-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 146.0.7680.71-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.71-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
     - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3916: Out of bounds read in Web Speech.
       Reported by Grischa Hauser.
     - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
     - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
     - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
     - CVE-2026-3921: Use after free in TextEncoding.
       Reported by Pranamya Keshkamat & Cantina.xyz.
     - CVE-2026-3922: Use after free in MediaStream.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3923: Use after free in WebMIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3924: Use after free in WindowDialog.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3925: Incorrect security UI in LookalikeChecks.
       Reported by NDevTK and Alesandro Ortiz.
     - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
     - CVE-2026-3927: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
     - CVE-2026-3928: Insufficient policy enforcement in Extensions.
       Reported by portsniffer443.
     - CVE-2026-3929: Side-channel information leakage in ResourceTiming.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3930: Unsafe navigation in Navigation.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3932: Insufficient policy enforcement in PDF.
       Reported by Ayato Shitomi.
     - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3935: Incorrect security UI in WebAppInstalls.
       Reported by Barath Stalin K.
     - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
     - CVE-2026-3937: Incorrect security UI in Downloads.
       Reported by Abhishek Kumar.
     - CVE-2026-3938: Insufficient policy enforcement in Clipboard.
       Reported by vicevirus.
     - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
     - CVE-2026-3940: Insufficient policy enforcement in DevTools.
       Reported by Jorian Woltjer, Mian, bug_blitzer.
     - CVE-2026-3941: Insufficient policy enforcement in DevTools.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-3942: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
   * d/rules: update rustc version string for new upstream expectations of
     no spaces.
   * d/patches:
     - upstream/disable-unrar.patch: drop, merged upstream.
     - disable/signin.patch: drop part of the patch. This patch should be
       reviewed in the future and coordinated w/ ungoogled-chromium, since
       it originally came from them.
     - disable/glic.patch: add a bunch more glic removals.
     - disable/license-headless-shell.patch: refresh.
     - disable/unrar.patch: refresh.
     - system/rollup.patch: refresh.
     - bookworm/foreach.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
     - disable/catapult.patch: update to remove some more catapult deps.
     - fixes/force-rust-nightly.patch: drop, no longer needed.
     - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
       flag/feature added to llvm-23.
     - fixes/bytemuck.patch: add rust build fix in bytemuck.
     - llvm-19/clang-19-crash.patch: add build fix; delete code that makes
       clang-19++ crash.
     - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
       issue.
     - loongarch64/0018-fix-study-crash.patch: refresh.
     - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
       refresh.
     - ppc64le/fixes/fix-study-crash.patch: refresh.
     - llvm-19/clone-traits.patch: add patch to remove a static assertion.
     - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
     - upstream/profile.patch: add header inclusion build fix from upstream.
     - trixie/value-or.patch: move to llvm-19/ directory & also add another
       place that clang-19 gets confused during build.
     - rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
     - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
       changes, and added unsafe{} blocks to the macro definitions to shrink
       this patch in the future [trixie, bookworm].
     - fixes/missing-dep.patch: add patch for dependency-related build failure
       that only happens sometimes.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/patches:
     - disable/lint.patch: New patch to disable CSS/JS linting tools.
     - bookworm/node18-compat.patch: New patch to fix various compatibility
       issues with nodejs 18 [bookworm].
     - trixie/gn-len.patch: Zap another instance of len() for older GN
       [trixie, bookworm].
Checksums-Sha1:
 e2aae90cb563b3fad67dd3996d5594b5995daadb 5116528 chromium-common-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 b7446851add061b5db403507ddec819bfa47910c 29231096 chromium-common_146.0.7680.71-1~deb13u1_amd64.deb
