Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 146.0.7680.177-1 (source) into unstable
Date: Wed, 01 Apr 2026 17:21:26 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 01 Apr 2026 12:42:51 -0400
Source: chromium
Architecture: source
Version: 146.0.7680.177-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (146.0.7680.177-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-5272: Heap buffer overflow in GPU.
       Reported by inspector-ambitious.
     - CVE-2026-5273: Use after free in CSS. Reported by Anonymous.
     - CVE-2026-5274: Integer overflow in Codecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5275: Heap buffer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5276: Insufficient policy enforcement in WebUSB.
       Reported by Ariel Simon.
     - CVE-2026-5277: Integer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5278: Use after free in Web MIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5279: Object corruption in V8.
       Reported by Hyeonjun Ahn (@_deayzl).
     - CVE-2026-5280: Use after free in WebCodecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5281: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5282: Out of bounds read in WebCodecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5283: Inappropriate implementation in ANGLE.
       Reported by sweetchip.
     - CVE-2026-5284: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5285: Use after free in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5286: Use after free in Dawn. Reported by sweetchip.
     - CVE-2026-5287: Use after free in PDF. Reported by Syn4pse.
     - CVE-2026-5288: Use after free in WebView. Reported by Google.
     - CVE-2026-5289: Use after free in Navigation. Reported by Google.
     - CVE-2026-5290: Use after free in Compositing. Reported by Google.
     - CVE-2026-5291: Inappropriate implementation in WebGL.
       Reported by heapracer (@heapracer).
     - CVE-2026-5292: Out of bounds read in WebCodecs. Reported by Google.
   * d/patches:
     - upstream/Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch:
       drop, merged upstream.
     - ungoogled/disable-ai.patch: resync with u-c.
 .
   [ Daniel Richard G. ]
   * d/copyright: Exclude *.pb (protobuf) binary files.
   * d/patches: Various ungoogled-chromium-related updates.
     - disable/glic.patch: Drop, replaced with disable-ai.patch from the
       ungoogled-chromium project.
     - ungoogled/disable-ai.patch: Import new patch from ungoogled-chromium
       that zaps glic, screen_ai, and various other adjacent AI-based features.
     - ungoogled/disable-mei-preload.patch: Import patch to allow building
       without *.pb files.
     - ungoogled/disable-privacy-sandbox.patch: Update imported patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0005-blink-add-audio-vector-support.patch: Fix FBTFS from
       upstream adding vector-accelerated audio delay functions
 .
   [ Jianfeng Liu ]
   * d/patches/upstream:
     - Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch: Fix
       FBTFS from upstream for blink audio delay function on loong64
Checksums-Sha1:
 485ba407b8ee423add61d32f6a3a23380bbee482 4065 chromium_146.0.7680.177-1.dsc
 41b4ac22684ced460e9212915c484c1051ddc552 785637692 chromium_146.0.7680.177.orig.tar.xz
 e7cfb34f3c00a0cded78dc0f5743f509c42e935e 480492 chromium_146.0.7680.177-1.debian.tar.xz
 ef0a44182c57495a947d11d918a4a0d3b8be1dc7 27939 chromium_146.0.7680.177-1_source.buildinfo
Checksums-Sha256:
 0617870ac7fee326929cc32a5f24bbb5c13fe9decc164e5992832460f4c34edb 4065 chromium_146.0.7680.177-1.dsc
 2b8322234ce8cd272a47923a772088b29b65fbdde8fe871eb2cc833d9acf5cdc 785637692 chromium_146.0.7680.177.orig.tar.xz
 35000036e72efb145f0a46de8d174be7e09a6656834b687e091e63f2f87b6f09 480492 chromium_146.0.7680.177-1.debian.tar.xz
 ddd6616a85415bd262adcc609fbea25befe5a0b8c6925f145476f756fd98b280 27939 chromium_146.0.7680.177-1_source.buildinfo
Files:
 174ad11330e93d50443aebdab60d9152 4065 web optional chromium_146.0.7680.177-1.dsc
 96240fa6e716a879c557e8c22fe212d4 785637692 web optional chromium_146.0.7680.177.orig.tar.xz
 5bfbb68fd36df81839df2aa7c3edd091 480492 web optional chromium_146.0.7680.177-1.debian.tar.xz
 25eb63d37720c3ce2d6f861a991cece5 27939 web optional chromium_146.0.7680.177-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmnNTJUUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcBlxAAsqB68wxtoJ6AULrV1NrOHvkIOS3j
cNQNmxAkQzmDeVTqPUyDrxBLn+jBpAt1CXQ8fGpzBLp2s0BvzPA+LcLyrignXsE9
OzkYTMXwmLgTspVlYNOsPg4gb0xunZHRG90aJyw6BbSWdi389aLvB7tnYgRzjBl/
yNtsSD6SxU9+wt2u9Vpc3qicFqpqC4JbcYnd9NueKg5LrJ6JmSUQ3OD/OEFiLTz4
JVbyWthRMDvdTWUR7f/4eXaC8be0iLKH7W5QB6WsfbyfOt4rUEKBSeNCmU3ec516
5FaoeXnrQAFbMYm3bDQs+O/od6zDT33b2khUuxYZ7Q/raWCbv68Ghwr9QpiuSNgb
w3h2bJxWxPQPLJRPYRUrO0+LddjyyyZlhifliQHy+NsIhaWD2GDSnYgE8N6Sf8xs
/ntv5chPpHwqGyOVDUDgqinfthppUYupnkoK6g1ZeXoo8HsXQBEueixG5bx6i80E
Tv2oHtzHcs597JWhpe/At5ONibWITLmuTEqCazS8dlYj36UGqgO/2Is8aSPEwDV1
z5QgjCEfvc8WnECH6DgHb3KGwp1RqmrATMuIxrXbR9fr72oGc92rQmRUB0sg+Xdx
SDQ9oEjNsOQH7/LbRt1DaVlgOYE8i0SXsxJq0yUg7p4kxYDJJnQC62nILaCfuAWO
BkRCR/yleyxt/BI=
=sZIA
-----END PGP SIGNATURE-----
News for package chromium
