-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 09 Apr 2026 03:34:02 -0400 Source: chromium Architecture: source Version: 147.0.7727.55-1~deb13u1 Distribution: trixie-security Urgency: high Maintainer: Debian Chromium Team Changed-By: Andres Salomon Closes: 1132651 Changes: chromium (147.0.7727.55-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-5858: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5859: Integer overflow in WebML. Reported by Anonymous. - CVE-2026-5860: Use after free in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5861: Use after free in V8. Reported by 5shain. - CVE-2026-5862: Inappropriate implementation in V8. Reported by Google. - CVE-2026-5863: Inappropriate implementation in V8. Reported by Google. - CVE-2026-5864: Heap buffer overflow in WebAudio. Reported by Syn4pse. - CVE-2026-5865: Type Confusion in V8. Reported by Project WhatForLunch (@pjwhatforlunch). - CVE-2026-5866: Use after free in Media. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5867: Heap buffer overflow in WebML. Reported by Syn4pse. - CVE-2026-5868: Heap buffer overflow in ANGLE. Reported by cinzinga. - CVE-2026-5869: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5870: Integer overflow in Skia. Reported by Google. - CVE-2026-5871: Type Confusion in V8. Reported by Google. - CVE-2026-5872: Use after free in Blink. Reported by Google. - CVE-2026-5873: Out of bounds read and write in V8. Reported by Google. - CVE-2026-5874: Use after free in PrivateAI. Reported by Krace. - CVE-2026-5875: Policy bypass in Blink. Reported by Lyra Rebane (rebane2001). - CVE-2026-5876: Side-channel information leakage in Navigation. Reported by Lyra Rebane (rebane2001). - CVE-2026-5877: Use after free in Navigation. Reported by Cassidy Kim(@cassidy6564). - CVE-2026-5878: Incorrect security UI in Blink. Reported by Shaheen Fazim. - CVE-2026-5879: Insufficient validation of untrusted input in ANGLE. Reported by parkminchan, working for SSD Labs Korea. - CVE-2026-5880: Incorrect security UI in browser UI. - CVE-2026-5881: Policy bypass in LocalNetworkAccess. Reported by asnine. - CVE-2026-5882: Incorrect security UI in Fullscreen. - CVE-2026-5883: Use after free in Media. Reported by sherkito. - CVE-2026-5884: Insufficient validation of untrusted input in Media. Reported by xmzyshypnc. - CVE-2026-5885: Insufficient validation of untrusted input in WebML. Reported by Bryan Bernhart. - CVE-2026-5886: Out of bounds read in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5887: Insufficient validation of untrusted input in Downloads. Reported by daffainfo. - CVE-2026-5888: Uninitialized Use in WebCodecs. Reported by Identified by the Octane Security Team: Giovanni Vignone, Paolo Gentry, Robert van Eijk. - CVE-2026-5889: Cryptographic Flaw in PDFium. Reported by mlafon. - CVE-2026-5890: Race in WebCodecs. Reported by Casper Woudenberg. - CVE-2026-5891: Insufficient policy enforcement in browser UI. Reported by Tianyi Hu. - CVE-2026-5892: Insufficient policy enforcement in PWAs. Reported by Tianyi Hu. - CVE-2026-5893: Race in V8. Reported by QYmag1c. - CVE-2026-5894: Inappropriate implementation in PDF. Reported by Povcfe of Tencent Security Xuanwu Lab. - CVE-2026-5895: Incorrect security UI in Omnibox. Reported by Renwa Hiwa @RenwaX23. - CVE-2026-5896: Policy bypass in Audio. Reported by Luan Herrera (@lbherrera_). - CVE-2026-5897: Incorrect security UI in Downloads. Reported by Farras Givari. - CVE-2026-5898: Incorrect security UI in Omnibox. Reported by saidinahikam032. - CVE-2026-5899: Incorrect security UI in History Navigation. Reported by Islam Rzayev. - CVE-2026-5900: Policy bypass in Downloads. Reported by Luan Herrera (@lbherrera_). - CVE-2026-5901: Policy bypass in DevTools. Reported by Povcfe of Tencent Security Xuanwu Lab. - CVE-2026-5902: Race in Media. Reported by Luke Francis. - CVE-2026-5903: Policy bypass in IFrameSandbox. Reported by @Ciarands. - CVE-2026-5904: Use after free in V8. Reported by Zhenpeng (Leo) Lin at depthfirst. - CVE-2026-5905: Incorrect security UI in Permissions. Reported by daffainfo. - CVE-2026-5906: Incorrect security UI in Omnibox. Reported by mohamedhesham9173. - CVE-2026-5907: Insufficient data validation in Media. Reported by Luke Francis. - CVE-2026-5908: Integer overflow in Media. Reported by Ameen Basha M K & Mohammed Yasar B. - CVE-2026-5909: Integer overflow in Media. Reported by Mohammed Yasar B & Ameen Basha M K. - CVE-2026-5910: Integer overflow in