-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 09 Jun 2026 04:00:45 -0400
Source: chromium
Architecture: source
Version: 149.0.7827.102-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (149.0.7827.102-1) unstable; urgency=high
.
[ Andres Salomon ]
* New upstream security release.
- CVE-2026-11628: Use after free in Ozone. Reported by Google.
- CVE-2026-11629: Use after free in Ozone. Reported by Google.
- CVE-2026-11630: Use after free in File Input. Reported by Google.
- CVE-2026-11631: Use after free in Aura. Reported by Google.
- CVE-2026-11632: Use after free in TabStrip. Reported by Google.
- CVE-2026-11633: Use after free in Bluetooth. Reported by Google.
- CVE-2026-11634: Use after free in Gamepad. Reported by Google.
- CVE-2026-11635: Use after free in Bluetooth. Reported by Google.
- CVE-2026-11636: Use after free in Autofill. Reported by Google.
- CVE-2026-11637: Use after free in Views. Reported by Google.
- CVE-2026-11638: Use after free in Printing. Reported by Google.
- CVE-2026-11639: Use after free in Compositing. Reported by Google.
- CVE-2026-11640: Integer overflow in libyuv. Reported by Google.
- CVE-2026-11641: Use after free in Bluetooth. Reported by Google.
- CVE-2026-11642: Use after free in Web Apps. Reported by Google.
- CVE-2026-11643: Use after free in Proxy. Reported by Google.
- CVE-2026-11644: Use after free in Views. Reported by Google.
- CVE-2026-11645: Out of bounds memory access in V8. Reported by 303f06e3
- CVE-2026-11646: Use after free in ViewTransitions.
Reported by Quac Tran.
- CVE-2026-11647: Use after free in Printing. Reported by Google.
- CVE-2026-11648: Use after free in FullScreen.
Reported by Mihnea Nicolau.
- CVE-2026-11649: Use after free in V8. Reported by Google.
- CVE-2026-11650: Use after free in V8. Reported by Google.
- CVE-2026-11651: Use after free in Network. Reported by Google.
- CVE-2026-11652: Use after free in Extensions. Reported by Google.
- CVE-2026-11653: Insufficient validation of untrusted input in
Extensions. Reported by Google.
- CVE-2026-11654: Use after free in CameraCapture. Reported by Google.
- CVE-2026-11655: Integer overflow in Media. Reported by Google.
- CVE-2026-11656: Use after free in ServiceWorker. Reported by Google.
- CVE-2026-11657: Use after free in Payments. Reported by Google.
- CVE-2026-11658: Insufficient validation of untrusted input in
Extensions. Reported by Google.
- CVE-2026-11659: Insufficient validation of untrusted input in UI.
Reported by Google.
- CVE-2026-11660: Insufficient validation of untrusted input in
New Tab Page. Reported by Google.
- CVE-2026-11661: Use after free in Views. Reported by Google.
- CVE-2026-11662: Type Confusion in Bindings. Reported by Google.
- CVE-2026-11663: Use after free in Skia. Reported by Google.
- CVE-2026-11664: Use after free in Payments. Reported by Google.
- CVE-2026-11665: Out of bounds read in Dawn. Reported by Google.
- CVE-2026-11666: Insufficient validation of untrusted input in Input.
Reported by Google.
- CVE-2026-11667: Out of bounds read in WebRTC. Reported by Google.
- CVE-2026-11668: Uninitialized Use in Codecs. Reported by Google.
- CVE-2026-11669: Integer overflow in Media. Reported by Google.
- CVE-2026-11670: Use after free in PDF. Reported by Google.
- CVE-2026-11671: Use after free in Navigation. Reported by Google.
- CVE-2026-11672: Out of bounds write in GPU. Reported by Google.
- CVE-2026-11673: Use after free in InterestGroups. Reported by Google.
- CVE-2026-11674: Use after free in Guest View. Reported by Google.
- CVE-2026-11675: Insufficient validation of untrusted input in Skia.
Reported by Google.
- CVE-2026-11676: Insufficient validation of untrusted input in Dawn.
Reported by Google.
- CVE-2026-11677: Race in Network. Reported by Google.
- CVE-2026-11678: Integer overflow in libyuv. Reported by Google.
- CVE-2026-11679: Use after free in Codecs. Reported by Google.
- CVE-2026-11680: Use after free in Media. Reported by Google.
- CVE-2026-11681: Use after free in Ozone. Reported by Google.
- CVE-2026-11682: Insufficient validation of untrusted input in Views.
Reported by Google.
- CVE-2026-11683: Use after free in WebCodecs. Reported by Google.
- CVE-2026-11684: Insufficient policy enforcement in Network.
Reported by Google.
- CVE-2026-11685: Insufficient data validation in MediaCapture.
Reported by Google.
- CVE-2026-11686: Insufficient validation of untrusted input in Dawn.
Reported by Google.
- CVE-2026-11687: Use after free in Dawn. Reported by Google.
