Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted chromium 149.0.7827.155-1~deb12u1 (source) into oldstable-security
Date: Thu, 18 Jun 2026 22:41:35 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 17 Jun 2026 01:14:44 -0400
Source: chromium
Architecture: source
Version: 149.0.7827.155-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (149.0.7827.155-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-12437: Use after free in WebShare. Reported by Google.
     - CVE-2026-12438: Inappropriate implementation in WebView.
       Reported by Google.
     - CVE-2026-12439: Use after free in Digital Credentials.
       Reported by Google.
     - CVE-2026-12440: Use after free in DigitalCredentials. Reported by Google
     - CVE-2026-12441: Use after free in File Input. Reported by Google.
     - CVE-2026-12442: Use after free in Passwords. Reported by Google.
     - CVE-2026-12443: Use after free in Web Authentication. Reported by Google
     - CVE-2026-12444: Out of bounds read in Chromoting. Reported by Google.
     - CVE-2026-12445: Use after free in Extensions. Reported by Google.
     - CVE-2026-12446: Insufficient data validation in Passwords.
       Reported by Google.
     - CVE-2026-12447: Heap buffer overflow in WebRTC. Reported by Google.
     - CVE-2026-12448: Inappropriate implementation in WebView.
       Reported by Google.
     - CVE-2026-12449: Use after free in Chromoting. Reported by Google.
     - CVE-2026-12450: Inappropriate implementation in Media.
       Reported by Zhixin Tu.
     - CVE-2026-12451: Use after free in DigitalCredentials. Reported by Google
     - CVE-2026-12452: Use after free in Downloads. Reported by Google.
     - CVE-2026-12453: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-12454: Race in Safe Browsing. Reported by Google.
     - CVE-2026-12455: Use after free in Tab Strip. Reported by Google.
     - CVE-2026-12456: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-12457: Insufficient data validation in Extensions.
       Reported by Google.
     - CVE-2026-12458: Incorrect security UI in Passwords. Reported by Google.
     - CVE-2026-12459: Inappropriate implementation in Serial.
       Reported by Google.
     - CVE-2026-12460: Insufficient policy enforcement in File System Access.
       Reported by Google.
     - CVE-2026-12461: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-12462: Use after free in Media. Reported by Google.
     - CVE-2026-12463: Inappropriate implementation in Views.
       Reported by Google.
     - CVE-2026-12464: Use after free in Browser. Reported by Google.
     - CVE-2026-12465: Insufficient validation of untrusted input in Metrics.
       Reported by Google.
     - CVE-2026-12466: Heap buffer overflow in WebRTC. Reported by Google.
     - CVE-2026-12467: Use after free in Extensions. Reported by Google.
     - CVE-2026-12468: Inappropriate implementation in Updater.
       Reported by Google.
     - CVE-2026-12469: Uninitialized Use in GPU. Reported by Google.
Checksums-Sha1:
 6ac03f9f7645f1d760a3821d0a436bfd14f51c39 4068 chromium_149.0.7827.155-1~deb12u1.dsc
 b4d264b6215478bb7991d87cbeaa1ee601d847a0 928831668 chromium_149.0.7827.155.orig.tar.xz
 63b5adaa8582c951a0e480c9448910efb733e0d7 8583848 chromium_149.0.7827.155-1~deb12u1.debian.tar.xz
 92643a57f0c696a6c1e1dcac298a44524a9b5009 26842 chromium_149.0.7827.155-1~deb12u1_source.buildinfo
Checksums-Sha256:
 07ab3399166e2f5d030a3539e4e010e12faa68471858ffbc93112990ab13643e 4068 chromium_149.0.7827.155-1~deb12u1.dsc
 26a570d8be75445c40a475f0a9c7854582b85bdc759ca65272f28c0e555619d0 928831668 chromium_149.0.7827.155.orig.tar.xz
 b5a4be179f65b115d45f6cd29941640bc4660ed23655b16769a051d55aa2e3c0 8583848 chromium_149.0.7827.155-1~deb12u1.debian.tar.xz
 bd790ca7bf2f9bbe62f7cc461b83d057ff78b3915d9d7338aa216b18bf39e400 26842 chromium_149.0.7827.155-1~deb12u1_source.buildinfo
Files:
 ca5feb71827cc59c1d0e47b9a26f4876 4068 web optional chromium_149.0.7827.155-1~deb12u1.dsc
 ff5abb98528d4d7e91f75325b9532006 928831668 web optional chromium_149.0.7827.155.orig.tar.xz
 e86ed39390b00bbd60c0bf1715cf0b1c 8583848 web optional chromium_149.0.7827.155-1~deb12u1.debian.tar.xz
 656b2501e6439686528477f13c951683 26842 web optional chromium_149.0.7827.155-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmozrgQUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjekuBAArkAhwbNbqT78fHqizikVb54C1JQP
O9LfILnQwfRSwm2BsmWB2wQ5qYOoWxXAJH6mkJDl1Nc/ZJJ0OsgrabyFiSMk6mGh
z9zpSXyJH3ZvfItH5eJrmEl5BMNuRf6Wmx+kXrzPDlO/HArXSOR+9mmsOUOp6/0S
iPDCQGCmhmwyi0aaKvEMXAVzJhm9tcChQ/WgoqNP0MmWg8xik1AYkig8QJ8zWC83
iw6RncRt/uxo6lIUhB+8oyBV857Mzkj1ODc1LcQO0QHBgIx8yHL92nckScvZ4YWQ
bKKshKRVOJNeyNgcgzxJ0ljBTUfHnAhtJAaVmXPFHufVDstYB6uQ7wvXcbc/g5Lq
mEWlXznNC6YJJ/Wy7gHBxlC5WU4q8Wy9uH/+LdQQ56kMO8zVp7+hY51c2yuQKS/M
nnDcqSqI9qNlvcuUnFFiJEwhtOAKM2udSbw6OHf+LZXgg2dmuSKsCJwxFpHjYuLk
ccJiUT6UD2pnVQnlAysckC76vzImheoWYU5ZMvlEK1k4uLNPh00Rf4iF/ku9HeoP
72iaZ+v4jhVtSws2o5/RBIYXZlxU65yUBXVFDUxWsniBTwQh/ACU01Rt7hf8U1ru
WEcC9tFdb5BL0gJcEzyFIaI2m6xkZRzMhgoPMmqczFubvxw+J5gorybkhtFC2383
YLspjFfHuSGo+3U=
=5faq
-----END PGP SIGNATURE-----
News for package chromium
