-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 09 Apr 2026 03:34:02 -0400 Source: chromium Architecture: source Version: 147.0.7727.55-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Closes: 1132651 Changes: chromium (147.0.7727.55-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-5858: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5859: Integer overflow in WebML. Reported by Anonymous. - CVE-2026-5860: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5861: Use after free in V8. Reported by 5shain. - CVE-2026-5862: Inappropriate implementation in V8. Reported by Google. - CVE-2026-5863: Inappropriate implementation in V8. Reported by Google. - CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse. - CVE-2026-5865: Type Confusion in V8. Reported by Project WhatForLunch (@pjwhatforlunch). - CVE-2026-5866: Use after free in Media. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse. - CVE-2026-5868: Heap buffer overflow in ANGLE. Reported by cinzinga. - CVE-2026-5869: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5870: Integer overflow in Skia. Reported by Google. - CVE-2026-5871: Type Confusion in V8. Reported by Google. - CVE-2026-5872: Use after free in Blink. Reported by Google. - CVE-2026-5873: Out of bounds read and write in V8. Reported by Google. - CVE-2026-5874: Use after free in PrivateAI. Reported by Krace. - CVE-2026-5875: Policy bypass in Blink. Reported by Lyra Rebane (rebane2001). - CVE-2026-5876: Side-channel information leakage in Navigation. Reported by Lyra Rebane (rebane2001). - CVE-2026-5877: Use after free in Navigation. Reported by Cassidy Kim(@cassidy6564). - CVE-2026-5878: Incorrect security UI in Blink. Reported by Shaheen Fazim. - CVE-2026-5879: Insufficient validation of untrusted input in ANGLE. Reported by parkminchan, working for SSD Labs Korea. - CVE-2026-5880: Incorrect security UI in browser UI. - CVE-2026-5881: Policy bypass in LocalNetworkAccess. Reported by asnine. - CVE-2026-5882: Incorrect security UI in Fullscreen. - CVE-2026-5883: Use after free in Media. Reported by sherkito. - CVE-2026-5884: Insufficient validation of untrusted input in Media. Reported by xmzyshypnc. - CVE-2026-5885: Insufficient validation of untrusted input in WebML. Reported by Bryan Bernhart. - CVE-2026-5886: Out of bounds read in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5887: Insufficient validation of untrusted input in Downloads. Reported by daffainfo. - CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by the Octane Security Team: Giovanni Vignone, Paolo Gentry, Robert van Eijk. - CVE-2026-5889: Cryptographic Flaw in PDFium. Reported by mlafon. - CVE-2026-5890: Race in WebCodecs. Reported by Casper Woudenberg. - CVE-2026-5891: Insufficient policy enforcement in browser UI. Reported by Tianyi Hu. - CVE-2026-5892: Insufficient policy enforcement in PWAs. Reported by Tianyi Hu. - CVE-2026-5893: Race in V8. Reported by QYmag1c. - CVE-2026-5894: Inappropriate implementation in PDF. Reported by Povcfe of Tencent Security Xuanwu Lab. - CVE-2026-5895: Incorrect security UI in Omnibox. Reported by Renwa Hiwa @RenwaX23. - CVE-2026-5896: Policy bypass in Audio. Reported by Luan Herrera (@lbherrera_). - CVE-2026-5897: Incorrect security UI in Downloads. Reported by Farras Givari. - CVE-2026-5898: Incorrect security UI in Omnibox. Reported by saidinahikam032. - CVE-2026-5899: Incorrect security UI in History Navigation. Reported by Islam Rzayev. - CVE-2026-5900: Policy bypass in Downloads. Reported by Luan Herrera (@lbherrera_). - CVE-2026-5901: Policy bypass in DevTools. Reported by Povcfe of Tencent Security Xuanwu Lab. - CVE-2026-5902: Race in Media. Reported by Luke Francis. - CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands. - CVE-2026-5904: Use after free in V8. Reported by Zhenpeng (Leo) Lin at depthfirst. - CVE-2026-5905: Incorrect security UI in Permissions. Reported by daffainfo. - CVE-2026-5906: Incorrect security UI in Omnibox. Reported by mohamedhesham9173. - CVE-2026-5907: Insufficient data validation in Media. Reported by Luke Francis. - CVE-2026-5908: Integer overflow in Media. Reported by Ameen Basha M K & Mohammed Yasar B. - CVE-2026-5909: Integer overflow in Media. Reported by Mohammed Yasar B & Ameen Basha M K. - CVE-2026-5910: Integer overflow in Media. Reported by Ameen Basha M K & Mohammed Yasar B. - CVE-2026-5911: Policy bypass in ServiceWorkers. