-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 146.0.7680.71-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-04) <buildd_arm64-arm-ubc-04@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.71-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
     - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3916: Out of bounds read in Web Speech.
       Reported by Grischa Hauser.
     - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
     - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
     - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
     - CVE-2026-3921: Use after free in TextEncoding.
       Reported by Pranamya Keshkamat & Cantina.xyz.
     - CVE-2026-3922: Use after free in MediaStream.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3923: Use after free in WebMIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3924: Use after free in WindowDialog.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3925: Incorrect security UI in LookalikeChecks.
       Reported by NDevTK and Alesandro Ortiz.
     - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
     - CVE-2026-3927: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
     - CVE-2026-3928: Insufficient policy enforcement in Extensions.
       Reported by portsniffer443.
     - CVE-2026-3929: Side-channel information leakage in ResourceTiming.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3930: Unsafe navigation in Navigation.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3932: Insufficient policy enforcement in PDF.
       Reported by Ayato Shitomi.
     - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3935: Incorrect security UI in WebAppInstalls.
       Reported by Barath Stalin K.
     - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
     - CVE-2026-3937: Incorrect security UI in Downloads.
       Reported by Abhishek Kumar.
     - CVE-2026-3938: Insufficient policy enforcement in Clipboard.
       Reported by vicevirus.
     - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
     - CVE-2026-3940: Insufficient policy enforcement in DevTools.
       Reported by Jorian Woltjer, Mian, bug_blitzer.
     - CVE-2026-3941: Insufficient policy enforcement in DevTools.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-3942: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
   * d/rules: update rustc version string for new upstream expectations of
     no spaces.
   * d/patches:
     - upstream/disable-unrar.patch: drop, merged upstream.
     - disable/signin.patch: drop part of the patch. This patch should be
       reviewed in the future and coordinated w/ ungoogled-chromium, since
       it originally came from them.
     - disable/glic.patch: add a bunch more glic removals.
     - disable/license-headless-shell.patch: refresh.
     - disable/unrar.patch: refresh.
     - system/rollup.patch: refresh.
     - bookworm/foreach.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
     - disable/catapult.patch: update to remove some more catapult deps.
     - fixes/force-rust-nightly.patch: drop, no longer needed.
     - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
       flag/feature added to llvm-23.
     - fixes/bytemuck.patch: add rust build fix in bytemuck.
     - llvm-19/clang-19-crash.patch: add build fix; delete code that makes
       clang-19++ crash.
     - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
       issue.
     - loongarch64/0018-fix-study-crash.patch: refresh.
     - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
       refresh.
     - ppc64le/fixes/fix-study-crash.patch: refresh.
     - llvm-19/clone-traits.patch: add patch to remove a static assertion.
     - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
     - upstream/profile.patch: add header inclusion build fix from upstream.
     - trixie/value-or.patch: move to llvm-19/ directory & also add another
       place that clang-19 gets confused during build.
     - rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
     - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
       changes, and added unsafe{} blocks to the macro definitions to shrink
       this patch in the future [trixie, bookworm].
     - fixes/missing-dep.patch: add patch for dependency-related build failure
       that only happens sometimes.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/patches:
     - disable/lint.patch: New patch to disable CSS/JS linting tools.
     - bookworm/node18-compat.patch: New patch to fix various compatibility
       issues with nodejs 18 [bookworm].
     - trixie/gn-len.patch: Zap another instance of len() for older GN
       [trixie, bookworm].
Checksums-Sha1:
 2de612ecf6288842f754f73abf2666cce21e9729 6259552 chromium-common-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 bc33e03b07905a358f51380aab57f9a04878e642 34081564 chromium-common_146.0.7680.71-1~deb12u1_arm64.deb
