-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 19:35:31 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: ppc64el
Version: 146.0.7680.153-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-conova-02) <buildd_ppc64el-ppc64el-conova-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Closes: 1130569
Changes:
 chromium (146.0.7680.153-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-4439: Out of bounds memory access in WebGL.
       Reported by Goodluck.
     - CVE-2026-4440: Out of bounds read and write in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4441: Use after free in Base. Reported by Google.
     - CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse.
     - CVE-2026-4443: Heap buffer overflow in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4444: Stack buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4445: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4446: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge.
     - CVE-2026-4448: Heap buffer overflow in ANGLE.
       Reported by M. Fauzan Wijaya (Gh05t666nero).
     - CVE-2026-4449: Use after free in Blink. Reported by Syn4pse.
     - CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c.
     - CVE-2026-4451: Insufficient validation of untrusted input in
       Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip.
     - CVE-2026-4454: Use after free in Network.
       Reported by heapracer (@heapracer).
     - CVE-2026-4455: Heap buffer overflow in PDFium.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4456: Use after free in Digital Credentials API.
       Reported by sean wong.
     - CVE-2026-4457: Type Confusion in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim.
     - CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by
       Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern)
     - CVE-2026-4460: Out of bounds read in Skia.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4461: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-4462: Out of bounds read in Blink.
       Reported by heapracer (@heapracer).
     - CVE-2026-4463: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun.
   * d/patches/disable/glic.patch: refresh for upstream tab nudging changes
 .
   [ Jianfeng Liu ]
   * add upstreamed patch of boringssl to fix loong64 build (closes: #1130569)
Checksums-Sha1:
 f4c808bf5a9befc00c46c974443840549afa87b6 6002060 chromium-common-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 6ba8390dbd0d6d62cfa2ede8c1d02fdf645cbfd6 36268404 chromium-common_146.0.7680.153-1~deb12u1_ppc64el.deb
 ca2861dcc18908f5b81e6524da8b414a0996d073 31697692 chromium-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 6cada1fec4184ba95c9941781818b110b51f0b9d 7654564 chromium-driver_146.0.7680.153-1~deb12u1_ppc64el.deb
 d1342afb6a55e0a3658335826327832d41ba5061 25305704 chromium-headless-shell-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 e3b169a5c11cb0668ce1ef397270cde7f91a0160 55533800 chromium-headless-shell_146.0.7680.153-1~deb12u1_ppc64el.deb
 f288c1257d1f00b9a85e349d31972c88b516ae5a 19244 chromium-sandbox-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 15ac45021e059d018b0cbf8d562f9170740d6998 113604 chromium-sandbox_146.0.7680.153-1~deb12u1_ppc64el.deb
 635e96a0db7b601acc37ca72d319de5fc1f3950e 27395892 chromium-shell-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 0f223d64520a70ab520aff71f82db10a499933cb 60487148 chromium-shell_146.0.7680.153-1~deb12u1_ppc64el.deb
 352bd20b2b90fb7d43d0665ffb4d5a3d22a24b47 30333 chromium_146.0.7680.153-1~deb12u1_ppc64el-buildd.buildinfo
 486b3e0ed13785a6034f5756b54da5e70eb21c43 72468180 chromium_146.0.7680.153-1~deb12u1_ppc64el.deb
Checksums-Sha256:
