-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 09 Apr 2026 03:34:02 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 147.0.7727.55-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-05) <buildd_arm64-arm-ubc-05@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1132651
Changes:
 chromium (147.0.7727.55-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-5858: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5859: Integer overflow in WebML. Reported by Anonymous.
     - CVE-2026-5860: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5861: Use after free in V8. Reported by 5shain.
     - CVE-2026-5862: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5863: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse.
     - CVE-2026-5865: Type Confusion in V8.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-5866: Use after free in Media.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse.
     - CVE-2026-5868: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-5869: Heap buffer overflow in WebML.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5870: Integer overflow in Skia. Reported by Google.
     - CVE-2026-5871: Type Confusion in V8. Reported by Google.
     - CVE-2026-5872: Use after free in Blink. Reported by Google.
     - CVE-2026-5873: Out of bounds read and write in V8. Reported by Google.
     - CVE-2026-5874: Use after free in PrivateAI. Reported by Krace.
     - CVE-2026-5875: Policy bypass in Blink.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5876: Side-channel information leakage in Navigation.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-5877: Use after free in Navigation.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2026-5878: Incorrect security UI in Blink.
       Reported by Shaheen Fazim.
     - CVE-2026-5879: Insufficient validation of untrusted input in ANGLE.
       Reported by parkminchan, working for SSD Labs Korea.
     - CVE-2026-5880: Incorrect security UI in browser UI.
     - CVE-2026-5881: Policy bypass in LocalNetworkAccess. Reported by asnine.
     - CVE-2026-5882: Incorrect security UI in Fullscreen.
     - CVE-2026-5883: Use after free in Media. Reported by sherkito.
     - CVE-2026-5884: Insufficient validation of untrusted input in Media.
       Reported by xmzyshypnc.
     - CVE-2026-5885: Insufficient validation of untrusted input in WebML.
       Reported by Bryan Bernhart.
     - CVE-2026-5886: Out of bounds read in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5887: Insufficient validation of untrusted input in Downloads.
       Reported by daffainfo.
     - CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by
       the Octane Security Team: Giovanni Vignone, Paolo Gentry,
       Robert van Eijk.
     - CVE-2026-5889: Cryptographic Flaw in PDFium. Reported by mlafon.
     - CVE-2026-5890: Race in WebCodecs. Reported by Casper Woudenberg.
     - CVE-2026-5891: Insufficient policy enforcement in browser UI.
       Reported by Tianyi Hu.
     - CVE-2026-5892: Insufficient policy enforcement in PWAs.
       Reported by Tianyi Hu.
     - CVE-2026-5893: Race in V8. Reported by QYmag1c.
     - CVE-2026-5894: Inappropriate implementation in PDF.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5895: Incorrect security UI in Omnibox.
       Reported by Renwa Hiwa @RenwaX23.
     - CVE-2026-5896: Policy bypass in Audio.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5897: Incorrect security UI in Downloads.
       Reported by Farras Givari.
     - CVE-2026-5898: Incorrect security UI in Omnibox.
       Reported by saidinahikam032.
     - CVE-2026-5899: Incorrect security UI in History Navigation.
       Reported by Islam Rzayev.
     - CVE-2026-5900: Policy bypass in Downloads.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-5901: Policy bypass in DevTools.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-5902: Race in Media. Reported by Luke Francis.
     - CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands.
     - CVE-2026-5904: Use after free in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-5905: Incorrect security UI in Permissions.
       Reported by daffainfo.
     - CVE-2026-5906: Incorrect security UI in Omnibox.
       Reported by mohamedhesham9173.
     - CVE-2026-5907: Insufficient data validation in Media.
       Reported by Luke Francis.
     - CVE-2026-5908: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5909: Integer overflow in Media.
       Reported by Mohammed Yasar B & Ameen Basha M K.
     - CVE-2026-5910: Integer overflow in Media.
       Reported by Ameen Basha M K & Mohammed Yasar B.
     - CVE-2026-5911: Policy bypass in ServiceWorkers. Reported by lebr0nli
       of National Yang Ming Chiao Tung University, Dept. of CS, Security
       and Systems Lab.
     - CVE-2026-5912: Integer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5913: Out of bounds read in Blink.
       Reported by Vitaly Simonovich.
     - CVE-2026-5914: Type Confusion in CSS. Reported by Syn4pse.
     - CVE-2026-5915: Insufficient validation of untrusted input in WebML.
       Reported by ningxin.hu@intel.com.
     - CVE-2026-5918: Inappropriate implementation in Navigation.
       Reported by Google.
