-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Architecture: source
Version: 146.0.7680.71-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (146.0.7680.71-1~deb12u1) bookworm-security; urgency=high
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
- CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
- CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
- CVE-2026-3916: Out of bounds read in Web Speech.
Reported by Grischa Hauser.
- CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
- CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
- CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
(@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
- CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
- CVE-2026-3921: Use after free in TextEncoding.
Reported by Pranamya Keshkamat & Cantina.xyz.
- CVE-2026-3922: Use after free in MediaStream.
Reported by c6eed09fc8b174b0f3eebedcceb1e792.
- CVE-2026-3923: Use after free in WebMIDI.
Reported by c6eed09fc8b174b0f3eebedcceb1e792.
- CVE-2026-3924: Use after free in WindowDialog.
Reported by c6eed09fc8b174b0f3eebedcceb1e792.
- CVE-2026-3925: Incorrect security UI in LookalikeChecks.
Reported by NDevTK and Alesandro Ortiz.
- CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
- CVE-2026-3927: Incorrect security UI in PictureInPicture.
Reported by Barath Stalin K.
- CVE-2026-3928: Insufficient policy enforcement in Extensions.
Reported by portsniffer443.
- CVE-2026-3929: Side-channel information leakage in ResourceTiming.
Reported by Povcfe of Tencent Security Xuanwu Lab.
- CVE-2026-3930: Unsafe navigation in Navigation.
Reported by Povcfe of Tencent Security Xuanwu Lab.
- CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
(@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
- CVE-2026-3932: Insufficient policy enforcement in PDF.
Reported by Ayato Shitomi.
- CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
Reported by Povcfe of Tencent Security Xuanwu Lab.
- CVE-2026-3935: Incorrect security UI in WebAppInstalls.
Reported by Barath Stalin K.
- CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
- CVE-2026-3937: Incorrect security UI in Downloads.
Reported by Abhishek Kumar.
- CVE-2026-3938: Insufficient policy enforcement in Clipboard.
Reported by vicevirus.
- CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
- CVE-2026-3940: Insufficient policy enforcement in DevTools.
Reported by Jorian Woltjer, Mian, bug_blitzer.
- CVE-2026-3941: Insufficient policy enforcement in DevTools.
Reported by Lyra Rebane (rebane2001).
- CVE-2026-3942: Incorrect security UI in PictureInPicture.
Reported by Barath Stalin K.
* d/rules: update rustc version string for new upstream expectations of
no spaces.
* d/patches:
- upstream/disable-unrar.patch: drop, merged upstream.
- disable/signin.patch: drop part of the patch. This patch should be
reviewed in the future and coordinated w/ ungoogled-chromium, since
it originally came from them.
- disable/glic.patch: add a bunch more glic removals.
- disable/license-headless-shell.patch: refresh.
- disable/unrar.patch: refresh.
- system/rollup.patch: refresh.
- bookworm/foreach.patch: refresh.
- ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
- disable/catapult.patch: update to remove some more catapult deps.
- fixes/force-rust-nightly.patch: drop, no longer needed.
- llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
flag/feature added to llvm-23.
- fixes/bytemuck.patch: add rust build fix in bytemuck.
- llvm-19/clang-19-crash.patch: add build fix; delete code that makes
clang-19++ crash.
- llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
issue.
- loongarch64/0018-fix-study-crash.patch: refresh.
- ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
refresh.
- ppc64le/fixes/fix-study-crash.patch: refresh.
- llvm-19/clone-traits.patch: add patch to remove a static assertion.
- llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
- upstream/profile.patch: add header inclusion build fix from upstream.
- trixie/value-or.patch: move to llvm-19/ directory & also add another
place that clang-19 gets confused during build.
- rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
- rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
changes, and added unsafe{} blocks to the macro definitions to shrink
this patch in the future [trixie, bookworm].
- fixes/missing-dep.patch: add patch for dependency-related build failure
that only happens sometimes.
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
for upstream changes
- third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
refresh for upstream changes
.
