-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Mar 2026 18:24:02 -0500
Source: chromium
Architecture: source
Version: 145.0.7632.159-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (145.0.7632.159-1~deb12u1) bookworm-security; urgency=high
.
[ Andres Salomon ]
* New upstream security release.
- CVE-2026-3536: Integer overflow in ANGLE. Reported by cinzinga.
- CVE-2026-3537: Object lifecycle issue in PowerVR.
Reported by Zhihua Yao of KunLun Lab.
- CVE-2026-3538: Integer overflow in Skia.
Reported by Symeon Paraschoudis.
- CVE-2026-3539: Object lifecycle issue in DevTools.
Reported by Zhenpeng (Leo) Lin at depthfirst.
- CVE-2026-3540: Inappropriate implementation in WebAudio.
Reported by Davi Antônio Cruz.
- CVE-2026-3541: Inappropriate implementation in CSS. Reported by Syn4pse.
- CVE-2026-3542: Inappropriate implementation in WebAssembly.
Reported by qymag1c.
- CVE-2026-3543: Inappropriate implementation in V8. Reported by qymag1c.
- CVE-2026-3544: Heap buffer overflow in WebCodecs.
Reported by c6eed09fc8b174b0f3eebedcceb1e792.
- CVE-2026-3545: Insufficient data validation in Navigation.
Reported by Google.
.
[ Daniel Richard G. ]
* Re-bundle libxslt, to fix crashes due to an ABI incompatibility between
the bundled libxml2 and the system libxml2 used by the system libxslt.
- d/clean, d/control, d/copyright: Remove libxslt references.
- d/scripts/unbundle: Add entry for libxslt.
Checksums-Sha1:
e2680921f8e65198f0d0f9cb8fe642c5d6604cc1 4068 chromium_145.0.7632.159-1~deb12u1.dsc
c0cc45a02b6cd8746f5d8a4f7f7ef7166d16652b 748398176 chromium_145.0.7632.159.orig.tar.xz
3f41417aa8388c79eeff42de6ab4b72d23738740 8546764 chromium_145.0.7632.159-1~deb12u1.debian.tar.xz
2381ae1dab8c3ec5493df7385cf8c29d00c3b66d 26842 chromium_145.0.7632.159-1~deb12u1_source.buildinfo
Checksums-Sha256:
188e8710f9b9e8172305a0a166f769940b5d1acc3840bc6b5e2d59bf35d3ff9a 4068 chromium_145.0.7632.159-1~deb12u1.dsc
490ce852b330537670ca5006a39bd1ec7c2057e1e69ce4f93f9c0abaaaa6e87f 748398176 chromium_145.0.7632.159.orig.tar.xz
3cace899d7d3d3b7db1415c4ba4f4e82ff69ecd2a609c2c259decb99346bb0d6 8546764 chromium_145.0.7632.159-1~deb12u1.debian.tar.xz
b66b859e442224f1218f1e3f6f9c99c27219ec5da6042018a329b86b9f60ad1e 26842 chromium_145.0.7632.159-1~deb12u1_source.buildinfo
Files:
3d394a3760937361d28a396d0f7ab0d2 4068 web optional chromium_145.0.7632.159-1~deb12u1.dsc
88c0c6e6882b4687d3a6637f76838d4c 748398176 web optional chromium_145.0.7632.159.orig.tar.xz
cf73a7b186462e8eea35ab7ac8a2f04b 8546764 web optional chromium_145.0.7632.159-1~deb12u1.debian.tar.xz
0f0eb77618c0ed897c19b5fe205c9195 26842 web optional chromium_145.0.7632.159-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmmpIhcUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjdoFA//SPNI+cpGkKgGIS1MtWO7iik69kcN
D5a4iLS38cRMrChP4xKQn+oqY2f1FLJs65znrxa0Pw7yX1dZWqZ6EMEIyiLDIl1W
lP690BQhtiJVN0oVsoyZ7GJRHIaL5GrBPHTf9+86qTcP5iI36zFJyXWscbai37uP
RlsWZ3xiBQVwqfXSDBN72I+jGBa8xY2SOeOIed82ViTTUwbO2C5JrbneGcvLfPsT
pgkRnRVcqDpmLtr5VjLfE//8r3td/gE9F2DusOzwTxSgPmYB0JaGVgo24Qq7z7bt
Y+0OEfxO6e6qfvZHPjFSPYeLlTxNlHf8TClsaHzC8V5C09ixa8Uzl82WJG9v4CmP
3Fnd1OloJTsctbk19iB3DY61FjpECiJkUcvyV+ZR9lcrM37BJZij3v1sQkxitS0I
TzKvHKkqHAT27mfnOl4XuhKN5rp//Zt91Ryp3dIUzrX2t2rHjaHTSQo4mEVGWKUq
GUPfOgDM9gZZpRlVLE7dz3gqxSAGMUl26DvigoPvpC1IY9qU2AhA1AAZOxq1GC01
+7E+IKSMP/q0rchOX2LVJ0wsrZPrKmwv3UnjKcVygGYmxBJ+t6z+M6jmjKiALXt7
1GC+wxHo13uIuJTY05tFsF67OBb7lMMqEyy4MAlzssxkhkUkcsdQffyX/YCeua87
idCUfRsGl+KMtT0=
=DkSL
-----END PGP SIGNATURE-----
