-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 15 Apr 2026 15:06:40 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: arm64 Version: 147.0.7727.101-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (147.0.7727.101-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga. - CVE-2026-6297: Use after free in Proxy. Reported by heapracer. - CVE-2026-6298: Heap buffer overflow in Skia. Reported by 86ac1f1587b71893ed2ad792cd7dde32. - CVE-2026-6299: Use after free in Prerender. Reported by Google. - CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern). - CVE-2026-6359: Use after free in Video. Reported by 86ac1f1587b71893ed2ad792cd7dde32. - CVE-2026-6300: Use after free in CSS. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c. - CVE-2026-6302: Use after free in Video. Reported by Syn4pse. - CVE-2026-6303: Use after free in Codecs. Reported by Google. - CVE-2026-6304: Use after free in Graphite. Reported by Google. - CVE-2026-6305: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32. - CVE-2026-6306: Heap buffer overflow in PDFium. Reported by 86ac1f1587b71893ed2ad792cd7dde32. - CVE-2026-6307: Type Confusion in Turbofan. Reported by Project WhatForLunch (@pjwhatforlunch). - CVE-2026-6308: Out of bounds read in Media. Reported by Google. - CVE-2026-6309: Use after free in Viz. Reported by Google. - CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam. - CVE-2026-6310: Use after free in Dawn. Reported by Google. - CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google. - CVE-2026-6312: Insufficient policy enforcement in Passwords. Reported by Google. - CVE-2026-6313: Insufficient policy enforcement in CORS. Reported by Google. - CVE-2026-6314: Out of bounds write in GPU. Reported by Google. - CVE-2026-6315: Use after free in Permissions. Reported by Google. - CVE-2026-6316: Use after free in Forms. Reported by Google. - CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google. - CVE-2026-6362: Use after free in Codecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-6317: Use after free in Cast. Reported by Google. - CVE-2026-6363: Type Confusion in V8. Reported by Google. - CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse. - CVE-2026-6319: Use after free in Payments. Reported by pwn2addr. - CVE-2026-6364: Out of bounds read in Skia. Reported by Google Threat Intelligence. Checksums-Sha1: 3c12cf18a58e501d5686951fa15796a92dfac2c0 6361596 chromium-common-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb ee1d28338da779ffd7b5fedc7786a17c4e1a2b2b 30132120 chromium-common_147.0.7727.101-1~deb12u1_arm64.deb 451d873e414323119bbc0c19142b060c94303b20 36551856 chromium-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 0fd7570aeec70237e2d759c4f7fcc5015b840720 6711804 chromium-driver_147.0.7727.101-1~deb12u1_arm64.deb d0777e65785f783b66b8b9ccc355b5383b04cb77 29626492 chromium-headless-shell-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 04dc868adac2c9af012efdd3af266eaa85276a19 50429096 chromium-headless-shell_147.0.7727.101-1~deb12u1_arm64.deb c98749b3ad02db5cb38e70aacda2a93c164aafbe 20264 chromium-sandbox-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb a81ad43de73067c127e47833469aebd8b1ff5e1a 116772 chromium-sandbox_147.0.7727.101-1~deb12u1_arm64.deb 611f939fc00437955435432729976a94e5343162 31925972 chromium-shell-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 732561afaa90ab3af9e905e276b9739414ddee8a 55103560 chromium-shell_147.0.7727.101-1~deb12u1_arm64.deb 46b9924871d9563816805c01d7d038acfd89d528 30387 chromium_147.0.7727.101-1~deb12u1_arm64-buildd.buildinfo f3988db4e185b5feaa2e2e33d4366619e9272e1f 64650156 chromium_147.0.7727.101-1~deb12u1_arm64.deb Checksums-Sha256: 2e67785dc6b15afd1045f82d21f0421018a552efde3daa671b258d41a6edb089 