Media. Reported by Ameen Basha M K & Mohammed Yasar B. - CVE-2026-5911: Policy bypass in ServiceWorkers. Reported by lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS, Security and Systems Lab. - CVE-2026-5912: Integer overflow in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-5913: Out of bounds read in Blink. Reported by Vitaly Simonovich. - CVE-2026-5914: Type Confusion in CSS. Reported by Syn4pse. - CVE-2026-5915: Insufficient validation of untrusted input in WebML. Reported by ningxin.hu@intel.com. - CVE-2026-5918: Inappropriate implementation in Navigation. Reported by Google. - CVE-2026-5919: Insufficient validation of untrusted input in WebSockets. Reported by Richard Belisle. * d/patches: - upstream/profile.patch: drop, merged upstream. - upstream/fix-boringssl-loong64.patch: drop, merged upstream. - debianization/clang-version.patch: refresh. - disable/signin.patch: refresh. - disable/catapult.patch: refresh. - disable/unrar.patch: drop, merged upstream. - trixie/nodejs-set-intersection.patch: update for upstream refactoring. - bookworm/clang19.patch: -fno-lifetime-dse is unsupported. Also move to llvm-19 directory. - ungoogled/disable-ai.patch: sync from ungoogled-chromium project. Also re-add code that creates new tab's search bar (closes: #1132651). - debianization/safe-libcxx.patch: add a patch to force building with libc++'s LIBCPP_HARDENING_MODE turned on. See https://issues.chromium.org/issues/485696265 for the (security-related) rationale. - llvm-19/static-assert.patch: add another chunk of static_assert() removals that clang 19 needs. - rust-1.85/image.patch: enable nightly features for image_v0.25 [trixie, bookworm]. - bookworm/constexpr.patch: update/refresh for renamed file [bookworm]. * d/rules: - drop "enable_glic=false", as upstream now forces their AI on everyone; but we strip it out with ungoogled/disable-ai.patch. . [ Daniel Richard G. ] * d/patches: - bookworm/gn-absl.patch: Add visibility specifier to absl/crc:crc32, and re-sort the patch to keep the edits organized. - trixie/gn-len.patch: Refresh. - trixie/gn-module-name.patch: New patch to address older GN not knowing about the {{cc_module_name}} substitution [trixie, bookworm]. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: regenerate . [ Jianfeng Liu ] * d/patches/loongarch64: - 0024-disable-BROTLI_MODEL-macro-for-some-targets.patch: add upstream patch to fix brotil on loong64 Checksums-Sha1: 97a98ca900040b64d791b2bb1378e0b7ad317d83 4092 chromium_147.0.7727.55-1~deb13u1.dsc e3c79ac96fbb326aa4b304fbe7727ca0e80f6f9b 790744280 chromium_147.0.7727.55.orig.tar.xz 8c9d567f2b76a7cb092ddb603dec74befb98f4dc 479296 chromium_147.0.7727.55-1~deb13u1.debian.tar.xz c8d80ed0caa77692ef8a6d4cd0f2608e404443c7 26831 chromium_147.0.7727.55-1~deb13u1_source.buildinfo Checksums-Sha256: 4f0cdb83b093c2dac7e00c8299c3db58964adbb255efc6bb8ae189c240b67de3 4092 chromium_147.0.7727.55-1~deb13u1.dsc dc70bd5309c46c4e6ebcb040d41c14335c177cf73c9cdded2319506b2f3689ba 790744280 chromium_147.0.7727.55.orig.tar.xz 55f65221227bab0c2902ea4df6aa53417397a3f684907fd2824b1a17aeb46f29 479296 chromium_147.0.7727.55-1~deb13u1.debian.tar.xz c1b6518196d9851e5169385faa9442e857a0e278bca94268b865c79e93573b6a 26831 chromium_147.0.7727.55-1~deb13u1_source.buildinfo Files: 9f0f272d87f85a160c7e267eeb01ee64 4092 web optional chromium_147.0.7727.55-1~deb13u1.dsc 065046e90698275a229e560c6318b27d 790744280 web optional chromium_147.0.7727.55.orig.tar.xz b1a425cfe41b758339576ae877f54f8c 479296 web optional chromium_147.0.7727.55-1~deb13u1.debian.tar.xz 4b76504d39cfc4fbdc18e892614d8f78 26831 web optional chromium_147.0.7727.55-1~deb13u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmnX880UHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjeEDxAAkciMGy6CCTA6MWPYH9OuRmZ2WpjY kG1vdUVPG6BK76KZUbKje13zTh7tO/dgPS1EdWOi7NtJobVPXuYHN5UAT7qvPsub ogklJpQGEBA2VZwN+5D1Owyg5DoTnSR0tZmwOfYl/JnYlWW19n8mS9AYkMuB4FOG kPOK7KarmKOoL3Zg/a5HnarssK/HSxiZ46e7s9d2rwGd6PZYwDQi95zMfscPv1h0 EwoujGodMv5nZONCmcYp0cDZYxQYogkHRnunth1ab8gx5BPXCWlkiy1kbiZRGsVA apjiF7/DLNqAo+QyDLK9qyCT+vm4E2Kn27JoRapuffNkSxVHbaGp4haFXXvVLF1O irKvq/mdxcRaxYlVclzRzhLn8HiRxReRvAw1xK1QfIIPKI64VlpQ7QEX3FzuK0dE CuxqdGlqBXaQc0AoR2/0QgvcN+qDcQRpTd+igzJGvtDe5+KkEhh7bv/mA1bfoLCy ZPqr9d0OoUQjeN6W0YwV83usuG+KQHn+4wkykN2CnDKChpLQejvb9WXzDiXIdQ7G 1GMVuC9zEt29fCtVl1mBesbTlpGLFEBlf7J30tcQfBe5QDnLp9/ny11xwyLuc0bi srmqVRYUANb0n7TRLe5Ptis6T9nyJaNSfH01csr8bt90iowBSuhY0iuTPLBHVoYR N9zM6Ie+yhOR8PM= =bGLv -----END PGP SIGNATURE-----