Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 147.0.7727.101-1 (source) into unstable
Date: Thu, 16 Apr 2026 03:19:33 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 15 Apr 2026 15:06:40 -0400
Source: chromium
Architecture: source
Version: 147.0.7727.101-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (147.0.7727.101-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-6297: Use after free in Proxy. Reported by heapracer.
     - CVE-2026-6298: Heap buffer overflow in Skia.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6299: Use after free in Prerender. Reported by Google.
     - CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong
       (Compsec Lab, Seoul National University / Research Intern).
     - CVE-2026-6359: Use after free in Video.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6300: Use after free in CSS.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c.
     - CVE-2026-6302: Use after free in Video. Reported by Syn4pse.
     - CVE-2026-6303: Use after free in Codecs. Reported by Google.
     - CVE-2026-6304: Use after free in Graphite. Reported by Google.
     - CVE-2026-6305: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6306: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6307: Type Confusion in Turbofan.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-6308: Out of bounds read in Media. Reported by Google.
     - CVE-2026-6309: Use after free in Viz. Reported by Google.
     - CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam.
     - CVE-2026-6310: Use after free in Dawn. Reported by Google.
     - CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google.
     - CVE-2026-6312: Insufficient policy enforcement in Passwords.
       Reported by Google.
     - CVE-2026-6313: Insufficient policy enforcement in CORS.
       Reported by Google.
     - CVE-2026-6314: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-6315: Use after free in Permissions. Reported by Google.
     - CVE-2026-6316: Use after free in Forms. Reported by Google.
     - CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google.
     - CVE-2026-6362: Use after free in Codecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6317: Use after free in Cast. Reported by Google.
     - CVE-2026-6363: Type Confusion in V8. Reported by Google.
     - CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse.
     - CVE-2026-6319: Use after free in Payments. Reported by pwn2addr.
     - CVE-2026-6364: Out of bounds read in Skia.
       Reported by Google Threat Intelligence.
Checksums-Sha1:
 145e866e01a5ab620ff536fb5a095562a24c285f 4065 chromium_147.0.7727.101-1.dsc
 2f133fb4049b05eeab070e56b6d670f49866d163 787354268 chromium_147.0.7727.101.orig.tar.xz
 a6ba705b256a67532489c9335b6270041d959edd 478820 chromium_147.0.7727.101-1.debian.tar.xz
 e1e4e02e1196dc217c3f6435cf6aebbbd1abd186 27947 chromium_147.0.7727.101-1_source.buildinfo
Checksums-Sha256:
 d6a865f17a2b6bb6b7739ba146cba73f0c94bb466ecae4312dce33adb2fc516f 4065 chromium_147.0.7727.101-1.dsc
 d4a5f648100232a67b3134a1fa6f6d1d8a07cc4c55b024480073b40c47b2a601 787354268 chromium_147.0.7727.101.orig.tar.xz
 030b54e118f68b4d82ff5e637f22827b7e0bfd7617317d6659d7fbe9063749d1 478820 chromium_147.0.7727.101-1.debian.tar.xz
 6647abb0ab5a08f008590765a610bdde4f117a4df4b1e098a348d578c6f5e192 27947 chromium_147.0.7727.101-1_source.buildinfo
Files:
 0c5f072dabb0572f7312528f78847466 4065 web optional chromium_147.0.7727.101-1.dsc
 5c9b63091abd778aab7216de4cf30f30 787354268 web optional chromium_147.0.7727.101.orig.tar.xz
 c0984825d31d000bc577832fe91f8f0b 478820 web optional chromium_147.0.7727.101-1.debian.tar.xz
 10996e24c578da3ecfc5dbf7c8fca131 27947 web optional chromium_147.0.7727.101-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmngUVwUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjeHEw/8DDOJprx74VcaIvNRzB6dLr+EPAYd
JBfYWE+3JBdgOY6AGRFgH+X+bxU2aVcViM9iKhGyEwAE6Bxc+oggwnA8QIqZuyj0
qQg0NrJ3iJB65fOznCGG5yURlE1wW9qpJgfscmoytmvNixL5cEcQPHks/0zR8XdB
HgNfiBrYsl270AvwHcZFZTROj844u54yW/t1RPJf9eHe1bmvR+B/anHkx01k8vPu
Mqo+p7gJoT1ojz0dycMBGA142sE5jttIpadcHywKXiDmum833AlV2ys57I2MELM4
sET2FkO6mtv+E2vQh/9Ah2YxFqGz2wiv0onvofsT+vAgfMYHIH1jvU3yJA9X9/pi
VnBqvMJePN9pf47gUw+K6H+UYuw0NarsbSyeAP8WI04ZRCWtA/IhsUYjkShvX3vm
9LnTgi4kMtjIncCrh0QJWdOtFgrUxxTZER2ABTQ+7fPAWYHaQlbQeURS+Bo2hJYK
cPRL5WKqJvL262PyDSuvNkWMewhUfGcS53r2Cd22hNu0etQM2+HEGWPbqDRRZ2gq
1OqMSC9IKFdFrLU+aFRYbvR8OiRCvxD0lnGgkMw/A/vrCm3zLqEY0d5S+XXo1asG
8qkBvLsfeHCabbmZMDmDSsRvAN+YKba3ucReByWodVqGnuRH+a8Pm9Oxvx4STWHR
rLbH/BXvsI1ZiQA=
=Rxbw
-----END PGP SIGNATURE-----
News for package chromium
