-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Architecture: source
Version: 146.0.7680.71-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (146.0.7680.71-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
     - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3916: Out of bounds read in Web Speech.
       Reported by Grischa Hauser.
     - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
     - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
     - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
     - CVE-2026-3921: Use after free in TextEncoding.
       Reported by Pranamya Keshkamat & Cantina.xyz.
     - CVE-2026-3922: Use after free in MediaStream.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3923: Use after free in WebMIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3924: Use after free in WindowDialog.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3925: Incorrect security UI in LookalikeChecks.
       Reported by NDevTK and Alesandro Ortiz.
     - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
     - CVE-2026-3927: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
     - CVE-2026-3928: Insufficient policy enforcement in Extensions.
       Reported by portsniffer443.
     - CVE-2026-3929: Side-channel information leakage in ResourceTiming.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3930: Unsafe navigation in Navigation.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3932: Insufficient policy enforcement in PDF.
       Reported by Ayato Shitomi.
     - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3935: Incorrect security UI in WebAppInstalls.
       Reported by Barath Stalin K.
     - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
     - CVE-2026-3937: Incorrect security UI in Downloads.
       Reported by Abhishek Kumar.
     - CVE-2026-3938: Insufficient policy enforcement in Clipboard.
       Reported by vicevirus.
     - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
     - CVE-2026-3940: Insufficient policy enforcement in DevTools.
       Reported by Jorian Woltjer, Mian, bug_blitzer.
     - CVE-2026-3941: Insufficient policy enforcement in DevTools.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-3942: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
   * d/rules: update rustc version string for new upstream expectations of
     no spaces.
   * d/patches:
     - upstream/disable-unrar.patch: drop, merged upstream.
     - disable/signin.patch: drop part of the patch. This patch should be
       reviewed in the future and coordinated w/ ungoogled-chromium, since
       it originally came from them.
     - disable/glic.patch: add a bunch more glic removals.
     - disable/license-headless-shell.patch: refresh.
     - disable/unrar.patch: refresh.
     - system/rollup.patch: refresh.
     - bookworm/foreach.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
     - disable/catapult.patch: update to remove some more catapult deps.
     - fixes/force-rust-nightly.patch: drop, no longer needed.
     - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
       flag/feature added to llvm-23.
     - fixes/bytemuck.patch: add rust build fix in bytemuck.
     - llvm-19/clang-19-crash.patch: add build fix; delete code that makes
       clang-19++ crash.
     - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
       issue.
     - loongarch64/0018-fix-study-crash.patch: refresh.
     - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
       refresh.
     - ppc64le/fixes/fix-study-crash.patch: refresh.
     - llvm-19/clone-traits.patch: add patch to remove a static assertion.
     - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
     - upstream/profile.patch: add header inclusion build fix from upstream.
     - trixie/value-or.patch: move to llvm-19/ directory & also add another
       place that clang-19 gets confused during build.
     - rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
     - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
       changes, and added unsafe{} blocks to the macro definitions to shrink
       this patch in the future [trixie, bookworm].
     - fixes/missing-dep.patch: add patch for dependency-related build failure
       that only happens sometimes.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/patches:
     - disable/lint.patch: New patch to disable CSS/JS linting tools.
     - bookworm/node18-compat.patch: New patch to fix various compatibility
       issues with nodejs 18 [bookworm].
     - trixie/gn-len.patch: Zap another instance of len() for older GN
       [trixie, bookworm].
Checksums-Sha1:
 3381fa5df3067a00fd7bc6136b6edcbf2780afe4 4092 chromium_146.0.7680.71-1~deb13u1.dsc
 14703cccb2cc8cb6c98847a167cfff5b58fd9b08 786527720 chromium_146.0.7680.71.orig.tar.xz
 413c3ae9b628d266a6243a9e734d47ea2e791435 466120 chromium_146.0.7680.71-1~deb13u1.debian.tar.xz
 aad5ad5b3c3e859ae1a9ef5f47f24333bf78f9b9 26797 chromium_146.0.7680.71-1~deb13u1_source.buildinfo
Checksums-Sha256:
 5da58b34f84d322e1b8d712c26c0d87b30b7261964170061ae000f334290e131 4092 chromium_146.0.7680.71-1~deb13u1.dsc
 15fda8dbd2866c18cc483782d54aa83b19cb8d4bc1b12b3cc5feef6022b70fa7 786527720 chromium_146.0.7680.71.orig.tar.xz
 532dc14a75f21e8d14b7036c6531bf1b4ac0161e2b4c9648c6dcc0f78eb1ee1a 466120 chromium_146.0.7680.71-1~deb13u1.debian.tar.xz
 b7d8895abe6a2a75249bac60443af46bce973fa77699a583d8cfd74b471f63b2 26797 chromium_146.0.7680.71-1~deb13u1_source.buildinfo
Files:
 91c28c483cda2b359fc58afdb02f0ef7 4092 web optional chromium_146.0.7680.71-1~deb13u1.dsc
 c7a4cfa9a116b60cfa014323b6d9e3bc 786527720 web optional chromium_146.0.7680.71.orig.tar.xz
 4e7a9d6fb6654e142cfcded965a6a28a 466120 web optional chromium_146.0.7680.71-1~deb13u1.debian.tar.xz
 00fde8c878da9859af2835a125c7bc49 26797 web optional chromium_146.0.7680.71-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmmyNA4UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfCAQ/+LOPoflX7uWED+9OsGx88tQFn+5tI
X6yNYarKtWZUWZhTWVtKex5AM0T4Qj346cuulzDTBykrVsnXtfWLl205hK9fNvya
J75Tm8+r9zlmYY8X5lGMU8Pfydf9QSkK+yjhoDJ7WsZvnQjRvtwnI2LdKbPpdP9w
DpesgnE/CdfcYDYYIgAnKyi2tFnWoXwClVkiSDcFwl4BFjhORzeWSv7sV2x+MksB
JOuUVKC5VsXjt1xTUsGfvxQoMiulmWaX+uFD5jr1qTMsKxMqGEoKTsZPaZvDjqoD
WoDJ4Z3WlsVhK322A73y0DQUSLggHwmGMetLCvxM2+gXHsvzl2dPD76wnv2PwI5T
rB8Qr4YY+7F48mqzs8jdemHLTJzUObXXmtctcz2TIkNlcxhI+1zG/9lG1ORrflE/
5WuC4oXW/qSYYZDzZQuCv6Yj/6p9k35+obr68zvQrQiZjWI0L9qrcgtm/bVg+k7Q
MyS2gGSK+dk1ffvwm4fapuJKBaXPZQvEPolV1u7ZmJlC+aY5Vyjae4jJRLoTDSgG
L5PRsU7Nen8qaWj35MS+Wy3oCMVmQz9w7g9N0uc1D0tFMG8fJDLbFEFJ1sbAM8pF
MqKpGPWynXV6ZBEY/adHkpNrYN15m/DeTRD2Lf6pZmBIn2aCrQj/HRtanGyn++Hk
V+fx7M1HM8fuFy0=
=VzY2
-----END PGP SIGNATURE-----