     - CVE-2026-5919: Insufficient validation of untrusted input in WebSockets.
       Reported by Richard Belisle.
   * d/patches:
     - upstream/profile.patch: drop, merged upstream.
     - upstream/fix-boringssl-loong64.patch: drop, merged upstream.
     - debianization/clang-version.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/unrar.patch: drop, merged upstream.
     - trixie/nodejs-set-intersection.patch: update for upstream refactoring.
     - bookworm/clang19.patch: -fno-lifetime-dse is unsupported. Also move
       to llvm-19 directory.
     - ungoogled/disable-ai.patch: sync from ungoogled-chromium project.
       Also re-add code that creates new tab's search bar (closes: #1132651).
     - debianization/safe-libcxx.patch: add a patch to force building with
       libc++'s LIBCPP_HARDENING_MODE turned on. See
       https://issues.chromium.org/issues/485696265 for the
       (security-related) rationale.
     - llvm-19/static-assert.patch: add another chunk of static_assert()
       removals that clang 19 needs.
     - rust-1.85/image.patch: enable nightly features for image_v0.25
       [trixie, bookworm].
     - bookworm/constexpr.patch: update/refresh for renamed file [bookworm].
   * d/rules:
     - drop "enable_glic=false", as upstream now forces their AI on everyone;
       but we strip it out with ungoogled/disable-ai.patch.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - bookworm/gn-absl.patch: Add visibility specifier to absl/crc:crc32,
       and re-sort the patch to keep the edits organized.
     - trixie/gn-len.patch: Refresh.
     - trixie/gn-module-name.patch: New patch to address older GN not knowing
       about the {{cc_module_name}} substitution [trixie, bookworm].
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - third_party/0002-regenerate-xnn-buildgn.patch: refresh for upstream
       changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: regenerate
 .
   [ Jianfeng Liu ]
   * d/patches/loongarch64:
     - 0024-disable-BROTLI_MODEL-macro-for-some-targets.patch: add upstream
       patch to fix brotil on loong64
Checksums-Sha1:
 c758e2ab0bcc815bb455b0d44bf0beb19c7a04cd 5727580 chromium-common-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 4dc148cc8df2cb1e00aa0e3b9342df230450b999 25136276 chromium-common_147.0.7727.55-1~deb12u1_armhf.deb
 d27f379af466ded299ac5a73335d7fc6829ddf9b 35221920 chromium-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 b6f701db2edfe8e1dda9be4f6c1665efc28c6ac0 7170904 chromium-driver_147.0.7727.55-1~deb12u1_armhf.deb
 7048fc9fc5c5b72917b2122f2f049371f9d42db3 27473660 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 57c0f40f824a744cbabdf98d3c8e72c00576fdf9 53974144 chromium-headless-shell_147.0.7727.55-1~deb12u1_armhf.deb
 d8556212260b441835b12b65951155eb11b02ed7 18000 chromium-sandbox-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 7591b74fc4b13d6d7e1760fe3dc91a7047cd5c2d 115408 chromium-sandbox_147.0.7727.55-1~deb12u1_armhf.deb
 e50ff9cb77b458a9d975a7bcfe08daefd49c1815 29806704 chromium-shell-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 d7329d3ebe4baedb925fb90dc2c93d9f3137c652 59008100 chromium-shell_147.0.7727.55-1~deb12u1_armhf.deb
 e0eac2559821f85eb66ce0d556786d152d5eecc3 30262 chromium_147.0.7727.55-1~deb12u1_armhf-buildd.buildinfo
 172056b5ca936c67ff97c2f0aea49d7e7d282017 70727872 chromium_147.0.7727.55-1~deb12u1_armhf.deb
Checksums-Sha256:
 fadee8b9dc9c2a0e4077e3918180e70861167e5db5fba4107a48dfcdb12d9eaa 5727580 chromium-common-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 6712278953045e7ad83a85d678f3e46599e9164694a4affc0fdfaad72238f0c9 25136276 chromium-common_147.0.7727.55-1~deb12u1_armhf.deb
