-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 10 Jul 2026 01:45:42 -0400
Source: chromium
Architecture: source
Version: 150.0.7871.114-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (150.0.7871.114-1) unstable; urgency=high
.
[ Andres Salomon ]
* New upstream security release.
- CVE-2026-15112: Use after free in Ozone. Reported by Google.
- CVE-2026-15129: Use after free in Views. Reported by Google.
- CVE-2026-15132: Uninitialized Use in V8.
Reported by Pierre Langlois from Arm.
- CVE-2026-15133: Use after free in InterestGroups. Reported by Jihyeon
Jeong (Compsec Lab, Seoul National University / Research Intern).
- CVE-2026-15108: Integer overflow in Extensions API. Reported by Google.
- CVE-2026-15109: Uninitialized Use in ANGLE. Reported by Google.
- CVE-2026-15110: Use after free in Extensions. Reported by Google.
- CVE-2026-15111: Use after free in Views. Reported by Google.
- CVE-2026-15113: Use after free in Autofill. Reported by Google.
- CVE-2026-15114: Out of bounds read and write in Codecs.
Reported by Google.
- CVE-2026-15115: Insufficient validation of untrusted input in
WebAppInstalls. Reported by Google.
- CVE-2026-15116: Use after free in Actor. Reported by Google.
- CVE-2026-15117: Use after free in Payments. Reported by Google.
- CVE-2026-15118: Use after free in Input. Reported by Google.
- CVE-2026-15119: Inappropriate implementation in GetUserMedia.
Reported by Google.
- CVE-2026-15120: Use after free in Core. Reported by Google.
- CVE-2026-15121: Use after free in WebRTC. Reported by Google.
- CVE-2026-15122: Insufficient validation of untrusted input in Codecs.
Reported by Google.
- CVE-2026-15123: Insufficient data validation in DOM. Reported by Google
- CVE-2026-15124: Insufficient policy enforcement in Passwords.
Reported by Google.
- CVE-2026-15125: Inappropriate implementation in Forms.
Reported by Google.
- CVE-2026-15126: Use after free in Forms. Reported by Google.
- CVE-2026-15127: Inappropriate implementation in WebGL.
Reported by Google.
- CVE-2026-15128: Inappropriate implementation in Forms.
Reported by Google.
- CVE-2026-15130: Insufficient policy enforcement in Navigation.
Reported by Google.
- CVE-2026-15107: Use after free in IndexedDB.
Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
- CVE-2026-15131: Insufficient data validation in Navigation.
Reported by Google.
Checksums-Sha1:
7d8403126ba338a76af08fd71a51584432ecea75 4079 chromium_150.0.7871.114-1.dsc
c2c182e9cc5cfe314511c0c9eea26df406edc4a8 941382260 chromium_150.0.7871.114.orig.tar.xz
53128ad6198036e879eb394eec5287bbddb77502 537460 chromium_150.0.7871.114-1.debian.tar.xz
30161a08bc4df54e3ee1ed17232fdd9481aa4ad4 28283 chromium_150.0.7871.114-1_source.buildinfo
Checksums-Sha256:
0cce8be9aff510f7fb418e8bdd4398df8b4f14824b9d201f586a1a984056a8b3 4079 chromium_150.0.7871.114-1.dsc
962917b028794a608ac57c260312e8a1c47ee244c5f88d585fa4645383593453 941382260 chromium_150.0.7871.114.orig.tar.xz
785b810aac99dcc520484d85da623a37ac3ada8f19e6268e77043578d6a9cee4 537460 chromium_150.0.7871.114-1.debian.tar.xz
d0e9e25972c55fffc26a3542200e07972238ef081705b17e3e17bcf8374c9a0e 28283 chromium_150.0.7871.114-1_source.buildinfo
Files:
b3a987ec12968ef68801f8e8455e2c73 4079 web optional chromium_150.0.7871.114-1.dsc
84472f0596f14b31b83e88a698f2f9cd 941382260 web optional chromium_150.0.7871.114.orig.tar.xz
da8f6acac26555c84483703bffcedbb6 537460 web optional chromium_150.0.7871.114-1.debian.tar.xz
7c1876a8ead28122622aaed5046726db 28283 web optional chromium_150.0.7871.114-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmpRIkwUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjf9vw/+MhH/5v3wNkrmQfWQrty4u9VO2Mkp
2xlYFFiaDIXNIOLpqoF3oNtkXcyfOSMrlcaOge9EdNWRliXESkbobW3jmIf/8Azj
b9Ywep92wp0RSrPFJI0HEBq+yL6chCuzQCOfwf4PglGqjQo5a6mUX4xI7OJfHoee
fDBuibK8jzGikGaFj2A+xTu+xxYeboly+doJCxMiFNoLfVZC8Af1h/t3geAWFIpQ
oAJBseBUeCCxRMXX18JJYBvezVE41FiVj140TvqgvxPFY+cIrH9mJ0PLkn7TJz8n
KC5+AoND9jRYkwrjRXmMbl6Sq11HvtziirGwzx+UjXxWLuM21crBwDwA2gonO2Mt
zdD+QEgCMLFKuoxXv2cN1CnvuBCU/qaziiBF9ZbcHhNlKqIdO9VVt0UDeJnD68kb
r5GPBQoYfsxdzLILalzjED+ZWHqaKgqQKppcuHcHMj6b1JBZv5s9gZuN6V4aTDKV
bX1QL1rZCrdcxq0mv3Nzfjrj7UZ7oQcbLdgK68chrViqPkIkF/VO3CRg1ccyGxj4
ZELp8X/hqWnXfGBUm/4HxwieDAD1+CZCqAI9c8qLAgrY0pQAE8R0wQpUcnpVy/4C
odVUq8YBbVLlTrOwrUu+HmeIqbM/o42PctWUZIM4ozRs2Pp7XyLIXzf3OcfAbETU
eLitbHpKIgpHMjw=
=h/G7
-----END PGP SIGNATURE-----