-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 146.0.7680.71-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) <buildd_amd64-x86-conova-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.71-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
     - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3916: Out of bounds read in Web Speech.
       Reported by Grischa Hauser.
     - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
     - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
     - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
     - CVE-2026-3921: Use after free in TextEncoding.
       Reported by Pranamya Keshkamat & Cantina.xyz.
     - CVE-2026-3922: Use after free in MediaStream.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3923: Use after free in WebMIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3924: Use after free in WindowDialog.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3925: Incorrect security UI in LookalikeChecks.
       Reported by NDevTK and Alesandro Ortiz.
     - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
     - CVE-2026-3927: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
     - CVE-2026-3928: Insufficient policy enforcement in Extensions.
       Reported by portsniffer443.
     - CVE-2026-3929: Side-channel information leakage in ResourceTiming.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3930: Unsafe navigation in Navigation.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3932: Insufficient policy enforcement in PDF.
       Reported by Ayato Shitomi.
     - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3935: Incorrect security UI in WebAppInstalls.
       Reported by Barath Stalin K.
     - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
     - CVE-2026-3937: Incorrect security UI in Downloads.
       Reported by Abhishek Kumar.
     - CVE-2026-3938: Insufficient policy enforcement in Clipboard.
       Reported by vicevirus.
     - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
     - CVE-2026-3940: Insufficient policy enforcement in DevTools.
       Reported by Jorian Woltjer, Mian, bug_blitzer.
     - CVE-2026-3941: Insufficient policy enforcement in DevTools.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-3942: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
   * d/rules: update rustc version string for new upstream expectations of
     no spaces.
   * d/patches:
     - upstream/disable-unrar.patch: drop, merged upstream.
     - disable/signin.patch: drop part of the patch. This patch should be
       reviewed in the future and coordinated w/ ungoogled-chromium, since
       it originally came from them.
     - disable/glic.patch: add a bunch more glic removals.
     - disable/license-headless-shell.patch: refresh.
     - disable/unrar.patch: refresh.
     - system/rollup.patch: refresh.
     - bookworm/foreach.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
     - disable/catapult.patch: update to remove some more catapult deps.
     - fixes/force-rust-nightly.patch: drop, no longer needed.
     - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
       flag/feature added to llvm-23.
     - fixes/bytemuck.patch: add rust build fix in bytemuck.
     - llvm-19/clang-19-crash.patch: add build fix; delete code that makes
       clang-19++ crash.
     - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
       issue.
     - loongarch64/0018-fix-study-crash.patch: refresh.
     - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
       refresh.
     - ppc64le/fixes/fix-study-crash.patch: refresh.
     - llvm-19/clone-traits.patch: add patch to remove a static assertion.
     - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
     - upstream/profile.patch: add header inclusion build fix from upstream.
     - trixie/value-or.patch: move to llvm-19/ directory & also add another
       place that clang-19 gets confused during build.
     - rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
     - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
       changes, and added unsafe{} blocks to the macro definitions to shrink
       this patch in the future [trixie, bookworm].
     - fixes/missing-dep.patch: add patch for dependency-related build failure
       that only happens sometimes.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/patches:
     - disable/lint.patch: New patch to disable CSS/JS linting tools.
     - bookworm/node18-compat.patch: New patch to fix various compatibility
       issues with nodejs 18 [bookworm].
     - trixie/gn-len.patch: Zap another instance of len() for older GN
       [trixie, bookworm].
Checksums-Sha1:
 399dbd3399a9ffd13f8419d8bcd04d528e94d871 5198880 chromium-common-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 20b715d1229835b824f3289fcdacb6faecd2d79f 29390956 chromium-common_146.0.7680.71-1~deb12u1_i386.deb
