-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 12 Feb 2026 19:35:48 -0500
Source: chromium
Architecture: source
Version: 145.0.7632.45-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (145.0.7632.45-1) unstable; urgency=high
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive),
Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive).
- CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google.
- CVE-2026-2315: Inappropriate implementation in WebGPU.
Reported by Google.
- CVE-2026-2316: Insufficient policy enforcement in Frames.
Reported by Luan Herrera (@lbherrera_).
- CVE-2026-2317: Inappropriate implementation in Animation.
Reported by Brendan Draper.
- CVE-2026-2318: Inappropriate implementation in PictureInPicture.
Reported by Shaheen Fazim.
- CVE-2026-2319: Race in DevTools. Reported by Anonymous.
- CVE-2026-2320: Inappropriate implementation in File input.
Reported by Alesandro Ortiz.
- CVE-2026-2321: Use after free in Ozone. Reported by Google.
- CVE-2026-2322: Inappropriate implementation in File input.
Reported by Robbe Van Roey | PinkDraconian.
- CVE-2026-2323: Inappropriate implementation in Downloads.
Reported by Hafiizh.
* d/copyright:
- delete third_party/litert/src, Google's new WebAI thing.
- delete esbuild directory so we can use debian's esbuild.
- delete new rollup binary rollup-linux-x64-gnu.
* d/rules:
- build with webnn_use_tflite=false to fix build.
- disable building a bunch more unit tests.
- copy esbuild libs and binary from the system.
* d/control:
- build-dep on libpthreadpool-dev.
- build-dep on esbuild.
* d/patches:
- CVE-2026-1861.patch: drop, merged upstream.
- CVE-2026-1862.patch: drop, merged upstream.
- upstream/fix-rk3588-v4l2-av1-decoder.patch: drop, merged upstream.
- debianization/manpage.patch: refresh.
- debianization/rustc-bootstrap.patch: refresh.
- fixes/armhf-no-thumb.patch: rework patch due to upstream dropping
non-thumb.
- disable/tests.patch: refresh.
- disable/signin.patch: refresh.
- disable/catapult.patch: refresh.
- disable/widevine-cdm-cu.patch: refresh.
- upstream/disable-unrar.patch: add upstream fix for disabling unrar.
- trixie/gn-string-hash.patch: add a workaround for older gn missing
string_hash() function.
- disable/enterprise-tests.patch: add patch to fix build error
related to building unnecessary unit tests.
- system/rollup.patch: update for upstream changes around switching
some rollup calls to esbuild and away from rollup-wasm.
- llvm-19/static-assert.patch: add build fixes specific to clang-19.
- disable/unrar.patch: add another build fix for deleting unrar.
.
[ Timothy Pearson ]
* d/patches:
- patches/fixes/swiftshader-dependencies.patch: Fix SwiftShader include
dependencies
* d/patches/ppc64le:
- ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: Remove
obsolete Clang 7 workaround and refresh for upstream changes
- ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
refresh for upstream changes
- ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
upstream sources
- ppc64le/third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.pa:
refresh for upstream changes
- ppc64le/fixes/fix-page-allocator-overflow.patch: Refresh for upstream
changes
- ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
Regenerate from upstream sources
- ppc64le/sandbox/0009-sandbox-ignore-byte-span-error.patch: Work around upstream
byte_span_from_ref issues
.
[ Jianfeng Liu ]
* d/patches:
- loongarch64/0012-sandbox-linux-add-statx-support-for-loongarch64.patch:
update for upstream changes.
- loongarch64/0016-medium-cmodel-support-for-loongarch64.patch: refresh.
.
[ Daniel Richard G. ]
* d/patches/disable/rustc-allow-features.patch: Zap the -Zallow-features=
flag so that Rust doesn't complain about our compatibility workarounds.
Checksums-Sha1:
f38b860033a2a0cebad3497331cecfabe21e749a 4072 chromium_145.0.7632.45-1.dsc
0e6ac6c3df954a3698aecc0b270b5e1bf619e327 749412888 chromium_145.0.7632.45.orig.tar.xz
f356922ae32416b3cbf42bdb495f0370dc83f759 452384 chromium_145.0.7632.45-1.debian.tar.xz
739111b90e75f41fc433c2a757950ef96f5501df 27644 chromium_145.0.7632.45-1_source.buildinfo
Checksums-Sha256:
2c5f5cdf9034506e49cb47f4961aa263d868d506319cfa16981739c0db0ba86f 4072 chromium_145.0.7632.45-1.dsc
4255cc5b85e0589552a65660db5086e50a80d826e58f57eb39a62f59a4ae7670 749412888 chromium_145.0.7632.45.orig.tar.xz
144aa4ab600ce3eb53ccdffc56de8a9ccea0a6126891a4d74ad37adc0d40aaab 452384 chromium_145.0.7632.45-1.debian.tar.xz
b2228461d5cbbe7843892936fb3d3744733a801e4815e39479eb7d7d4f0b0308 27644 chromium_145.0.7632.45-1_source.buildinfo
Files:
6a9f02dc097a2b139602f232760cbd17 4072 web optional chromium_145.0.7632.45-1.dsc
09484ea9f4e00991f286365c21592b8b 749412888 web optional chromium_145.0.7632.45.orig.tar.xz
389b526839da81a9224ffa78c8d154c6 452384 web optional chromium_145.0.7632.45-1.debian.tar.xz
86f68c36fa9ba7eac917fb833747f910 27644 web optional chromium_145.0.7632.45-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmmOdGkUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjeV2hAAiLOuQOt8cJh7i/8JAh1w5+UJpQqB
SAeRKjTMN9iHi9HHczvXxw7MHTeG5h3vmZ7HxT81er4b5Lb47sWw+erXbLSBbs9/
gg33SrkNjtJzzI6WTtgGKpsQMgSzHf6ipIXJao0hwe7ssRdSkOhScqA8hb3zzhcT
Ld8LxeHliuBzUpa1bTK3oCdw4NmsNN6lk04IzjmPY8XLwdZmmHMIvruT7zbTsAgs
hQy4/x0sSucw6pZI1gyfVLvTN7m6G63s7+TTC520EpwgHDG1Vkq/SIwAQ10a3LrN
A+UWnOKpUIGxkx0UrAVxk81BquvUsA3mStNbL0NZ+Eq7me3Ls935NbODKhijNhgl
WjqAj/glVRvaic3gxrousjVQjx0DtSrJKtbZHW0QOAFvFw/nkrAZodVW4agZDsJ0
wjFaSEE2neOC6IJc3QnrYpj5Ep/ruV7tUewJEO63NcDRVn38IHQVl+kWB0nBsmOB
Q1Fq0O9BRZ40qtogA8ldGTlQRzNETaaKJyiKHc4LIvVKZkf7kOas7Ocfrn32SESt
PGzRalX82qf9dLWalwdIyzBtIWAyF6S80RsxX/xR88dzJ8kxoMuO8dRUN8/+rr1C
YoCnwaOpHTv7JrFHIL6359jElRX7CardMQAcMjp0QV2cz7jBlGHa3GOrmEnwWRCd
NYwGCYTrwfMI3MM=
=wAZ5
-----END PGP SIGNATURE-----