 e9d86259f79734d9777695f35f50bf7fdcd4be3f7aaa7a062b577e884ebe6edc 35221920 chromium-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 20ed7073888344be38a2efee26b131083ec0eddf4af6b4193d8a1b540995785c 7170904 chromium-driver_147.0.7727.55-1~deb12u1_armhf.deb
 1db71405049ef5d66ceb80218baa3742c002ba670524a9c6d63cdea6ead5743b 27473660 chromium-headless-shell-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 abc4a3cc00cc7aad145f44559dc92e790e69ae97288aab379778e65e1485fa6d 53974144 chromium-headless-shell_147.0.7727.55-1~deb12u1_armhf.deb
 c29245726619d18ad2b895942479f1a57c125a5a3a05977107707411a01cba5c 18000 chromium-sandbox-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 be9b2072f98fb9aa7a4f9272d9ccb4f9500f2ff0012d4285f52e58d2cbf73a3d 115408 chromium-sandbox_147.0.7727.55-1~deb12u1_armhf.deb
 8fcdbf7188221da85a340480c0fa7013e7eef58731fe15f4b2482f053868d29f 29806704 chromium-shell-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 4d7894893a3e5458304f06c925bad1b2d8456bedcaa589ccfeb9d879787d8614 59008100 chromium-shell_147.0.7727.55-1~deb12u1_armhf.deb
 6acd148d67b53efd1c0e30977805cf06ae452c003a3ddeb2b57b9d8c87de7133 30262 chromium_147.0.7727.55-1~deb12u1_armhf-buildd.buildinfo
 66dfd3535432fd33fb4f5c6ae1843f33d8c9aa144e77dd082ee8eaf85457ebac 70727872 chromium_147.0.7727.55-1~deb12u1_armhf.deb
Files:
 0399e941e09c9e8c40264b5238b6117d 5727580 debug optional chromium-common-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 9a2f2fe0541d3b354d18188ce16de3b8 25136276 web optional chromium-common_147.0.7727.55-1~deb12u1_armhf.deb
 091129939510153ea34da071871ea817 35221920 debug optional chromium-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 171191066cd8004fadcfc7fb06d99ec6 7170904 web optional chromium-driver_147.0.7727.55-1~deb12u1_armhf.deb
 12207b4f48917d9a4bf86400c31a9c8b 27473660 debug optional chromium-headless-shell-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 ed4c1e4a5232b532895a6c3db126a46a 53974144 web optional chromium-headless-shell_147.0.7727.55-1~deb12u1_armhf.deb
 84d159e06402173fb2cd263ae6d61c1a 18000 debug optional chromium-sandbox-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 0b57f3ab5f9080a36624907d0b37855c 115408 web optional chromium-sandbox_147.0.7727.55-1~deb12u1_armhf.deb
 9c247b35706cc0a7820b08a1af0e6029 29806704 debug optional chromium-shell-dbgsym_147.0.7727.55-1~deb12u1_armhf.deb
 53fcc3e5192ce080e7b3cffacb7a2864 59008100 web optional chromium-shell_147.0.7727.55-1~deb12u1_armhf.deb
 6b276b33208dda1fe00a426320b9464e 30262 web optional chromium_147.0.7727.55-1~deb12u1_armhf-buildd.buildinfo
 2c7697601ea87294729c00fb55c2fe89 70727872 web optional chromium_147.0.7727.55-1~deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAmnY7nUACgkQLRECdjCZ
QkcHrA//VtQclXEACTTwmWoxQ8YyHH2cYf2YCkcSJsC4c8Va1qJKjVfcLNOk7BNv
uFGSsrYceTQUL5LkYjjBmA8JWVWQrGYWCBv3nWXSqSrtzH2u8ybo/E8bidnSifR6
1cPVZHaUMuIyuVqlLg35wX74bcKPpx4pwl73JmlVGpyrrgISg2PXVG6tdox/9k/C
WRTRnEAQOl9l4uu/4iBiM7fO3UA2saWXYGo35WZYyUexgvOGBJtE/nDWCcIjzyfe
MIRoNo+J0mgbgq1PC+E3a/rgRHeJj2Sa7lUBAyjSlCyDOYZjpusR7myyevlTkbE+
e4K3h9s77+I24HyHNMi3v1TAgKdpm5QP2XeSnKQRIX3JsEE5ivl6rTOGaSzKH5xI
xjR4kLDyytQN+lhIEXKGIQuiZXlcEwN2d8ewHcEylWG36J9a1fp2HKg9SKObNnsp
u1TS45nLSZt+ViG200A1we+3yRaMnB62BwoaFCcSzzZicau9GQkpzF/sD/Bh6lJ+
OYbHpG8z3ckeoou38LA7/5GnUMKpdoS6AmgDsebfF9IeFf9tCpBhWAsSAgHf+nLH
jOxuntCU4VWs0Nmrq7n6IWyNG8jgMfLObIR2f2EiXG8tJuzHmsL1MsHQxdouTK3E
Y7T7HxVKElzWm5r2qz6B9B7dwbQ3z+tUT/mYyruOKnuI9zlK5zA=
=7IPF
-----END PGP SIGNATURE-----