 da551c270a7e911655d0a3a3db4e3a9b45fbe47e 35589276 chromium-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 1f4fc0afc5077b93003cd16111f2cbcb7385153d 7778736 chromium-driver_146.0.7680.71-1~deb12u1_i386.deb
 7d4c161cedaa20d102886ffec2fc038bfa0ea6fc 29509556 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 bf96a2c6510391b5d1d22de6a854457d92574f81 58166248 chromium-headless-shell_146.0.7680.71-1~deb12u1_i386.deb
 833df08d4eaaac330be97ac9899b29e4fa0fbd77 17828 chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 799f5c6569814607dfa95a749af5df4bcaf24cbc 112984 chromium-sandbox_146.0.7680.71-1~deb12u1_i386.deb
 3818b1c756e7144cf2de5e4238cf95d805e9d03b 32292456 chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 f98f136ea14754ea7302a9d1f572ee7b211f76b6 63408364 chromium-shell_146.0.7680.71-1~deb12u1_i386.deb
 59a69c7e2030b128db2861bc80ad38445fd671ee 30369 chromium_146.0.7680.71-1~deb12u1_i386-buildd.buildinfo
 0f3989b0ea5809239cdba21534e3f9e5462b5e5b 75559684 chromium_146.0.7680.71-1~deb12u1_i386.deb
Checksums-Sha256:
 886b9b70ea79d110a62170292f627985a7be167040311bf734850d0dc4d6b0f4 5198880 chromium-common-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 8755ff03b5103e93982e366b53939ccf2b805325991a1e69bb7534284882f355 29390956 chromium-common_146.0.7680.71-1~deb12u1_i386.deb
 fc6692470cdbd93bd65f3c223cbfab53fa306d9c1af11c8565f99dded5b90c8f 35589276 chromium-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 fc7561139a9cc922fa18aa9f8c9b2d690a39abe9b02fc3c6931280728d881449 7778736 chromium-driver_146.0.7680.71-1~deb12u1_i386.deb
 0ebf0e3fe76b27df02e88c6915399b50b4827104bf41a006253a91e55e406c0c 29509556 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 f1cb6d1074c1f3f026da572d87f325ef7e45444ac2f970e5ec4c0e8844b525fa 58166248 chromium-headless-shell_146.0.7680.71-1~deb12u1_i386.deb
 dc48d135cb0da9fa806a831eee2171dbdf51158f73c88e758e46bbed0b9f20fd 17828 chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 2e46aa0d86ed093e2ea782796edb335cd8fefbaced00be56e778adebf7b96177 112984 chromium-sandbox_146.0.7680.71-1~deb12u1_i386.deb
 d83a369cd77fc953d9d65988f74d3f79eddf3a5176840d998948e61e18e3915e 32292456 chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 cc46850eaadcea34751672c86aa96fdad5b10b198e638a2468653b44f896e54c 63408364 chromium-shell_146.0.7680.71-1~deb12u1_i386.deb
 1f98cce884e9738e389e840dcdc3758d2871c867b9ad8196e5adb4ebb73a5362 30369 chromium_146.0.7680.71-1~deb12u1_i386-buildd.buildinfo
 568d640c8cc4720889bf344da6501a410ca9bd39f12c987f77596411701a9d21 75559684 chromium_146.0.7680.71-1~deb12u1_i386.deb
Files:
 cc2d064bcdbb8038fa42f7dfad50cd20 5198880 debug optional chromium-common-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 2e082810ac35bd0a638444804d3063e3 29390956 web optional chromium-common_146.0.7680.71-1~deb12u1_i386.deb
 6fa0038d5ffd0276a38d6c06684b3ceb 35589276 debug optional chromium-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 3a1b4f6f63f7f58109cf33bd87878919 7778736 web optional chromium-driver_146.0.7680.71-1~deb12u1_i386.deb
 875c5984f22beffdbad54f312bae4b08 29509556 debug optional chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 944c17cfa23debc2ca7c228d019dce79 58166248 web optional chromium-headless-shell_146.0.7680.71-1~deb12u1_i386.deb
 3244c3b85b21fcb5341c6d90c63199ac 17828 debug optional chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 0bca4c49856795d1b93c2a988530d743 112984 web optional chromium-sandbox_146.0.7680.71-1~deb12u1_i386.deb
 25ec34903f946c81606b069ae3f0b3a2 32292456 debug optional chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_i386.deb
 21b0d351f1549029b23c28c2aef1d330 63408364 web optional chromium-shell_146.0.7680.71-1~deb12u1_i386.deb
 63b56df2dc779cc92d2e4ba509b69171 30369 web optional chromium_146.0.7680.71-1~deb12u1_i386-buildd.buildinfo
 cd2f387ff935723a4299583001cab0b0 75559684 web optional chromium_146.0.7680.71-1~deb12u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmmzFssACgkQGNGWmfrq
ILHLCw/9En8g/SLlhRZkq97CLETf0bwWmrdzgso8ysx4FBhtFy/Ccaplc82/8Ngo
DRA0PmdnwH3fIMo9aVWn0inC113jjCVCkG5lqoWYrP9gpuJ7kW0KZnvG2JczEVEl
qt0AMMZYMZqvc/DHQ9K9v7Jx/oqpC/hFnr3EiP/39Xxk1ykOhWZWZ28Qm29AQIFy
x/d6+qJlwj2Rh3hcprcbHJK9979nqZoBiZucm0Ms4N+dbfuuSHTDwskNIGRikFua
n6PMSBuPGsz3fkd0ksqVyUVOtwTNCYlpXxIOyZ2ryqwx08CJgtwd3tJKwZeDzBgn
WKOzvJ7Azr63z13NOkP2RUtWKYJJfhsZn+S1vm1ZVm2KcIphEwOZJTKu7Vbe7Wv9
Iwlo2KWfm09qdrMUR7Oc8Y0AxNUUY/K0P2R9o+oIz0aJKETdxuXScGkY8d9Nlff8
KdeCiWa33h54FxxPFH+/Mfejjw4N7o/2uqKac4EaPcGPlNFUFpe3DdD4Nes+hyKw
zCtOtzUhlUrQOBEU39xZZuJIGUez2KT5SrdV9Ru/PJKcWSQScc15LVtVgx6KMcKs
IG7xzKnr1WUYMEqim2iriGokHOUttGcA+xo4JdP8laf1KGqOtusPjUyiYYM+dhe5
HsYDNBZuUC/9565yuT7l0Yz4cnF+ZNh9EW77Vg0f595XyXTjAV8=
=8008
-----END PGP SIGNATURE-----