[ Daniel Richard G. ]
* d/patches:
- disable/lint.patch: New patch to disable CSS/JS linting tools.
- bookworm/node18-compat.patch: New patch to fix various compatibility
issues with nodejs 18 [bookworm].
- trixie/gn-len.patch: Zap another instance of len() for older GN
[trixie, bookworm].
Checksums-Sha1:
766a8c5b7c19f77b58419f192c9ad06eaa97c4cf 4061 chromium_146.0.7680.71-1~deb12u1.dsc
14703cccb2cc8cb6c98847a167cfff5b58fd9b08 786527720 chromium_146.0.7680.71.orig.tar.xz
911bf892b045652ba851521f9ec494f4ccf12c66 8555388 chromium_146.0.7680.71-1~deb12u1.debian.tar.xz
389edce07c8cdf63dce805ba03df269ed49cd6ca 26838 chromium_146.0.7680.71-1~deb12u1_source.buildinfo
Checksums-Sha256:
5a9750c9ee7c5d932773e7b31cbcabf4d38c617023e6b11df895c2482cb8fb19 4061 chromium_146.0.7680.71-1~deb12u1.dsc
15fda8dbd2866c18cc483782d54aa83b19cb8d4bc1b12b3cc5feef6022b70fa7 786527720 chromium_146.0.7680.71.orig.tar.xz
e6e78180ac4062840d587d9f5b3358112a696a381a1ae08108bffd4c98e48bea 8555388 chromium_146.0.7680.71-1~deb12u1.debian.tar.xz
d5fd75995e731d4d951246f382b7a44b6189f83537103bc56ed985261e065191 26838 chromium_146.0.7680.71-1~deb12u1_source.buildinfo
Files:
b1e87176e49fca6a1233f3bf1a39b33d 4061 web optional chromium_146.0.7680.71-1~deb12u1.dsc
c7a4cfa9a116b60cfa014323b6d9e3bc 786527720 web optional chromium_146.0.7680.71.orig.tar.xz
1d3704f7a44e0f62b85617c7a1de254a 8555388 web optional chromium_146.0.7680.71-1~deb12u1.debian.tar.xz
d33273d1d3dc8cb12413a0931120b05a 26838 web optional chromium_146.0.7680.71-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmmyQJgUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcPkw/+PxhnYRlcUIm8I2tXhQfu5nXBX9Zk
6hIEgN18q1qneOvHV1NIaJaD20k4R1k2A/uaETB5CDW5w0qnU5mXzMeMaf9nLMzc
n2sEoaydUjPTL35Tz7/i5hcNIVn9v4/L0ki2kv6GLaFtwpPBH+SbX1aFmGKnBwYZ
X0ULwUsvv+q89wRU7c6aXx3TEUw0Xcsg6+m+Q+ZWSeCeYTKhsfBUnW2ZAaD+Pb91
7yYvFR+AmGhYYJ0mpldNxwO7DB6N9ET5/sOW7fGe6MRzHqOGfgbeaxoeol95TAWi
n6ihhuYVo2H/CkubC6qNaReINyOnrywWuo1vEh9uBTY9MZjsR+XEpzEUZzL5ZfQx
Qd9ncN75c/Cj1A6A6bx5zSWE7a6jKgcov0+XWf1TyxJMYaCXHF4/S1tMDIv9WQ/b
UPI8tAexk9GJBXZHw0QE6XlkJ4X3vS22LU84gJrNyyXWI22HQsa6Fdz0sYCWeWPx
7DseYv4/aIi6w9LnaAr57gF0fXk5JYE01xY9sckulh7SpZC+ISUo8yXCJaHOgwhE
JVkyJMmcHsf7FVd0xba4TfmnTwrxbhXV29UUqSHll1v910/j2MvOYaLz99lfWiFR
YdErod2/rwpkmIPHcTQeSSW/M+jiG3cL1ngZ26bOuo5WPeQHTxds+jVudQKpcZgz
ZmB8O7n6Jqq0Xi0=
=ItNb
-----END PGP SIGNATURE-----