 6964811228e19f362ffd9ed39e703d9cf78607e4 36185236 chromium-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 759a0780958c06c3f93c9225c1b547cf52f0c4eb 6640224 chromium-driver_146.0.7680.71-1~deb12u1_arm64.deb
 2bd33b04918abe4a13e3503a25319b4bb6ddc9c2 29418264 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 1301b0e0d6144d84e0e38b5083028f45914f86a2 49878048 chromium-headless-shell_146.0.7680.71-1~deb12u1_arm64.deb
 40b2d46ef09265026020e7f6976583928b278a79 20260 chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 5be588ee229900d552d6ee9cd57a0ae0cb91c0ac 113780 chromium-sandbox_146.0.7680.71-1~deb12u1_arm64.deb
 d17889262c40acfdcac2c89c47d20d7ed7cd35e0 31692988 chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 e51fbba56b5c62af56929d28dafc2b7c3b04726e 54419564 chromium-shell_146.0.7680.71-1~deb12u1_arm64.deb
 231dbbb7eeb4def122dda55f758a50c766ad21b8 30352 chromium_146.0.7680.71-1~deb12u1_arm64-buildd.buildinfo
 b7e1647237c97b35aac75321c6edbf59a223538b 63538336 chromium_146.0.7680.71-1~deb12u1_arm64.deb
Checksums-Sha256:
 77174e8755a09c14fec24fabb0b1c6ba18bf0ee078493918cae7e72b9a76bac5 6259552 chromium-common-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 808e57786cebda568e58a66a123856586ebca325ddb574d141957fdec747f35d 34081564 chromium-common_146.0.7680.71-1~deb12u1_arm64.deb
 4c3d6962e3035948c84cc4bbdb8529a352f15a4b37875f9849306607c54287d6 36185236 chromium-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 facb3d3b5e120a592576c045f7ad7307d9d5a702e743ae250000a84d95c8a0f9 6640224 chromium-driver_146.0.7680.71-1~deb12u1_arm64.deb
 84c0d2da098c473c8eeff3091e1d44fb030c6170b2264f102674e3e462e64684 29418264 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 c3054d31b929effcc9e06c470eb333684dd5d62c481e748db8e8e2a7d8ab583d 49878048 chromium-headless-shell_146.0.7680.71-1~deb12u1_arm64.deb
 ca97a3380a1972c2eff3ef3256bdc73116810c4cb6afa4ebdc7d11363a504a4b 20260 chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 7cb5fc9dc0b024d9713e09cefe13f90e59c7cfbd9da18de8fbc88604b7f7b873 113780 chromium-sandbox_146.0.7680.71-1~deb12u1_arm64.deb
 ab7886c12ae89ad52de60665488339b451a9a682e659f50987da2c93ed55c2af 31692988 chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 9e3a845f81c4be10dc739102fbdcbd5ee411edfe5eee88aed0332243745a88a7 54419564 chromium-shell_146.0.7680.71-1~deb12u1_arm64.deb
 611bd1485950026b151f3e0aa6812c9c0fdc94ddc07d2d40e1c8bccb9ae1b712 30352 chromium_146.0.7680.71-1~deb12u1_arm64-buildd.buildinfo
 09852d0e84e49d64612f6ebd9a76eb8387a06a8f29dfa88b6d50f29d187d9469 63538336 chromium_146.0.7680.71-1~deb12u1_arm64.deb
Files:
 a2a201ce44c090750d0cb8b66b7703f8 6259552 debug optional chromium-common-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 189be2ff4df435cc6db5b5cd69d7af8b 34081564 web optional chromium-common_146.0.7680.71-1~deb12u1_arm64.deb
 6e6856fad2060a1c26bbc76927254dee 36185236 debug optional chromium-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 316385b68047928169a898d3e5a44555 6640224 web optional chromium-driver_146.0.7680.71-1~deb12u1_arm64.deb
 563ca144ac9332292bf65bf0573674ff 29418264 debug optional chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 23753809fad5d5aa8f68881e32f4cc21 49878048 web optional chromium-headless-shell_146.0.7680.71-1~deb12u1_arm64.deb
 9279d7e03c17ee7068febf72f8eb3ee6 20260 debug optional chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 d1c641d8fe0c56eccbdb896d648d07ff 113780 web optional chromium-sandbox_146.0.7680.71-1~deb12u1_arm64.deb
 ca801846e0ddf5eefa406477fc446eca 31692988 debug optional chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_arm64.deb
 bb533ea0927a71dd4912860788c157c2 54419564 web optional chromium-shell_146.0.7680.71-1~deb12u1_arm64.deb
 0ba636ca76fd8866b9148cc7e3fa7a5f 30352 web optional chromium_146.0.7680.71-1~deb12u1_arm64-buildd.buildinfo
 a16033b318b4877e1915a90ba2cd17fb 63538336 web optional chromium_146.0.7680.71-1~deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUPFH3FhY8nQZGtLwVLd4YzMSDKEFAmmzF28ACgkQVLd4YzMS
DKF9vw/9HBbdWY5DQvZLNMjXCg9El11sWPCw9o2Pum49XQ+uvXNdQArjDfjrwaxx
dnEm55x/Kuj1NeG5cc+h7NYjkV56XLWFZeQWFEhv9ccK15wg6QM9aOSX57EC7prI
X5QsO8pwtEQbQFPjmweILjEfqEJg8kCamlwsMmF1LNBFl0lOSuVQk4zcWaQBwplN
G9Q3CD5bV5qRl+ghsxhfR7iIqfSTJHwKbRbPMAAAo7rv6ugayhdl+8lbfWJgaBEO
CLSPtcL2vPKOB23jRA5g8RIGGKb4jcy8coDuBC/4jgb6I8q0PqvOZqFSMv0osKXN
JQYnFfgp1Fzpic0+yO3+biVaU2MdygXeYE6AtIIl1pEXq11ecjIgiLXtdFgigRUn
we2yOQsO9Yr1q5+8i323B0MaAImDzKdq79ZNT3BfEnC+gZ4A2A34YCpkSrKxJNNS
AfMCyo3R97HC96JoJ4Zac6TQcvRCn11gVb5r0I29kLENO0C19GWy8ixmNZKeidrB
jAlP3EUgJD+jmV0ZzvgxjzQM9nxMtFJ/2XevosygfVE4w2lDUVQpuHHtEMb4x1o2
UWhhF1LpnQlKNZylPuKXUCMKjl9NrDAnQ7bfhlfGLK+/aW5mcaedRkxmNWbohTfU
YLhFYl+PO2eLw6/oS+iTFyzsyh7a/r7kzz3Rf/84twlLxEQQElk=
=+wjw
-----END PGP SIGNATURE-----