 29b02d27ac68857a7071a1fed17c4452a72ed6bf93f3035b507f3ff7e5a45190 6002060 chromium-common-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 0afe9c5d91a523ac43f68dfa1397925b21937fe53c0943adfabb4f52542e3ba4 36268404 chromium-common_146.0.7680.153-1~deb12u1_ppc64el.deb
 7e809584fc38cdf1d3a2c8ac9a1662626781b41ec0311597277bf921087f1616 31697692 chromium-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 6b4ef63e61042b6be10a6ed101e0ea632e83074702014de7aa73fb93689d75f8 7654564 chromium-driver_146.0.7680.153-1~deb12u1_ppc64el.deb
 1584f43de5fff37a71a9415457b47a5a72bdc2b37e540b64a5b41e6e2aef07b1 25305704 chromium-headless-shell-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 ca8ce2df0b909aab807fdd943b080364e7c4fb5fcbb45beccc90cabb2a098499 55533800 chromium-headless-shell_146.0.7680.153-1~deb12u1_ppc64el.deb
 27b97f1211dfb21b3c646d94503208fbd130d9c653832247560d3ba8335ecdfb 19244 chromium-sandbox-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 bfac01ff95fbb43c82be59c644a80936bbc6ab3ec3197e28f579d6cf2a49502d 113604 chromium-sandbox_146.0.7680.153-1~deb12u1_ppc64el.deb
 da67561795a7cd93ca5b51beea37070ac1deb6f016c2e436cd6c9591984b9ef9 27395892 chromium-shell-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 59019820a9729ffdb13343ec5b484ffd70fd3ca0e02d0773374214b16b4b2e94 60487148 chromium-shell_146.0.7680.153-1~deb12u1_ppc64el.deb
 b5d5e55ff55a0572c95f2cc0a51a7addd7063181a8d3845d1c0b526acc74ed9b 30333 chromium_146.0.7680.153-1~deb12u1_ppc64el-buildd.buildinfo
 16bc18f3263b974a81a5d4fc305a2f2c047e689e79ed623622bc2485c274d95b 72468180 chromium_146.0.7680.153-1~deb12u1_ppc64el.deb
Files:
 b2d8f85f053204513b2a0b5e81c53b73 6002060 debug optional chromium-common-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 2ff551a79de0174a10a8c89c805457c5 36268404 web optional chromium-common_146.0.7680.153-1~deb12u1_ppc64el.deb
 98624b999b55c866cee84e36540dd956 31697692 debug optional chromium-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 35ef52f35afc482fc44f2091fb67df9e 7654564 web optional chromium-driver_146.0.7680.153-1~deb12u1_ppc64el.deb
 85a5018dc57309e905edd97ee61bf58c 25305704 debug optional chromium-headless-shell-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 7c86172ab166aa3c35f5e6e68017456a 55533800 web optional chromium-headless-shell_146.0.7680.153-1~deb12u1_ppc64el.deb
 59de4c8435ab994b4ad374744fcc6e98 19244 debug optional chromium-sandbox-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 931d31712388efc500e754f7d3b35e49 113604 web optional chromium-sandbox_146.0.7680.153-1~deb12u1_ppc64el.deb
 343697f050ec078105f06b89157f0a02 27395892 debug optional chromium-shell-dbgsym_146.0.7680.153-1~deb12u1_ppc64el.deb
 c52227eb95df7dc81683ff345129113f 60487148 web optional chromium-shell_146.0.7680.153-1~deb12u1_ppc64el.deb
 c83d7ce418772f0d5ae8d11e9107ba1c 30333 web optional chromium_146.0.7680.153-1~deb12u1_ppc64el-buildd.buildinfo
 8d4f5538c3718ab4505f0becaa33a9e2 72468180 web optional chromium_146.0.7680.153-1~deb12u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEySUEQfg5pZeb/U372FRWNm40e2YFAmm9nfgACgkQ2FRWNm40
e2btXxAAl7Fyqf2sywU2HELWZj0IJTs/MWz4nTq0WfwKkbseNdv5kK+97jjmoV1l
XJTGVVo37OeWx6k/ousncGrVgw019DrfxNGwm7mrpJi8IELl/Y2NLk+DqA2CDt3R
7CE5HoBfz+viGRMeIwncK0YZiEONKHUPoGlrQ/fmrdRpcZFURdHbuppdw6/j7Ho0
14LUfVjKGB8hWrajSncoaN6mPOa7Rx79FlZvgrL7h56IQW/0zZ+KBiI8+UGvwSQL
lqPJ6YLaCxOV/QmF3wZrg6fK7NNnXpQ4+KXKdC4Ka5SRz+GwcFveeu2m2rimge/w
RanDplUAnhVGdzuIvBgWrFSWEshazKa9YBlZA9echtZC4bcWvhrG7u1B0yGvzEB6
+V0UxqaBbQNQsQq5Gt4SbZew9BvJGTwdWmLufYMerb3ZxkSdiF+sY63JfNqcVncj
t33GlX0vScH+GmIGGF4Aam490nLoxHPYYESgrHmgXdlCx0UdhqfRfUT2Z0BsTNWR
8MZ5CShKB9HoVuBP1+VaKgQ6IkVhX2bYyjc7t2l7yzEYxEfMc8JkIAxXPZC9o+Qk
40sY35FLrJ+16jZivzybQtOHP4oTWAmdizH2LFy/CLdzRrHWupA/57hI3FilFMug
mbuNBb5iumc04/snsMQ6M4F1PMPM4Kg1ws9Dcs6c4fbdMB3VRKo=
=fvMU
-----END PGP SIGNATURE-----