-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 May 2026 16:39:29 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: ppc64el Version: 148.0.7778.167-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (148.0.7778.167-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-8509: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-8510: Integer overflow in Skia. Reported by q@calif.io. - CVE-2026-8511: Use after free in UI. Reported by Google. - CVE-2026-8512: Use after free in FileSystem. Reported by Google. - CVE-2026-8513: Use after free in Input. Reported by Google. - CVE-2026-8514: Use after free in Aura. Reported by Google. - CVE-2026-8515: Use after free in HID. Reported by Google. - CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer. Reported by Google. - CVE-2026-8517: Object lifecycle issue in WebShare. Reported by Google. - CVE-2026-8518: Use after free in Blink. Reported by Google. - CVE-2026-8519: Integer overflow in ANGLE. Reported by Google. - CVE-2026-8520: Race in Payments. Reported by Google. - CVE-2026-8521: Use after free in Tab Groups. Reported by Google. - CVE-2026-8522: Use after free in Downloads. Reported by Google. - CVE-2026-8523: Use after free in Mojo. Reported by Paul Seekamp / nullenc0de. - CVE-2026-8558: Out of bounds write in Fonts. Reported by Matej Smycka. - CVE-2026-8524: Out of bounds write in WebAudio. Reported by Brendan Dolan-Gavitt, XBOW. - CVE-2026-8525: Heap buffer overflow in ANGLE. Reported by Nathaniel Oh (@calysteon). - CVE-2026-8526: Out of bounds write in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-8527: Insufficient validation of untrusted input in Downloads. Reported by rachmat.abdul.ro. - CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation. Reported by Google. - CVE-2026-8529: Heap buffer overflow in Codecs. Reported by Google. - CVE-2026-8530: Use after free in Network. Reported by Google. - CVE-2026-8531: Heap buffer overflow in WebML. Reported by Syn4pse. - CVE-2026-8532: Integer overflow in XML. Reported by Google. - CVE-2026-8533: Use after free in Accessibility. Reported by Google. - CVE-2026-8534: Integer overflow in GPU. Reported by Google. - CVE-2026-8535: Out of bounds read in Media. Reported by Google. - CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode. Reported by Google. - CVE-2026-8537: Insufficient policy enforcement in ViewTransitions. Reported by Google. - CVE-2026-8538: Insufficient validation of untrusted input in GPU. Reported by Google. - CVE-2026-8539: Script injection in SanitizerAPI. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po). - CVE-2026-8540: Type Confusion in V8. Reported by Google. - CVE-2026-8541: Out of bounds read in UI. Reported by Google. - CVE-2026-8542: Use after free in Core. Reported by Google. - CVE-2026-8543: Out of bounds read in FileSystem. Reported by Google. - CVE-2026-8544: Use after free in Media. Reported by Google. - CVE-2026-8545: Object corruption in Compositing. Reported by Google. - CVE-2026-8546: Out of bounds read in GPU. Reported by Google. - CVE-2026-8547: Insufficient policy enforcement in Passwords. Reported by Google. - CVE-2026-8548: Out of bounds write in Media. Reported by Google. - CVE-2026-8549: Use after free in Media. Reported by Google. - CVE-2026-8550: Use after free in Google Lens. Reported by Google. - CVE-2026-8551: Use after free in Downloads. Reported by Google. - CVE-2026-8552: Heap buffer overflow in GPU. Reported by Google. - CVE-2026-8553: Use after free in GPU. Reported by Google. - CVE-2026-8554: Type Confusion in ANGLE. Reported by Google. - CVE-2026-8555: Use after free in GTK. Reported by Google. - CVE-2026-8556: Inappropriate implementation in ANGLE. Reported by Google - CVE-2026-8557: Use after free in Accessibility. Reported by Google. - CVE-2026-8559: Integer