-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: amd64
Version: 146.0.7680.71-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.71-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
     - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3916: Out of bounds read in Web Speech.
       Reported by Grischa Hauser.
     - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
     - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
     - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
     - CVE-2026-3921: Use after free in TextEncoding.
       Reported by Pranamya Keshkamat & Cantina.xyz.
     - CVE-2026-3922: Use after free in MediaStream.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3923: Use after free in WebMIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3924: Use after free in WindowDialog.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3925: Incorrect security UI in LookalikeChecks.
       Reported by NDevTK and Alesandro Ortiz.
     - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
     - CVE-2026-3927: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
     - CVE-2026-3928: Insufficient policy enforcement in Extensions.
       Reported by portsniffer443.
     - CVE-2026-3929: Side-channel information leakage in ResourceTiming.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3930: Unsafe navigation in Navigation.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3932: Insufficient policy enforcement in PDF.
       Reported by Ayato Shitomi.
     - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3935: Incorrect security UI in WebAppInstalls.
       Reported by Barath Stalin K.
     - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
     - CVE-2026-3937: Incorrect security UI in Downloads.
       Reported by Abhishek Kumar.
     - CVE-2026-3938: Insufficient policy enforcement in Clipboard.
       Reported by vicevirus.
     - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
     - CVE-2026-3940: Insufficient policy enforcement in DevTools.
       Reported by Jorian Woltjer, Mian, bug_blitzer.
     - CVE-2026-3941: Insufficient policy enforcement in DevTools.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-3942: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
   * d/rules: update rustc version string for new upstream expectations of
     no spaces.
   * d/patches:
     - upstream/disable-unrar.patch: drop, merged upstream.
     - disable/signin.patch: drop part of the patch. This patch should be
       reviewed in the future and coordinated w/ ungoogled-chromium, since
       it originally came from them.
     - disable/glic.patch: add a bunch more glic removals.
     - disable/license-headless-shell.patch: refresh.
     - disable/unrar.patch: refresh.
     - system/rollup.patch: refresh.
     - bookworm/foreach.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
     - disable/catapult.patch: update to remove some more catapult deps.
     - fixes/force-rust-nightly.patch: drop, no longer needed.
     - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
       flag/feature added to llvm-23.
     - fixes/bytemuck.patch: add rust build fix in bytemuck.
     - llvm-19/clang-19-crash.patch: add build fix; delete code that makes
       clang-19++ crash.
     - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
       issue.
     - loongarch64/0018-fix-study-crash.patch: refresh.
     - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
       refresh.
     - ppc64le/fixes/fix-study-crash.patch: refresh.
     - llvm-19/clone-traits.patch: add patch to remove a static assertion.
     - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
     - upstream/profile.patch: add header inclusion build fix from upstream.
     - trixie/value-or.patch: move to llvm-19/ directory & also add another
       place that clang-19 gets confused during build.
     - rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
     - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
       changes, and added unsafe{} blocks to the macro definitions to shrink
       this patch in the future [trixie, bookworm].
     - fixes/missing-dep.patch: add patch for dependency-related build failure
       that only happens sometimes.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/patches:
     - disable/lint.patch: New patch to disable CSS/JS linting tools.
     - bookworm/node18-compat.patch: New patch to fix various compatibility
       issues with nodejs 18 [bookworm].
     - trixie/gn-len.patch: Zap another instance of len() for older GN
       [trixie, bookworm].
Checksums-Sha1:
 d3bd34181e86db94bfa22a44b823a4ceeb8fd4f3 5388932 chromium-common-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 c643adf88df73dc6d714f3191aaa048a29253c16 29234964 chromium-common_146.0.7680.71-1~deb12u1_amd64.deb