- CVE-2026-11688: Object lifecycle issue in SVG. Reported by Google.
- CVE-2026-11689: Insufficient validation of untrusted input in
Passwords. Reported by Google.
- CVE-2026-11690: Out of bounds read and write in Media.
Reported by Google.
- CVE-2026-11691: Insufficient validation of untrusted input in
New Tab Page. Reported by Google.
- CVE-2026-11692: Use after free in Read Anything. Reported by Google.
- CVE-2026-11693: Inappropriate implementation in Plugins.
Reported by Google.
- CVE-2026-11694: Use after free in ServiceWorker. Reported by Google.
- CVE-2026-11695: Inappropriate implementation in Passwords.
Reported by Google.
- CVE-2026-11696: Uninitialized Use in Video. Reported by Google.
- CVE-2026-11697: Insufficient validation of untrusted input in UI.
Reported by Google.
- CVE-2026-11698: Use after free in Bluetooth. Reported by Google.
- CVE-2026-11699: Use after free in Bluetooth. Reported by Google.
- CVE-2026-11700: Use after free in Tracing. Reported by Google.
- CVE-2026-11701: Insufficient validation of untrusted input in Guest
View. Reported by Google.
* d/patches:
- fixes/arm-logging.patch: add patch to hopefully fix build failure
on arm*.
- loongarch64/0024-fix-libyuv-lsx.patch: refresh.
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- 0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for
upstream changes
- core/baseline-isa-3-0.patch: refresh
Checksums-Sha1:
6530d270b2e406212d194d3db48e995f8b606893 4079 chromium_149.0.7827.102-1.dsc
af23b283e8e76592011c20ec891b03161567054b 929270484 chromium_149.0.7827.102.orig.tar.xz
7d85827fe166122b7a074abfd0da5df510137661 496648 chromium_149.0.7827.102-1.debian.tar.xz
e5efb7cf57b4a0883a231144bf03504dec11da54 27919 chromium_149.0.7827.102-1_source.buildinfo
Checksums-Sha256:
cf63e66a42bd718bc4959d2eccfda1c9d0aa6f10461ee6c0563acb6a1e389596 4079 chromium_149.0.7827.102-1.dsc
57eaea7881f8c6674426982fd7ed0b3165a6c884fbc62f7a782b0321a38c6e01 929270484 chromium_149.0.7827.102.orig.tar.xz
7b1b882d96f03e3ec3556dea55ecd85bfe66c6aa9204b854ed5c3ec88c8847ad 496648 chromium_149.0.7827.102-1.debian.tar.xz
e1462d362e548a3dfaf83d87108e25757bc33fa8ffc4181fef441d486592c37b 27919 chromium_149.0.7827.102-1_source.buildinfo
Files:
f5ff4aecea0623e0c3de7543b3fdeddc 4079 web optional chromium_149.0.7827.102-1.dsc
fe4c454742bc2f18315cc7ebb3cf4f0a 929270484 web optional chromium_149.0.7827.102.orig.tar.xz
e2936683e250b9a1df3d8f9cb91a15f5 496648 web optional chromium_149.0.7827.102-1.debian.tar.xz
a071f01dba3941a496adaa3bd521e48d 27919 web optional chromium_149.0.7827.102-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmooU54UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfpRg//fi9apWJkASQj4BD9wlQ11xj2ShHi
q1yugbEegjkuLrEyOpgmWuk2MWXL29gGX8/wv/PX7lbQJlIwq5sljL//4o/7g+r4
McAg0BcS2kfmYOSFa7tMBxUug4lyxPeJZFwL7Yen+QvFa5jln6bJvKC7MfYAINHw
kGXQivHKQxSQifPY9VuL/HHKoR3HrX+wJsIX6ggAcgN0irzxeRpwT93n5Oj/VCsg
LMx9svNMyDhSgb828Uj7WPFzfDiM8zn17qtLboEt0hAz3fKf5C04QThLrl6/AC6z
nqBKA7/aR0CArePBB00Xk+jWjmfsg6fkgpAPQejhld64IaAqNeL3be4rvGM4XH9e
gCihcvt6Sror1MciY5isMCNcWDjJR83y8EqfGjYrfC82H+yuwO5YQWLeuoX2tFSb
Nh6mlomC4GYC2CoS6TuFdHhPh/UnnR1DTPyxsH57bratPGC2PzZ/Z9WbcrfL608L
I7YNcyUwEA2QFazi+YdicSiwq+ALWOS00QweMeaxmcBGXl898dpakLq7m0UWYdiZ
1yfljtMJbhvr6YjhRuXg8yRh2NthZPxOo3Ymv0zN8XjRcCdqmmwi7mj3qfhhRWyM
hfXpF736Sqgn5J0KRe81GcnjRMwA6qgvpTnrGsXNBj8rEmdUmAtaGZfMhTzYkT92
/d3ROs1Ol3d7Hs0=
=7vWZ
-----END PGP SIGNATURE-----