 8a2bde21924512c1c732d823cb74d073d0a9bf9a 33007776 chromium-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 4802c6837bd74173f0aec2c13918299862b40687 7353764 chromium-driver_146.0.7680.71-1~deb13u1_amd64.deb
 2d9a3ebeee41f9827a65bd4e905efe2eee681c07 28073212 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 72c77f52557c97bbfe09364ffebf5385fcd0a9c7 61337720 chromium-headless-shell_146.0.7680.71-1~deb13u1_amd64.deb
 0a4dcf4a9a510f4bbeeee654593db3ba21f8cceb 20216 chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 f726c035ef0e14bfc35ebb53c071f304af3bae21 110908 chromium-sandbox_146.0.7680.71-1~deb13u1_amd64.deb
 7a3085a48effb637dfee755c72cc0043a1b8bc4b 29462668 chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 505385d1f3a2b05694d6c7ac423d35fc0fcc77d7 60768356 chromium-shell_146.0.7680.71-1~deb13u1_amd64.deb
 f735db06d3229b119a9432a74b86ab0bb51557f8 30307 chromium_146.0.7680.71-1~deb13u1_amd64-buildd.buildinfo
 84b2fbabf7f87a13084535e48ca314b8b0a3ecb7 82448528 chromium_146.0.7680.71-1~deb13u1_amd64.deb
Checksums-Sha256:
 371356376fa24e146ff24c6a8d2dc845a61e7dbf3c3d3baff9784ea3c22a2923 5116528 chromium-common-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 c248e3e1d7ec3f4a84f536287b30654cfb0668a286c03ab7546da7ec77a23fa8 29231096 chromium-common_146.0.7680.71-1~deb13u1_amd64.deb
 3cdb92514b5f858bddbd11947f40c136bc61a4b63d525f9b6dcf922ada14772e 33007776 chromium-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 4e6f32c3387e11126015a17da54918c8c64c9bd9354bccb276438085a57d97aa 7353764 chromium-driver_146.0.7680.71-1~deb13u1_amd64.deb
 accb8924595a89f817ded6217b0f46bba375d6cabe00409f3ca3b2b275d4f8c0 28073212 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 fc3835fd5b1bec6cadb6ab67ebdd9fb1c86d8c7679661f35183f4a10c628e77d 61337720 chromium-headless-shell_146.0.7680.71-1~deb13u1_amd64.deb
 cdc55cce9ff12b3f92306f17e8d285ea13e426678b08162a2d9f2b97c25f5939 20216 chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 c000cb751f25b9eec2b424707e42261a7c4b165c92310671f63df8d6bf12c732 110908 chromium-sandbox_146.0.7680.71-1~deb13u1_amd64.deb
 6693bd9ac7ed20695db6461f53008e39997c4b8538450f8a88def6da97e3883c 29462668 chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 934cda759d69404ca804e8286bae62bcd7119ed5df56e75f05eeec3f9e17f200 60768356 chromium-shell_146.0.7680.71-1~deb13u1_amd64.deb
 f3396a46a2637d8bfe14ebaccba3e078ed5b10f4971a4bfe0a63cf4bc30efabc 30307 chromium_146.0.7680.71-1~deb13u1_amd64-buildd.buildinfo
 41ec4d5018707dcd6e2c17a27a360842d6ea73f17f3104b81cad72c4cb8799cf 82448528 chromium_146.0.7680.71-1~deb13u1_amd64.deb
Files:
 518ed727cf5dc80ff311acd11ae26d6e 5116528 debug optional chromium-common-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 103b45910f434974c18ab0ca8dc1b8ab 29231096 web optional chromium-common_146.0.7680.71-1~deb13u1_amd64.deb
 ebddff65a4f0a1b78bd5dca8f13db840 33007776 debug optional chromium-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 bef7ab9705cb0256d765fbcfab66c056 7353764 web optional chromium-driver_146.0.7680.71-1~deb13u1_amd64.deb
 12a0740d1528c3a16f0f0b93217979b7 28073212 debug optional chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 7f7840ae3c671d38cffba264f85fc29e 61337720 web optional chromium-headless-shell_146.0.7680.71-1~deb13u1_amd64.deb
 add11a4df9451835bd1ffb36a1bdfb2c 20216 debug optional chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 6b0736625ae31a4b778561780c519cae 110908 web optional chromium-sandbox_146.0.7680.71-1~deb13u1_amd64.deb
 7c430659ee87349c27e5b6fad8b9dd4b 29462668 debug optional chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_amd64.deb
 1ad9c67b0df321247ab42ed1788d3cae 60768356 web optional chromium-shell_146.0.7680.71-1~deb13u1_amd64.deb
 4c10d034babf6ac1f16f307930c6514b 30307 web optional chromium_146.0.7680.71-1~deb13u1_amd64-buildd.buildinfo
 6d18955872240d291efc7204a105863d 82448528 web optional chromium_146.0.7680.71-1~deb13u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmmzEkoACgkQTwt/65ON
6zdaLQ//VwodgVzHs2CVOcbMIYSutqt2sgCygFvUGliTBWe7t0jeedK3DdioHNy8
+bleArAFJ7tNF6Jy5l20EtBnTQxYIk6WqfibV4K0vt9QJOO+J3JdJmPo5I8np9zw
4lY1C7rqnx3pHYSQdUNlWdAPfRPI3e/VQu0JunvzYlx6Rjmc8z8zZML0K8s4PQOM
f5GzpPncPvqVgKSE9J8qGgE636eKzyCKIg1trOqmpnRFRX8zQ0rWvK6CTPG5SO1v
wC12La9J/LzjKrU4O2WEn/hX+WgwV6UqTkp6VNPixihs3J3SiMIEnC67IYFcw6i9
VIqfm09mNJI5lXGnnyeENPtPREJFWgWgXJn5mVgt0z1mWQf7uG9qDLNr2c8uXBwO
GDJtsoJ/Eyb2F+ZCWUpiB6ymrbQIFvPpML0Hv62tIMqQLhDZqqkGHOs0racSrf+8
y9GBBaX9a+jf/iV+Iji64JusM0KhFECxTY8Uo/EZLvwJ4SJENmp4Opuc9sqvhWcA
FAgNbokypOmokqjTo7vO3wFlL9cs5KvICHYbevXZG+VBty80C/wd4XSDbstqkroC
a6b956corBGfkTjcmQJDKP52g9YmXfkM0VzmZB/bmg/aD0LFuQN3diwE1Wv+s8ut
cW1KkESM9UvpXQmJP92fQWgWYY+Z3/21wPJA/NoIqz7IFDwFS8w=
=5w/1
-----END PGP SIGNATURE-----