13u1.debian.tar.xz
 f1619d346b428e26ab94a4a96433362f 26889 web optional chromium_145.0.7632.75-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmmQFLoUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjdJ8xAAxPTEtt479WuJT/6apknXvi/2aOUL
kkcPY5JagJBwf4r4qQNrZqLOHAdSAf2g0txW5Lzu5Jj5N1CdFu1RWxm1scNWnIbS
Vl7uFSo0sGyAViHICjB/REiDlwg5lKP/sWIwxXAZDzyh1Gh4rWQy8OkeXv1GXejc
Q851Psg3PI10D0sq3vNpD6zrD9xw6D/UabRV6xwGtJapJlbKOAZfC+vIUHbVN+lO
il++qguroBFuK6FisF+IEo2wGJUJ86qJm/EGhPRysig0RsEoS1OmXfaKO4pjLYcy
UzZQwkvv3/JajQR2HVg0Jkr/kK7HoCd6kwR1Xbn/ds+MqEEIn8x6GkP2lE1vI0PT
doPoj3Ptke3j6dhlBr4zFy6Ib0rY18G1E7M1uhJHcXUqAKfnbAAInsi0A1R7bbFY
/ukJsvqy4bdMSNRto9ZCL6IPJXZN/K1kKJhbfTVPzxMpekhOQDAGcRhMHJxb0Psw
d/pCYrPMkOPq0JXnpI5nHZGDhMg0YPwAEHvdZV63skV0zXJv/52q8Cetf17jKB2h
jdS/l/xdkyypzLivnhHpTHIAzftKcxLQGhHYW/8a/e2jV/Ew7NkXFcHsenSXrDDC
+OSJIiq6FzsLJAdhbr3BdZmL57xPInEvPoCnUylJqpiXEvSD+YP8UyDgQohClfDo
7KvhEaoL3RfmdOw=
=Qc2U
-----END PGP SIGNATURE-----