overflow in Internationalization. Reported by Google. - CVE-2026-8560: Heap buffer overflow in SwiftShader. Reported by Cassidy Kim(@cassidy6564). - CVE-2026-8561: Incorrect security UI in Fullscreen. Reported by Wolfgang Ettlinger (aff. Certitude Consulting GmbH) Alexander Hurbean (aff. Certitude Consulting GmbH). - CVE-2026-8562: Side-channel information leakage in Navigation. Reported by Google. - CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox. Reported by Luan Herrera (@lbherrera_). - CVE-2026-8564: Incorrect security UI in Downloads. Reported by Alesandro Ortiz https://AlesandroOrtiz.com. - CVE-2026-8565: Inappropriate implementation in Downloads. Reported by Farras Givari. - CVE-2026-8566: Insufficient policy enforcement in Payments. Reported by Jorian Woltjer. - CVE-2026-8567: Integer overflow in ANGLE. Reported by cinzinga. - CVE-2026-8568: Insufficient policy enforcement in AI. Reported by Tianyi Hu. - CVE-2026-8569: Out of bounds write in Codecs. Reported by Google. - CVE-2026-8570: Type Confusion in V8. Reported by Google. - CVE-2026-8571: Insufficient policy enforcement in GPU. Reported by Mark Blaszczyk. - CVE-2026-8572: Insufficient policy enforcement in Network. Reported by Google. - CVE-2026-8573: Integer overflow in Codecs. Reported by Google. - CVE-2026-8574: Use after free in Core. Reported by Google. - CVE-2026-8575: Use after free in UI. Reported by Google. - CVE-2026-8576: Inappropriate implementation in CORS. Reported by Google - CVE-2026-8577: Integer overflow in Fonts. Reported by Google. - CVE-2026-8578: Out of bounds read in GPU. Reported by Google. - CVE-2026-8579: Insufficient validation of untrusted input in Skia. Reported by Google. - CVE-2026-8580: Use after free in Mojo. Reported by Google. - CVE-2026-8581: Use after free in GPU. Reported by Google. - CVE-2026-8582: Object lifecycle issue in Dawn. Reported by Google. - CVE-2026-8583: Insufficient policy enforcement in WebXR. Reported by Google. - CVE-2026-8584: Inappropriate implementation in Views. Reported by Google - CVE-2026-8585: Inappropriate implementation in Media. Reported by Google - CVE-2026-8586: Inappropriate implementation in Chromoting. Reported by Google. - CVE-2026-8587: Use after free in Extensions. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. * rust-1.85/file_as_c_str.patch: fix build on non-x86 archs, as char* signed-ness is apparently different there versus arm & ppc64 [trixie, bookworm]. Checksums-Sha1: ea06c15abc1c6bcecd1014d13bece8cc6201dfc6 6169084 chromium-common-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 6ba2452870ee2e9df62d01101107096eea7620aa 32499484 chromium-common_148.0.7778.167-1~deb12u1_ppc64el.deb 8d586b3f7f99a952b923adb3fbf771da50241133 32156856 chromium-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 1ee63f0f85cc6be3dd383870687b901b5eebd416 7790624 chromium-driver_148.0.7778.167-1~deb12u1_ppc64el.deb 6b731f2383cf6e584f79642fedb9cb5f80457e2e 25509440 chromium-headless-shell-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 06ee85b9e3cc23cbf9a648c7f6dfc34fe1f7919d 56325908 chromium-headless-shell_148.0.7778.167-1~deb12u1_ppc64el.deb 7fb35f5b5cfa03c9b5916e19e1c2f75880b2d1b7 19272 chromium-sandbox-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 73ab5c4feac3ef25daf3b1f2f20630c20b222b55 120096 chromium-sandbox_148.0.7778.167-1~deb12u1_ppc64el.deb 63597b971933edde70dbcb34b4c6e22235fcd382 27658152 chromium-shell-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 91fe48850e97fd97474e4e2a47d71d5f62deb898 61578640 chromium-shell_148.0.7778.167-1~deb12u1_ppc64el.deb 7e3aa4128dfdbe86415e98616ca23bb97479adc9 30375 chromium_148.0.7778.167-1~deb12u1_ppc64el-buildd.buildinfo 3f26bd7d281ae1eeef805b3ac18633af74c39150 73899404 chromium_148.0.7778.167-1~deb12u1_ppc64el.deb Checksums-Sha256: 