Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted chromium 149.0.7827.155-1~deb13u1 (source) into proposed-updates
Date: Fri, 19 Jun 2026 17:17:16 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 17 Jun 2026 01:14:44 -0400
Source: chromium
Architecture: source
Version: 149.0.7827.155-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (149.0.7827.155-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-12437: Use after free in WebShare. Reported by Google.
     - CVE-2026-12438: Inappropriate implementation in WebView.
       Reported by Google.
     - CVE-2026-12439: Use after free in Digital Credentials.
       Reported by Google.
     - CVE-2026-12440: Use after free in DigitalCredentials. Reported by Google
     - CVE-2026-12441: Use after free in File Input. Reported by Google.
     - CVE-2026-12442: Use after free in Passwords. Reported by Google.
     - CVE-2026-12443: Use after free in Web Authentication. Reported by Google
     - CVE-2026-12444: Out of bounds read in Chromoting. Reported by Google.
     - CVE-2026-12445: Use after free in Extensions. Reported by Google.
     - CVE-2026-12446: Insufficient data validation in Passwords.
       Reported by Google.
     - CVE-2026-12447: Heap buffer overflow in WebRTC. Reported by Google.
     - CVE-2026-12448: Inappropriate implementation in WebView.
       Reported by Google.
     - CVE-2026-12449: Use after free in Chromoting. Reported by Google.
     - CVE-2026-12450: Inappropriate implementation in Media.
       Reported by Zhixin Tu.
     - CVE-2026-12451: Use after free in DigitalCredentials. Reported by Google
     - CVE-2026-12452: Use after free in Downloads. Reported by Google.
     - CVE-2026-12453: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-12454: Race in Safe Browsing. Reported by Google.
     - CVE-2026-12455: Use after free in Tab Strip. Reported by Google.
     - CVE-2026-12456: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-12457: Insufficient data validation in Extensions.
       Reported by Google.
     - CVE-2026-12458: Incorrect security UI in Passwords. Reported by Google.
     - CVE-2026-12459: Inappropriate implementation in Serial.
       Reported by Google.
     - CVE-2026-12460: Insufficient policy enforcement in File System Access.
       Reported by Google.
     - CVE-2026-12461: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-12462: Use after free in Media. Reported by Google.
     - CVE-2026-12463: Inappropriate implementation in Views.
       Reported by Google.
     - CVE-2026-12464: Use after free in Browser. Reported by Google.
     - CVE-2026-12465: Insufficient validation of untrusted input in Metrics.
       Reported by Google.
     - CVE-2026-12466: Heap buffer overflow in WebRTC. Reported by Google.
     - CVE-2026-12467: Use after free in Extensions. Reported by Google.
     - CVE-2026-12468: Inappropriate implementation in Updater.
       Reported by Google.
     - CVE-2026-12469: Uninitialized Use in GPU. Reported by Google.
Checksums-Sha1:
 c51ce4f05a6b0af2df924bd1700aed7b7ee00f65 4099 chromium_149.0.7827.155-1~deb13u1.dsc
 b4d264b6215478bb7991d87cbeaa1ee601d847a0 928831668 chromium_149.0.7827.155.orig.tar.xz
 ab7c2c323845677add03679520f52fca7e27081e 497256 chromium_149.0.7827.155-1~deb13u1.debian.tar.xz
 d3073a6e08975f637ded13719a11835a32b10bb9 27174 chromium_149.0.7827.155-1~deb13u1_source.buildinfo
Checksums-Sha256:
 76067857023efa5282face9c38ba2491534892ce53d22917731b47c4a3af1a06 4099 chromium_149.0.7827.155-1~deb13u1.dsc
 26a570d8be75445c40a475f0a9c7854582b85bdc759ca65272f28c0e555619d0 928831668 chromium_149.0.7827.155.orig.tar.xz
 afe8868f63925da160172b1d97f54d10a688f89e6ad1302715482fdef60ca0c1 497256 chromium_149.0.7827.155-1~deb13u1.debian.tar.xz
 a98499e4b0b7b5c65188dab8025bfe88ca488ed7b4dbf1e5cb7b98da431dd7c5 27174 chromium_149.0.7827.155-1~deb13u1_source.buildinfo
Files:
 a8d7ef56b5c49bb0317b76526ea83953 4099 web optional chromium_149.0.7827.155-1~deb13u1.dsc
 ff5abb98528d4d7e91f75325b9532006 928831668 web optional chromium_149.0.7827.155.orig.tar.xz
 5738d8fe88ad06a6f59b276945694189 497256 web optional chromium_149.0.7827.155-1~deb13u1.debian.tar.xz
 52fdc196188b9412451ffdd5a2d3e451 27174 web optional chromium_149.0.7827.155-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmozcA4UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjc6bQ/9GkR8AqMT/AErTdKFs4L+fonNWHsK
tVpLjZcvmmGvRqZDAThtDWSaQjVd5Ssxf1qhjhOQCgZxRKZHdv4ndmiR53DGsaCf
H8xZvbGdgLkY7iv+8kHjab7Gk3kS3T88Q0BgjT7it525suBsb7G7ZPv7QOnGg87X
Mb9F7AuL05VD0KWOIDIA2CFYO6bTlfHzdB8oeqnGi5NCa6DFMLjPUx/i8A1x1Zlt
LaVPTRklEzk7yAQSp0wGe5+d/FRHPef218aGH7ghfDIg7FNvJMLrG/1PDsFyvg3w
SvRCGOUPvII6DGxWY0VI7Ryd+TpQxVJaXZ+Q3WVRT2+3V0NNn7LPoRRw9zGWG8N/
HX9OkW6DDWrpfPivyy86T1dW6R0VvX4Z7an+9ye64FaqfhMyEcSyf2wQGqimnont
8TEiaBfTTbnw8wGs0jLESvK5sVFy01pFgqEppYP30cvNJ0dXQ4acIkGP4hJ0iI7g
Lwxyd+kq30Vv72HEoeXSyIxD7/NlghgEGGyUF2wzfJKKc5y6xnDvL1rtjjCt8fOt
wqPjIc9BUvmmPI2AXO9p8qeZsOhMSZ2VmXTeZuu3f5EdP8GiEHZoMMnrUq8ih2sE
KLp5rBTLF7/d4TEy6q7KwEfzO3BhiRbMlj1xe7sHAy0h9xK1duasD97FPkozioYv
WTJpxfhoeoVOd0o=
=uDuf
-----END PGP SIGNATURE-----
News for package chromium