 407e31c0726009e7a7a745a7925a1b97a3108379 35365548 chromium-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 791eca9a346eaf3d05d90c6e73a2bd28be7d07ad 7444028 chromium-driver_146.0.7680.71-1~deb12u1_amd64.deb
 80a37b1d9d916383fb30aaf1eeffe8db26dbb3c5 29332936 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 e13cefd6c03d15c0cd5dc9a38aa63de263186c90 56577500 chromium-headless-shell_146.0.7680.71-1~deb12u1_amd64.deb
 1ac5eb6564d2ac187df516bb7e38071c25e2dc47 19308 chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 8c3b94a33e71cf5164593ddeea5bc905384db0a6 113060 chromium-sandbox_146.0.7680.71-1~deb12u1_amd64.deb
 2cc4659fc9763150b93d8052fc1fd003d3c5bb99 32112972 chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 4a3ca520c9636edeb155df9d638986e48f87cf54 61616508 chromium-shell_146.0.7680.71-1~deb12u1_amd64.deb
 27a774edd6c085227cbfd9f321074b2819838628 30403 chromium_146.0.7680.71-1~deb12u1_amd64-buildd.buildinfo
 6d0fda0a60348f407e26b3339ed450fbbd4fa4e4 72967296 chromium_146.0.7680.71-1~deb12u1_amd64.deb
Checksums-Sha256:
 b03e6096c55d2fb67675f9082d51dde4dcfa35ce8e39d62d32daa30d0e236256 5388932 chromium-common-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 9693222279a03667677cfc10aff4e71e91e27692861fc2111584b8fb8325d33b 29234964 chromium-common_146.0.7680.71-1~deb12u1_amd64.deb
 64550cd18bdc96a0a87c1cd8028f2303e541e08788fb10d3182c25f5254aa46f 35365548 chromium-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 e9384fe7a9dbbb4708010bcfe642028c164319436bf6632ee07bd5817873d6b1 7444028 chromium-driver_146.0.7680.71-1~deb12u1_amd64.deb
 89425d95d8444afebb95a317ac929ff3b36d86fc1b3c880e609de41ef18690fb 29332936 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 d64c5e03980fa57ad6c061ebbfaba89d82d568632b8cf2966e86d97c3809c24d 56577500 chromium-headless-shell_146.0.7680.71-1~deb12u1_amd64.deb
 0c7166ff1da91695301083c19a5866721185d83b206303bc68c57a5a1def27a5 19308 chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 4f4f2a13d677757a62dcc51615eab0e97c615e759a3462fc7c6fc3811d6fc763 113060 chromium-sandbox_146.0.7680.71-1~deb12u1_amd64.deb
 dd43f1f3e7fa3c35338bcdaf1bb88212c3063e0cd44b91cac4868cf2563f0732 32112972 chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 2bf59f2f05c75a7b321b8a85f927e58c9ea8659f28f76735fe82a23a23ea6c84 61616508 chromium-shell_146.0.7680.71-1~deb12u1_amd64.deb
 cf6a708de2f8a7c56cc4ee4fa664fc1c051b7cc11be0931e5aa77fb2789cb196 30403 chromium_146.0.7680.71-1~deb12u1_amd64-buildd.buildinfo
 cb941f7cff1d3e03a283d990a426ce4c65d3321205834d29a0e6c3d9d43bdb7c 72967296 chromium_146.0.7680.71-1~deb12u1_amd64.deb
Files:
 94c41125c7598a51bd4fdfcb5be35099 5388932 debug optional chromium-common-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 6f89c28cff22c2de9a17634894acf7ce 29234964 web optional chromium-common_146.0.7680.71-1~deb12u1_amd64.deb
 09d9f2055d4471397d69f69c58319615 35365548 debug optional chromium-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 7950336bced01494a4b8ef730903c5be 7444028 web optional chromium-driver_146.0.7680.71-1~deb12u1_amd64.deb
 ad33854bb8db6ce72dd8843c1c7df18c 29332936 debug optional chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 84213d7ca81db8bfd8ff6bdbc8cc5728 56577500 web optional chromium-headless-shell_146.0.7680.71-1~deb12u1_amd64.deb
 fad411bd9654a294ea7b4ae808592dc8 19308 debug optional chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 348bd3b8f405af90d75472b90461601b 113060 web optional chromium-sandbox_146.0.7680.71-1~deb12u1_amd64.deb
 caa1947419e7368a47b10494be8f06e1 32112972 debug optional chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_amd64.deb
 d37d418bf7bded4000d68d49920afe8e 61616508 web optional chromium-shell_146.0.7680.71-1~deb12u1_amd64.deb
 706265c52cc051a993286619f54a19e2 30403 web optional chromium_146.0.7680.71-1~deb12u1_amd64-buildd.buildinfo
 077795600cc342fd37c8e5ef16a99363 72967296 web optional chromium_146.0.7680.71-1~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmmzMcYACgkQf2INRiCd
aWJi/g//a6rUsSTSTXY+JCKUEVVOYkYF2G9wVBMG8A8MSGXfPlZxV1ljNCbZduQA
2aDBYdKcK/S0VeGHKtB4pR4XvQab2nNYX+88naHV0mknt8Au23Y6VTALoIp1i9Vf
DdNhDNqDG8x1yC325a3DXDSSjjcd+dMjt+2RFWlwx1GhuU58rGDFvwCUe2Z1Ag8j
RUgEni/bTL3Wzux4zotYQIAUQQDKbOUQw95eESAwK/RDdzsZzydAzvaBy//KpL8l
7kNXxfYDq6hxVF1ISJ7licD/n2F6Q0OvH+Dm/a9sJaf1Tv0cOdI1Ixxhbd9NMEdn
/C0nguzJZF4NJCuenSiDMBIxgvoYd0gJawzHYt2PE1lnKSe56v3qy397CRZsvW7s
nNKkKbBU5Kgj7fqtskXKkmn/PlUiSLvkYEZMW/YpW4ckUiunEHlhREUnphu567f8
bI4ShQt8lt4CAPCuO6xUgTxJQhc6wVZ1ILiH8wnaaac70oD/L4OAi/A0BzlAmXHf
3Lf1z+TlZtP29Vgh6kW6VXVLAtQbbBsV2g9HUoHs3hxQpVl5WZNDSsekMgfitz/L
9B/rRA4YObl+FNX9RhMnMcM3dSYOOJ36PVsre4sO7KaRHKe7jZsJ0BmYdQei1nEv
D8RobPKHdpid3KOcpCR43/iyboxCfyi9kE/QrYpC6F9VrLawLcs=
=hBHY
-----END PGP SIGNATURE-----