-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Apr 2026 12:42:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 146.0.7680.177-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-06) <buildd_arm64-arm-ubc-06@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.177-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-5272: Heap buffer overflow in GPU.
       Reported by inspector-ambitious.
     - CVE-2026-5273: Use after free in CSS. Reported by Anonymous.
     - CVE-2026-5274: Integer overflow in Codecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5275: Heap buffer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5276: Insufficient policy enforcement in WebUSB.
       Reported by Ariel Simon.
     - CVE-2026-5277: Integer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5278: Use after free in Web MIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5279: Object corruption in V8.
       Reported by Hyeonjun Ahn (@_deayzl).
     - CVE-2026-5280: Use after free in WebCodecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5281: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5282: Out of bounds read in WebCodecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5283: Inappropriate implementation in ANGLE.
       Reported by sweetchip.
     - CVE-2026-5284: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5285: Use after free in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5286: Use after free in Dawn. Reported by sweetchip.
     - CVE-2026-5287: Use after free in PDF. Reported by Syn4pse.
     - CVE-2026-5288: Use after free in WebView. Reported by Google.
     - CVE-2026-5289: Use after free in Navigation. Reported by Google.
     - CVE-2026-5290: Use after free in Compositing. Reported by Google.
     - CVE-2026-5291: Inappropriate implementation in WebGL.
       Reported by heapracer (@heapracer).
     - CVE-2026-5292: Out of bounds read in WebCodecs. Reported by Google.
   * d/patches:
     - upstream/Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch:
       drop, merged upstream.
     - ungoogled/disable-ai.patch: resync with u-c.
 .
   [ Daniel Richard G. ]
   * d/copyright: Exclude *.pb (protobuf) binary files.
   * d/patches: Various ungoogled-chromium-related updates.
     - disable/glic.patch: Drop, replaced with disable-ai.patch from the
       ungoogled-chromium project.
     - ungoogled/disable-ai.patch: Import new patch from ungoogled-chromium
       that zaps glic, screen_ai, and various other adjacent AI-based features.
     - ungoogled/disable-mei-preload.patch: Import patch to allow building
       without *.pb files.
     - ungoogled/disable-privacy-sandbox.patch: Update imported patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0005-blink-add-audio-vector-support.patch: Fix FBTFS from
       upstream adding vector-accelerated audio delay functions
 .
   [ Jianfeng Liu ]
   * d/patches/upstream:
     - Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch: Fix
       FBTFS from upstream for blink audio delay function on loong64
Checksums-Sha1:
 644ec32e62adf6b556c320f579f5e2f5d8bc2ce9 5576680 chromium-common-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 3895b4920a5006a781078bebc5dc647c819ee8bd 29180052 chromium-common_146.0.7680.177-1~deb12u1_armhf.deb
 4895f14616cd7eb339d84e6a1d5fd91393fdf2ea 34818936 chromium-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 de6c72ce08c8fa9dec916dbdb8bcdf5ab091ae89 7102032 chromium-driver_146.0.7680.177-1~deb12u1_armhf.deb
 f3a1a3b051a8ba13b14e8a001647fa36b399f8be 27317636 chromium-headless-shell-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 4257eaec707620caff38fdee231ed47c30ff7c5b 53499168 chromium-headless-shell_146.0.7680.177-1~deb12u1_armhf.deb
 e0414ef9d15c0ac56c0ab31ebdf514e5ed590ab4 18008 chromium-sandbox-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 bcabd00efd2809a522b5ad8aadccd06c86174124 113848 chromium-sandbox_146.0.7680.177-1~deb12u1_armhf.deb
 d0786bd8960a26a755a514ab2c6851cb7124acd3 29641072 chromium-shell-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 73a669e92756265c34f438450291ccf065e919cf 58428052 chromium-shell_146.0.7680.177-1~deb12u1_armhf.deb