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab. - CVE-2026-5912: Integer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5913: Out of bounds read in Blink. Reported by Vitaly Simonovich. - CVE-2026-5914: Type Confusion in CSS. Reported by Syn4pse. - CVE-2026-5915: Insufficient validation of untrusted input in WebML. Reported by ningxin.hu@intel.com. - CVE-2026-5918: Inappropriate implementation in Navigation. Reported by Google. - CVE-2026-5919: Insufficient validation of untrusted input in WebSockets. Reported by Richard Belisle. * d/patches: - upstream/profile.patch: drop, merged upstream. - upstream/fix-boringssl-loong64.patch: drop, merged upstream. - debianization/clang-version.patch: refresh. - disable/signin.patch: refresh. - disable/catapult.patch: refresh. - disable/unrar.patch: drop, merged upstream. - trixie/nodejs-set-intersection.patch: update for upstream refactoring. - bookworm/clang19.patch: -fno-lifetime-dse is unsupported. Also move to llvm-19 directory. - ungoogled/disable-ai.patch: sync from ungoogled-chromium project. Also re-add code that creates new tab's search bar (closes: #1132651). - debianization/safe-libcxx.patch: add a patch to force building with libc++'s LIBCPP_HARDENING_MODE turned on. See https://issues.chromium.org/issues/485696265 for the (security-related) rationale. - llvm-19/static-assert.patch: add another chunk of static_assert() removals that clang 19 needs. - rust-1.85/image.patch: enable nightly features for image_v0.25 [trixie, bookworm]. - bookworm/constexpr.patch: update/refresh for renamed file [bookworm]. * d/rules: - drop "enable_glic=false", as upstream now forces their AI on everyone; but we strip it out with ungoogled/disable-ai.patch. . [ Daniel Richard G. ] * d/patches: - bookworm/gn-absl.patch: Add visibility specifier to absl/crc:crc32, and re-sort the patch to keep the edits organized. - trixie/gn-len.patch: Refresh. - trixie/gn-module-name.patch: New patch to address older GN not knowing about the {{cc_module_name}} substitution [trixie, bookworm]. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: regenerate . [ Jianfeng Liu ] * d/patches/loongarch64: - 0024-disable-BROTLI_MODEL-macro-for-some-targets.patch: add upstream patch to fix brotil on loong64 Checksums-Sha1: e3ce54daef45e3646ff0e4ae22de673e5392dc11 4061 chromium_147.0.7727.55-1~deb12u1.dsc e3c79ac96fbb326aa4b304fbe7727ca0e80f6f9b 790744280 chromium_147.0.7727.55.orig.tar.xz 3aa2957bb86676c13b238e8f3107ec8eeeb796c0 8567384 chromium_147.0.7727.55-1~deb12u1.debian.tar.xz af3f9d193df73e6050c522f6495a0db7493ae2ec 26838 chromium_147.0.7727.55-1~deb12u1_source.buildinfo Checksums-Sha256: d17394ce19272336eed45c02a8370268d7db8bb3d80398cb9dbfb1f3398cd5ca 4061 chromium_147.0.7727.55-1~deb12u1.dsc dc70bd5309c46c4e6ebcb040d41c14335c177cf73c9cdded2319506b2f3689ba 790744280 chromium_147.0.7727.55.orig.tar.xz f5ce8f5bc063562a5e2a9e684a6c08b544b76d66301c0e0b8313e0caae691892 8567384 chromium_147.0.7727.55-1~deb12u1.debian.tar.xz 12310cc066e08cc53155758223d08a060d2799a6a6800076f37a89ec6fdd0070 26838 chromium_147.0.7727.55-1~deb12u1_source.buildinfo Files: 2b8fb55d665f03c13fd8d8cbb6f203ee 4061 web optional chromium_147.0.7727.55-1~deb12u1.dsc 065046e90698275a229e560c6318b27d 790744280 web optional chromium_147.0.7727.55.orig.tar.xz 5f7c7f4c11939748ace15f565e6a60f9 8567384 web optional chromium_147.0.7727.55-1~deb12u1.debian.tar.xz 98c740d39085963d911029eec3b0e2ec 26838 web optional chromium_147.0.7727.55-1~deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmnYC80UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8Nudje6ZBAAhQcMVPuGtgDHItd59fA0sjh8b2Z9 V8vUK/DfD78sAiMJENm4AOg7SFryVvYmNf63ehNMckpnkJb9ugecMg8fts46da0q ZiUoglRwTs9Qk6osQPWu3gumg4+TmUGPrpB4B+C7CQCQ6hjB+R1nm8l0eU4G9P1C G4XJWqLX92p51f/zi1FFghQTCNi012jyIpdVtVNX4zq2WXPvZFiGITgSqyXFsrGO WBBtS1S26DvC0TznaW7ecIL00ECdYQdeDNtLIlYQhGPQ9CFKbnKH9UYP0t+XkkfO eFk4uvM231icuzVzzkylG5TWVG4WwbsIXyvyDtWvwUUvXhnzsNXvL+YQnWmi5Z9g OWGebcYMMDtPrNqKJJF0gvgvkq1I3L6u0Ar6RK3IplnoTtBCdhMYxj3OY9BA2QIt X/YE6eFwqeP//Eb0vCjKZlpDdF66fZHRt/Vwhv9SE9Ng0ozAFhqt0QxDo6EfRlJi 9oY6T0Yb8ru0Q+a1jvKGsT1shlfobgSx3+iuj+d90XzNKKwuzgN0WIRf5fYEmnAo rwrDxx0psWpP2ttMH/kF53AjdEbZm8HkvoNTnSC6l8nmSXpZQbZCrBUKiCaNI0Xw R47/k1YdNWLRlddz9EsKjiKyEXoC8cViZkAGangbCPdDoMiR5EgKU0XKLepZ+Cfj v0Tp32XQ4X9NIDQ= =arPI -----END PGP SIGNATURE-----