89bfa8198ec1604cc134b26cd970057ef9c82228e0c10d1feb021c368ad0b05b 6169084 chromium-common-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 0ab92635b708ef17bc2bfffb1f44b20baca10b7ad1edee0dec91e1ccc11069cd 32499484 chromium-common_148.0.7778.167-1~deb12u1_ppc64el.deb a9d9ea72d309050777b8a1b4f659f2dff8324c437e95989f0d55d75ff5c191c4 32156856 chromium-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 4cfc615f82fb2e516026acf717ef7a1eeb860cee9a3f3463c7036a39514dc6c6 7790624 chromium-driver_148.0.7778.167-1~deb12u1_ppc64el.deb 951b2fa985a2824a23691f905fba6e4bbd4e26a79b110c87110d9f4a54560673 25509440 chromium-headless-shell-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 2b5c8892ba8592e518498100914496585021105534241036317e8278821b92bf 56325908 chromium-headless-shell_148.0.7778.167-1~deb12u1_ppc64el.deb 450fc1a58d3969332c571daa241fcdc469c95c88fd5e5de75010f0cf4d75c4f6 19272 chromium-sandbox-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 7e499a9f541fbe923fdb16bc483593f25db8475fffa57247fd5b447f8f34e768 120096 chromium-sandbox_148.0.7778.167-1~deb12u1_ppc64el.deb 58838504afa472b5d54b7d26af4c85338073fb8f8ce8189cf0a8c8dce8f5d36c 27658152 chromium-shell-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb d4606d477b0e40b87820d32bc35e513433b2a1b1ba1c166eb6b87efcc87ba0de 61578640 chromium-shell_148.0.7778.167-1~deb12u1_ppc64el.deb a5482e98f2eb7c9c6cc32078187a92f7012fc55c95071ded71df6b62d06efb5c 30375 chromium_148.0.7778.167-1~deb12u1_ppc64el-buildd.buildinfo 4a856b40fdda017493e243b8794a7a6fabe1f06c43aabe0a3eb6bb86875b80b9 73899404 chromium_148.0.7778.167-1~deb12u1_ppc64el.deb Files: 488c4c66e965c0978351db6c45bc5432 6169084 debug optional chromium-common-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 1bfb4ea4ababb4a64cb947d98defa911 32499484 web optional chromium-common_148.0.7778.167-1~deb12u1_ppc64el.deb 61abed9051a0669bf91617faa3023113 32156856 debug optional chromium-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 4961b1c0224fac3900b2ba8f73546c5a 7790624 web optional chromium-driver_148.0.7778.167-1~deb12u1_ppc64el.deb 9bbad49874b3cf55988f8266c41fdc35 25509440 debug optional chromium-headless-shell-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 026d3ef5cbed940bc6d99aa1309928c1 56325908 web optional chromium-headless-shell_148.0.7778.167-1~deb12u1_ppc64el.deb 5e3ec405ace5fdf87e5cef3d48c3dd1d 19272 debug optional chromium-sandbox-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 8a4c652831e283c17235ffdf5fe143f1 120096 web optional chromium-sandbox_148.0.7778.167-1~deb12u1_ppc64el.deb 92bb00ad55f3a9ad73635be771b5b034 27658152 debug optional chromium-shell-dbgsym_148.0.7778.167-1~deb12u1_ppc64el.deb 47bc26eb55623e0edefeec877a3ba0c5 61578640 web optional chromium-shell_148.0.7778.167-1~deb12u1_ppc64el.deb 7f169d356df8a87843c951038e7e42c6 30375 web optional chromium_148.0.7778.167-1~deb12u1_ppc64el-buildd.buildinfo 0649b9fd001fbf1dcd2865f5190e8282 73899404 web optional chromium_148.0.7778.167-1~deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEDoRc43uRWMOoIqIgDNLUPhbmg7MFAmoHLlAACgkQDNLUPhbm g7O2vw/+OwsYJLmkTfoTPG8CADNi362lqjLVh/WjCUCRTI/gehsEH1LyQsuuYW4z fYhPeazvLwZW+r9DBaMgosNlr84KVrRZflpPVILtcSmNYEpNN9VGQNR5MKYaBhxp 2iK7ZWSlXLx6t+WfI4P5Q75wQlWsz4ldlalpwaqH/KkwqDW21g6GO3HS3VwHW7X6 x4RwZeqiCbE/Ar+m15EBOFuoA0qCHpjAjmb5EGvWTl5GHJzVR7Dl4SvLAJ1o2bMm 1FXcMbkgP2HoSLxC0vh3dSh8ugAe/RUtuodGXSC078ExVWwAAZbbcVgSf14Hq9zR BXjEUVs5Ek3D4eCeCp6y+qNejK/sxnw9VnOFr+V5NTA0ACLlDjy6m/PkN5GEWpi+ WZ8m4zW91jiZL789VfsgoXEgDjbV5op12v01tJCudV4luLKWm8ZMEhLYwJUH3eED pVRU1nZ5T6/a66PTS2i0cp9KWuOJB+dNyKjkiNQrAt51304sSkV1zz2KcSCVVzQi sGKyWFbYP0K2ZP80TD6v7qhbmtCJaCCUT26YVD+btIkhOqZ/3eDq6qZxi+w67L1c DpY7/2V+mXBmhQw3mITSA4QykgaXlzF2e9wf6ddoJqbC1MmDJenOwf/jnje2NFiE Xedf+NQsh3cdTZw1ykPCR5GGm1xzqCwv6cVOc+TemaJQJorv7cU= =Ldjx -----END PGP SIGNATURE-----