-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 23 Jun 2026 20:40:58 -0400
Source: chromium
Architecture: source
Version: 149.0.7827.196-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (149.0.7827.196-1~deb13u1) trixie-security; urgency=high
.
[ Andres Salomon ]
* New upstream security release.
- CVE-2026-13028: Use after free in WebGL. Reported by anonymous.
- CVE-2026-13032: Use after free in WebGL. Reported by Google.
- CVE-2026-13033: Out of bounds read in Blink>InterestGroups.
Reported by Google.
- CVE-2026-13038: Use after free in Autofill. Reported by Google.
- CVE-2026-13021: Inappropriate implementation in
DeviceBoundSessionCredentials. Reported by Google.
- CVE-2026-13022: Inappropriate implementation in Autofill.
Reported by Google.
- CVE-2026-13023: Uninitialized Use in GPU. Reported by Google.
- CVE-2026-13024: Insufficient validation of untrusted input in
Navigation. Reported by Google.
- CVE-2026-13025: Insufficient validation of untrusted input in DevTools.
Reported by Google.
- CVE-2026-13026: Use after free in Digital Credentials.
Reported by Google.
- CVE-2026-13027: Use after free in FileSystem. Reported by Google.
- CVE-2026-13029: Use after free in Web Authentication. Reported by Google
- CVE-2026-13030: Uninitialized Use in GPU. Reported by Google.
- CVE-2026-13031: Use after free in Blink. Reported by Google.
- CVE-2026-13034: Inappropriate implementation in Passwords.
Reported by Google.
- CVE-2026-13035: Use after free in Bluetooth. Reported by Google.
- CVE-2026-13036: Use after free in Blink. Reported by Google.
- CVE-2026-13037: Use after free in WebView. Reported by Google.
Checksums-Sha1:
ffa7c7fd1e5880abe8ab5c8f787760d59590504c 4099 chromium_149.0.7827.196-1~deb13u1.dsc
5752af5632308ad53d79c9e57822b96f795cfffd 928930972 chromium_149.0.7827.196.orig.tar.xz
4f791dfc909dfc43ad1d7ddb9bb603cb9537e16e 497472 chromium_149.0.7827.196-1~deb13u1.debian.tar.xz
5fc311f74a32511c223c2d0fef08b57e07a1c842 27174 chromium_149.0.7827.196-1~deb13u1_source.buildinfo
Checksums-Sha256:
c9ed4db8e16b7679c01e85eefe149b4334364a109de4caaa14cd94e7e25eacf4 4099 chromium_149.0.7827.196-1~deb13u1.dsc
5a4b980293be8e9239af6262c6c61ec1de7eaf15d6394cbc8e740c3cc3a6e10d 928930972 chromium_149.0.7827.196.orig.tar.xz
58ce60ce506ff186c8b907546771a221c598bfe53d0730ea85fd130baff68a26 497472 chromium_149.0.7827.196-1~deb13u1.debian.tar.xz
7e4ffbb23e1d70e21436eca3511a664389610f70161f22982ed374d584082d4f 27174 chromium_149.0.7827.196-1~deb13u1_source.buildinfo
Files:
7f06004a0fab499cbac0d67d31a412d6 4099 web optional chromium_149.0.7827.196-1~deb13u1.dsc
062b07383cf640d245e794c657330dd8 928930972 web optional chromium_149.0.7827.196.orig.tar.xz
bc680e4880b026c8ae209f5246183dfa 497472 web optional chromium_149.0.7827.196-1~deb13u1.debian.tar.xz
748df82fcf323575cdb7680381f85cb1 27174 web optional chromium_149.0.7827.196-1~deb13u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmo8fmoUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfswA//UaVaSJTMfQA44uskLAFs76oFyGR0
UJjFOu8TsSMTWBQcGkpaB7CLJzenF+dQQ6chMhXfgSRGTRXxWK00NQW7/hGXOE9T
+DdAfGN8qyGnZiB5wPfcLqyiVba3iwWp9tGLns5sFG7k883sX4m1/eHVzUm5Mmo0
JWdBdO0Xmld7+D7HEB4d7mpT0KljsRmsf7G8riBeRC78nZHbNGmGA3dC53QhXInE
oJsQoPMS1X8Lu+/fKHQnbw6aE4lIZJYGx8P8xDdXVGVsx1GRKP2+t4wiWmlKU8YU
ik23tsbR9gpzqhgJFquUbRuu8nJK4gQZmqGDNs5UUfUIv/Pfv9sU3pE2QqcyXNxQ
dwmCo3zHclKzDHFxOEDO7UmOevt6/smvwmT0W5lM+bs3eLmMv6dTHC/28f10IF4q
ULUVZciBxWuYnchmnUz3Ku4q9NUqbZJExvBblWbKIMt3kLUSNXRPurCXLKbR11ph
XLHRSavoARia+0X75brt7X57takJBpsDa2B018YvRU3bkkWOWGBzAHfAly4aS8fQ
gG3oJl0nqU+paG6Z06gS4FcHTWhDUIyUKs6l00ArV+vbdbPndOBW2MincHU8LnDa
bZx+ExdXUrvuyPHmHF7gsqMYmLZbnBzb2nCzVuCJ+s4QgO+p/jHrF5xicZ9Hskmc
PHKq1ugwVYdkOuk=
=kMOp
-----END PGP SIGNATURE-----
