-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 15 Apr 2026 15:06:40 -0400
Source: chromium
Architecture: source
Version: 147.0.7727.101-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (147.0.7727.101-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-6297: Use after free in Proxy. Reported by heapracer.
     - CVE-2026-6298: Heap buffer overflow in Skia.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6299: Use after free in Prerender. Reported by Google.
     - CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong
       (Compsec Lab, Seoul National University / Research Intern).
     - CVE-2026-6359: Use after free in Video.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6300: Use after free in CSS.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c.
     - CVE-2026-6302: Use after free in Video. Reported by Syn4pse.
     - CVE-2026-6303: Use after free in Codecs. Reported by Google.
     - CVE-2026-6304: Use after free in Graphite. Reported by Google.
     - CVE-2026-6305: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6306: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6307: Type Confusion in Turbofan.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-6308: Out of bounds read in Media. Reported by Google.
     - CVE-2026-6309: Use after free in Viz. Reported by Google.
     - CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam.
     - CVE-2026-6310: Use after free in Dawn. Reported by Google.
     - CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google.
     - CVE-2026-6312: Insufficient policy enforcement in Passwords.
       Reported by Google.
     - CVE-2026-6313: Insufficient policy enforcement in CORS.
       Reported by Google.
     - CVE-2026-6314: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-6315: Use after free in Permissions. Reported by Google.
     - CVE-2026-6316: Use after free in Forms. Reported by Google.
     - CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google.
     - CVE-2026-6362: Use after free in Codecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6317: Use after free in Cast. Reported by Google.
     - CVE-2026-6363: Type Confusion in V8. Reported by Google.
     - CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse.
     - CVE-2026-6319: Use after free in Payments. Reported by pwn2addr.
     - CVE-2026-6364: Out of bounds read in Skia.
       Reported by Google Threat Intelligence.
Checksums-Sha1:
 98d76f8089bf0b90348c15cbb379e9653e451956 4099 chromium_147.0.7727.101-1~deb13u1.dsc
 2f133fb4049b05eeab070e56b6d670f49866d163 787354268 chromium_147.0.7727.101.orig.tar.xz
 c07bdc0116d0e91870ced045fd791a1928826ca7 479672 chromium_147.0.7727.101-1~deb13u1.debian.tar.xz
 e58eb1efbbde54e14269f67bf7388ee99843446d 26835 chromium_147.0.7727.101-1~deb13u1_source.buildinfo
Checksums-Sha256:
 7c571964b5ed50a511a420bd89c9a267f73ebaf99ed857c99b9a3aedd8c36eb2 4099 chromium_147.0.7727.101-1~deb13u1.dsc
 d4a5f648100232a67b3134a1fa6f6d1d8a07cc4c55b024480073b40c47b2a601 787354268 chromium_147.0.7727.101.orig.tar.xz
 98498ac9e7115a03a438eac92929dde1bab4444a3ce20bf0c483832a4c668537 479672 chromium_147.0.7727.101-1~deb13u1.debian.tar.xz
 56e248de681a27645ee76b0959f4f75363ef7a97b02b010382c88d27ebd79e33 26835 chromium_147.0.7727.101-1~deb13u1_source.buildinfo
Files:
 c6431a1eb681aac0d7110edbdebe3d64 4099 web optional chromium_147.0.7727.101-1~deb13u1.dsc
 5c9b63091abd778aab7216de4cf30f30 787354268 web optional chromium_147.0.7727.101.orig.tar.xz
 3479ad47700b4e997f41b1054dddf0a4 479672 web optional chromium_147.0.7727.101-1~deb13u1.debian.tar.xz
 074ef7cfe996cf9bcffc5592d9f59418 26835 web optional chromium_147.0.7727.101-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmng/KAUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfH5BAAtQ3S4kFr03lwLrTYYciULoYFVO3o
sLrpHaeNGSNAOhSzvO7oMNACUjGdi0M85YzBBjCaxI1gRgx26QWCXt3PPedt7n7a
CMajXrtKuC73rmZu1NuFRP72dfyftGdaKALaWTqGlCcOZPU1WmA9ZNgWNwj2bHAC
hA28j9c51Wk1R5i6uyA+aHq/CZkZbs8eHMyqXu6+2CqMkCMdyGSXAk0QNA/jj02a
Jo+gytEZaUk6AZV84N+vjDrdPUGzNHj84mqKuadv971SiF4MY5go7+3WDvYr2jtg
vJaBKvlIt5C3APVtSmjwpO+6Dlr7BENskeFA2ghsAx9UkE2ZdPgjz34oS4zi+5ki
BG/D68iB7gbZZQelUB9ot07AYl/LHJK/ebnCssLaOy82UDfz/VngxNRUQ1p9t64N
8TAiiX53ZOCigmw80ErNiJhnuY/jW2Lf0nYA5xyt6dXXJb24Lk8B1PdghErxlq1k
9sIcG8vddN7e/msp7tp0SoOoYISqFPAIcbvo1op2OB+LsNrKyCQpuEKJQ1bpvRSo
0NgW9gWA1HO7LmhdmY7QQgzS6GzqJB3KUFxbSEcaizhZDpKQWgsTclONZW0/d0HJ
7St4wAddlZ1b5jsp1JjO9pdS1R/aFC/6VVer1EZzL0BBTc5MF1xdVnl1EaTFunp4
JycbNg8pvNOAI1w=
=3mJ2
-----END PGP SIGNATURE-----