-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 23 Jun 2026 20:40:58 -0400
Source: chromium
Architecture: source
Version: 149.0.7827.196-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (149.0.7827.196-1~deb12u1) bookworm-security; urgency=high
.
[ Andres Salomon ]
* New upstream security release.
- CVE-2026-13028: Use after free in WebGL. Reported by anonymous.
- CVE-2026-13032: Use after free in WebGL. Reported by Google.
- CVE-2026-13033: Out of bounds read in Blink>InterestGroups.
Reported by Google.
- CVE-2026-13038: Use after free in Autofill. Reported by Google.
- CVE-2026-13021: Inappropriate implementation in
DeviceBoundSessionCredentials. Reported by Google.
- CVE-2026-13022: Inappropriate implementation in Autofill.
Reported by Google.
- CVE-2026-13023: Uninitialized Use in GPU. Reported by Google.
- CVE-2026-13024: Insufficient validation of untrusted input in
Navigation. Reported by Google.
- CVE-2026-13025: Insufficient validation of untrusted input in DevTools.
Reported by Google.
- CVE-2026-13026: Use after free in Digital Credentials.
Reported by Google.
- CVE-2026-13027: Use after free in FileSystem. Reported by Google.
- CVE-2026-13029: Use after free in Web Authentication. Reported by Google
- CVE-2026-13030: Uninitialized Use in GPU. Reported by Google.
- CVE-2026-13031: Use after free in Blink. Reported by Google.
- CVE-2026-13034: Inappropriate implementation in Passwords.
Reported by Google.
- CVE-2026-13035: Use after free in Bluetooth. Reported by Google.
- CVE-2026-13036: Use after free in Blink. Reported by Google.
- CVE-2026-13037: Use after free in WebView. Reported by Google.
Checksums-Sha1:
4f0961ccecc9233e6584bf7ba17e7c642c667179 4068 chromium_149.0.7827.196-1~deb12u1.dsc
5752af5632308ad53d79c9e57822b96f795cfffd 928930972 chromium_149.0.7827.196.orig.tar.xz
5bebf90b99a6f9684999270dbe955b8c617a5a62 8584144 chromium_149.0.7827.196-1~deb12u1.debian.tar.xz
e66489e66646f55b0f8ed4fc906ae705041007c9 26842 chromium_149.0.7827.196-1~deb12u1_source.buildinfo
Checksums-Sha256:
8ed7456ae05b8aab58227b974c67670a6a0894ddb694d36211f6af21e64916e0 4068 chromium_149.0.7827.196-1~deb12u1.dsc
5a4b980293be8e9239af6262c6c61ec1de7eaf15d6394cbc8e740c3cc3a6e10d 928930972 chromium_149.0.7827.196.orig.tar.xz
23d0eaf4a77aad49237f76a5c15e1151dfff9311d40b2c02741f769b837e9db5 8584144 chromium_149.0.7827.196-1~deb12u1.debian.tar.xz
d90b43a43df4c0b75185bcf8660437986e627c71884bae3a03a87888a470966b 26842 chromium_149.0.7827.196-1~deb12u1_source.buildinfo
Files:
134aaa6150f17e1bd21a45c3b2dcfbbc 4068 web optional chromium_149.0.7827.196-1~deb12u1.dsc
062b07383cf640d245e794c657330dd8 928930972 web optional chromium_149.0.7827.196.orig.tar.xz
3cad1a58405839a27d2f96adbdf521b1 8584144 web optional chromium_149.0.7827.196-1~deb12u1.debian.tar.xz
f878dcc1ac763ae75304f367b2226519 26842 web optional chromium_149.0.7827.196-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmo8yPgUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcDQxAAqdF8b22cPhgZLb7KF+7nqdiydazw
CKt428LCrQESQCr8x5CagWq7nt0HE7Jn3nSnmiRbn4thxiIYJa2JcM41iOhkPG4G
PdNLd03Rl8ta7wRxdyvu/Z1uXGs+m2wzMmaGT4Jl7tuWumXn2xX3uwebS3b4TVsr
43cvkAR5zg2lXpG+J/eEML5Va6Io3ihUNA/bK102brper+OPgAXLrqx9ucUc2OYX
ot3WK9Ib2Nq2EjOBW6IOMRkxbBXxXIzF4UkC0ZeksttMiJsSYu1zToDFGQ3Tm2eN
uvD/LiWxKckpuHG6Ls9DIDBrF0OvyHoG43HGhUYDK8150sfWbLpbVMJf9cQZ219D
NwLk71DPLAOplsIkF3eOLQRWaded8Qq6H0MTLd/GiqBS9GW02RzFbIafmD1UCbN6
tLg9aaDxE44u9xmGt50DUk7g4gmod99eWAiYnRGEQq40qFr4/2YgQRLyycSUt+5w
D9gUWdyKiohbNOquf6Lmfg1x4V4Q2d4URK82wdJROWqV2r/Rp1UEihh5N3e5a9dt
eGI2kfMOxSf0Z+KCZ4ap2mc09h/yP7RYkR9dQAeM8G41fU8lwkvt5MvUFB5o896r
uj4i/Br1R2ZC+1i5VLCN1tpbPhZpcHhwto20rTxt8+E83W8ljsRCEqycSUA9mAwM
Ks6RqLD77mrMKMU=
=0lEz
-----END PGP SIGNATURE-----