6361596 chromium-common-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 2e375d979852a5a2adc7b5403b1965154d6eaac6f09f1e3d2718b2f61c1eeb7e 30132120 chromium-common_147.0.7727.101-1~deb12u1_arm64.deb ce2970039ed5cece6590666aa2ecfb10f04255bdfcdc3a7eb68a1c4b5ff9a542 36551856 chromium-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 962d7e84e4c277e62cfe8f607856979dddef3fd0b09d8dbe1df4070e48bfb755 6711804 chromium-driver_147.0.7727.101-1~deb12u1_arm64.deb 5c313e5b4b368546e5dde5fc415a7efe0d8f64c68d4e0dbb96e604972ea999a3 29626492 chromium-headless-shell-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 008edb97d89eca0acdcdcd3d8053c02e5322bcfdcd78bfb239682a46bdff7da0 50429096 chromium-headless-shell_147.0.7727.101-1~deb12u1_arm64.deb 7010f7e007eb8f1502a59e115bc071963dec34661c9d8c13b9c65b8fbe31a166 20264 chromium-sandbox-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 62ca6f7d6ac5f35ca0427c40f09d05da6f47580c0817ffe8c335134ffa280de7 116772 chromium-sandbox_147.0.7727.101-1~deb12u1_arm64.deb be4822888e95c93e3caf7242ab374c1b9c55753c22a0cd8980709ee4eb232423 31925972 chromium-shell-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb da93cfed438023b10b862b90d7ebdb58e65c361e8ba5663dac3d2fa6e29f8fa3 55103560 chromium-shell_147.0.7727.101-1~deb12u1_arm64.deb da714f5d69c1db407c92f3f5c613eb5af7ddabb0e8ed9b6fba9181471f6f6c67 30387 chromium_147.0.7727.101-1~deb12u1_arm64-buildd.buildinfo 3a06a758f56a3e3786f37e31a82d7f5a5389c6e2eb041649598f7846580fc5bd 64650156 chromium_147.0.7727.101-1~deb12u1_arm64.deb Files: 4e2243e17f35f4e32352036bef55e0e3 6361596 debug optional chromium-common-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 49c967cbabbc943b8e5b84552cf15f24 30132120 web optional chromium-common_147.0.7727.101-1~deb12u1_arm64.deb 019b0820ef633aba1bb6504144141262 36551856 debug optional chromium-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 760ea32dc18fc901786abd96d9ac5f1d 6711804 web optional chromium-driver_147.0.7727.101-1~deb12u1_arm64.deb 252f73f6df976ee3be8cb0049b7b07d1 29626492 debug optional chromium-headless-shell-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 5cc2efdaa7b77604fd7df84e2fe577e5 50429096 web optional chromium-headless-shell_147.0.7727.101-1~deb12u1_arm64.deb 3aea394790ef5636032ab51271c87253 20264 debug optional chromium-sandbox-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 24afcc45ba77b176b7199b0120c13a57 116772 web optional chromium-sandbox_147.0.7727.101-1~deb12u1_arm64.deb 6cbe4ac6f0831033a116840e21e9c69a 31925972 debug optional chromium-shell-dbgsym_147.0.7727.101-1~deb12u1_arm64.deb 0b871710a1a8fe4898e10d792558b4ae 55103560 web optional chromium-shell_147.0.7727.101-1~deb12u1_arm64.deb 02caedf2a5f4844236182d90f0f47678 30387 web optional chromium_147.0.7727.101-1~deb12u1_arm64-buildd.buildinfo 482e3b7e276004de208d72b9ea31d92a 64650156 web optional chromium_147.0.7727.101-1~deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE2kd8oHy+LXk/nybqvzDqKQSGl8UFAmnh45oACgkQvzDqKQSG l8XWag/+JOJuioGeD7J4Tt3khpoq1HT+8mMp2wCWd7V0/4LyJcyxilJFxB4nAE2I q4lkz8yj/QLb89urmeK49Ng8P1GV4vOuIQqJidcIvUz+S1NuHZXo7DH+hgv7q2BD x/lBTiAg8pgFd4iWnL3oAxF/XoG3K6SDLiZwxMbe2HtzXmshoEVaMwfOC7jk67rV s1IdEASZLMKqxY9vkswjtf9w+ELuY/zmmV/npTCPZ1fYiyUifdn0nbY/v/62ObMn f/iN6ZrCqfe/s4yoHmbxb3d8Pj6XHG8EasNvYxi8MpCWwiF648lDGK6ta14d7hj/ sPSu5JpQDfKL2dsAXPwqssau9bvtFBfZQP0tGx5cP03qXfTJo38/iCUU1wQxtBP1 nDQ/M/1e96Q84mxd7zF9H+GJc9rTb6f4tFfUSUqgCg7psuzDDmuiARACBwU+gFjo M9SfS69qC9Uvq5KZM+TetUEduoEhPMYIOr9C/bFOGSNzrt69q1DFLSPCqkPgZPpV CaTiOF/mE+NdIAomUHGeGCCl+phUr7kME7cDPP84Ogqt4NVVJY7CHTFEJkY3bhJb Elx4gpAKKkEBTkYuFeseJ7dhX2UeK5pMNL2TvYBI49bjBFAJv0uF+RZjqT7dHddx q/mF5GFfYoBlKb0nC/A+SvH38PoZeU9f9mF/QDN7f7GfgxO8ewA= =ck9B -----END PGP SIGNATURE-----