 24563e2126e93bb0085af1c4ed6796450e3e23e4 30297 chromium_146.0.7680.177-1~deb12u1_armhf-buildd.buildinfo
 0dff9d46f715188cf6d27d5f659f47a9c5ce4c8d 69599304 chromium_146.0.7680.177-1~deb12u1_armhf.deb
Checksums-Sha256:
 64e4cd4a12ee80e186cfa10aef31a950b1f3218239cf6bf9f86a1a06a0154380 5576680 chromium-common-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 877d8e9abe1d8ace0bd7889178fbc68a9236bf524aa8f01f1a9e665d80d2d758 29180052 chromium-common_146.0.7680.177-1~deb12u1_armhf.deb
 0dc0f9ba68f42fa944c9acee0a1ce9b34e0f95093154ec5647508b3d359f7eba 34818936 chromium-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 35e1a37d3d78ae13421942759429470bf45b930f40d5b463c2189e587c6fe179 7102032 chromium-driver_146.0.7680.177-1~deb12u1_armhf.deb
 4e60e5494d0c5bc6d29c17636fd13bff708764d0424166c02972b84bfea7a243 27317636 chromium-headless-shell-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 503f7fba2ff21333acc3286213f95f032dc4b9083f0b057dd590cc736eb2a598 53499168 chromium-headless-shell_146.0.7680.177-1~deb12u1_armhf.deb
 3a77dbfbae98550bec4fc7d7f121f9b244053a545d950fc2e3a506adb356b1f4 18008 chromium-sandbox-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 813b100cbf37ca0470bdb55475c49222c7a533e838257103aa89e9e06175e19b 113848 chromium-sandbox_146.0.7680.177-1~deb12u1_armhf.deb
 b041d5eb5dcb8538a5154db2b371e42598ba9ae7b74856f47fd354aaeff0d531 29641072 chromium-shell-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 6d6197e10e570f6e5093c3020caa4cd8c1a564c7d044eb4fe9f3b7817a1d8b47 58428052 chromium-shell_146.0.7680.177-1~deb12u1_armhf.deb
 767478c855ad83906431d5b3559ae3d4c475bcfa4eec78b737adb4053278b929 30297 chromium_146.0.7680.177-1~deb12u1_armhf-buildd.buildinfo
 2215aed162eb4eff9611f4cdef6a5425735fd527002e25434a17836e13374277 69599304 chromium_146.0.7680.177-1~deb12u1_armhf.deb
Files:
 90f5420b850ba13ee3f0a3bb81e85895 5576680 debug optional chromium-common-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 3e2a1494a8bb105a4f0eeac996ab3a20 29180052 web optional chromium-common_146.0.7680.177-1~deb12u1_armhf.deb
 e660504f6da92aea174b99391d1c2f85 34818936 debug optional chromium-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 30e4e7bab8e88efb3e99f3fbac7e37d2 7102032 web optional chromium-driver_146.0.7680.177-1~deb12u1_armhf.deb
 8e3bac948670ffcc5956ea99b49a113d 27317636 debug optional chromium-headless-shell-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 3b762be7cb2513739ef5f920ac291a78 53499168 web optional chromium-headless-shell_146.0.7680.177-1~deb12u1_armhf.deb
 4cf883f49e1f16874ee9160c3f8c4f1d 18008 debug optional chromium-sandbox-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 63c9bf360cf98147e3f697c6b92860c0 113848 web optional chromium-sandbox_146.0.7680.177-1~deb12u1_armhf.deb
 6e3a74fc5d69278f18a3e2dd567b81cd 29641072 debug optional chromium-shell-dbgsym_146.0.7680.177-1~deb12u1_armhf.deb
 4ad4dd06724bc2412729cc27fa797e55 58428052 web optional chromium-shell_146.0.7680.177-1~deb12u1_armhf.deb
 dff5abeafd7965c0227b6d0acd3eccb6 30297 web optional chromium_146.0.7680.177-1~deb12u1_armhf-buildd.buildinfo
 e3037e4bfcecc84d6158d33b6e3503a8 69599304 web optional chromium_146.0.7680.177-1~deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpxWVfktWxVoKRwGgJ7tNDw2WyRsFAmnO7gwACgkQJ7tNDw2W
yRu9/BAAkEwaCAfCMqdhhoqPNWYf33PyhqV7qpXdhm8fIvh6jrxO8/ZNR2wU0x9v
vO3KVS/A0TPaEBmyqeCb5pXYyJGSNAf5QC++7g7hzhSDALUIgKw1Qj+k7ntCvwpf
ZKJRxAumHn4D/Rlju+KUMVE+4q7nuWacUtBwl8KjyVfKGQQPm7VcdQMvx+o6gsNq
v/gcpWO7NxGz+kue3lhlyr4406cR6wj+ke6gIDMK1ty3sXVGKRS62GQYXd9NJrMv
ZgScQQd3v2zbGXuTc+HdnjL73CpNpxTNtrO/bCkMFko4Ne86AHYiGQFsPQFWeVy4
YHhuBtde1aIM/gRcnx4cLp3HtMRsKCTTpUB6UwVEoaAfo4uNlJSmEEGqh/6Nztu9
Thl6TCON7v9znX+7kSQLXH5POA7PwY061LNQ+VaAUrstlQ6oYJhMZwbXV3ZdIoqC
eFwMW5gyEZEhLG51NZAU5dlddPP0kVR4evsCOZ5PyrOfdkWTaY2+qPXuYHDfKTi7
4SWJJji/eRrxVIiFIPR5P3u1uFBiGvZrHxuVTfkX4gw+6Ru1Z5KkF21Hq6+F9mpO
C4TDj1aA5dX582wgEKUFnQj74Gcrye7UtUdErSlzHbWk9Tc/bMo7td3oz5Cwmitc
NCh2GuB1VREWbW5Se9fB3BvviD5oFwWMqS3NTpco0Fw/UAJ55mI=
=ayg1
-----END PGP SIGNATURE-----