-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 146.0.7680.71-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-02) <buildd_arm64-arm-ubc-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.71-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
     - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3916: Out of bounds read in Web Speech.
       Reported by Grischa Hauser.
     - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
     - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
     - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
     - CVE-2026-3921: Use after free in TextEncoding.
       Reported by Pranamya Keshkamat & Cantina.xyz.
     - CVE-2026-3922: Use after free in MediaStream.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3923: Use after free in WebMIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3924: Use after free in WindowDialog.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3925: Incorrect security UI in LookalikeChecks.
       Reported by NDevTK and Alesandro Ortiz.
     - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
     - CVE-2026-3927: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
     - CVE-2026-3928: Insufficient policy enforcement in Extensions.
       Reported by portsniffer443.
     - CVE-2026-3929: Side-channel information leakage in ResourceTiming.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3930: Unsafe navigation in Navigation.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3932: Insufficient policy enforcement in PDF.
       Reported by Ayato Shitomi.
     - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3935: Incorrect security UI in WebAppInstalls.
       Reported by Barath Stalin K.
     - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
     - CVE-2026-3937: Incorrect security UI in Downloads.
       Reported by Abhishek Kumar.
     - CVE-2026-3938: Insufficient policy enforcement in Clipboard.
       Reported by vicevirus.
     - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
     - CVE-2026-3940: Insufficient policy enforcement in DevTools.
       Reported by Jorian Woltjer, Mian, bug_blitzer.
     - CVE-2026-3941: Insufficient policy enforcement in DevTools.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-3942: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
   * d/rules: update rustc version string for new upstream expectations of
     no spaces.
   * d/patches:
     - upstream/disable-unrar.patch: drop, merged upstream.
     - disable/signin.patch: drop part of the patch. This patch should be
       reviewed in the future and coordinated w/ ungoogled-chromium, since
       it originally came from them.
     - disable/glic.patch: add a bunch more glic removals.
     - disable/license-headless-shell.patch: refresh.
     - disable/unrar.patch: refresh.
     - system/rollup.patch: refresh.
     - bookworm/foreach.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
     - disable/catapult.patch: update to remove some more catapult deps.
     - fixes/force-rust-nightly.patch: drop, no longer needed.
     - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
       flag/feature added to llvm-23.
     - fixes/bytemuck.patch: add rust build fix in bytemuck.
     - llvm-19/clang-19-crash.patch: add build fix; delete code that makes
       clang-19++ crash.
     - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
       issue.
     - loongarch64/0018-fix-study-crash.patch: refresh.
     - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
       refresh.
     - ppc64le/fixes/fix-study-crash.patch: refresh.
     - llvm-19/clone-traits.patch: add patch to remove a static assertion.
     - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
     - upstream/profile.patch: add header inclusion build fix from upstream.
     - trixie/value-or.patch: move to llvm-19/ directory & also add another
       place that clang-19 gets confused during build.
     - rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
     - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
       changes, and added unsafe{} blocks to the macro definitions to shrink
       this patch in the future [trixie, bookworm].
     - fixes/missing-dep.patch: add patch for dependency-related build failure
       that only happens sometimes.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/patches:
     - disable/lint.patch: New patch to disable CSS/JS linting tools.
     - bookworm/node18-compat.patch: New patch to fix various compatibility
       issues with nodejs 18 [bookworm].
     - trixie/gn-len.patch: Zap another instance of len() for older GN
       [trixie, bookworm].
Checksums-Sha1:
 5a42b9184d19d656987b7773cdb971291b25c70d 5577496 chromium-common-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 b6f2cf71c4bad86cdec8972a727916b8777efb27 29180164 chromium-common_146.0.7680.71-1~deb12u1_armhf.deb
 5309d561d1369450a1f01a781f9507eee7eb340e 34874444 chromium-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 c3bce4fb97ccad0e1505cde4c0b2c61c2e951669 7100884 chromium-driver_146.0.7680.71-1~deb12u1_armhf.deb
 a1247afcb0fdaeee8cb7d471379fcb7c647c6f25 27329488 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 4b1c4af3e0148c3d1d383769f16a6028531ac999 53506188 chromium-headless-shell_146.0.7680.71-1~deb12u1_armhf.deb
 2595eced56447b4a09a859e40b8b30d717cf801b 18004 chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 e82e4c47c9a45f7e9f1a93152bb2721050935cf1 112732 chromium-sandbox_146.0.7680.71-1~deb12u1_armhf.deb
 26405fde59af6560dd9c27a4cb2371967142181d 29643552 chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 7b22052625eda47f8e891c9f9e36d004138ab181 58436296 chromium-shell_146.0.7680.71-1~deb12u1_armhf.deb
 b64b73c3a52156244baac4abc764ef0c1378591c 30262 chromium_146.0.7680.71-1~deb12u1_armhf-buildd.buildinfo
 5c640129be9e4c691b8041e71cd04472a4f83aa9 69756984 chromium_146.0.7680.71-1~deb12u1_armhf.deb
Checksums-Sha256:
 3e9b2663b22ea356250452e83f570ea488b61c16f91a20f5a7898500dc39415a 5577496 chromium-common-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 c5f738f29616267ffc942d48dd4160f403d274e714d41575ed1c66b278847043 29180164 chromium-common_146.0.7680.71-1~deb12u1_armhf.deb
 de6a07c6c40cfe55987ba253dd51ffa3709b0fb83bcf93cb9c3ae2f5e6ed1293 34874444 chromium-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 ccb8479462bbb21b897d94e6e731a82cff065502cdb7607eb7222dd2e3cdc35f 7100884 chromium-driver_146.0.7680.71-1~deb12u1_armhf.deb
 2e2f54ac56d6083299b9c02773cc875b4cf62b3d7f667106f84b5fde0699a0f1 27329488 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 c26f392d868652039172833cfe88bf10f8c7abd727f36b34bf62c3ece964b18d 53506188 chromium-headless-shell_146.0.7680.71-1~deb12u1_armhf.deb
 5ea5dbb8d513d74be166a43a23da9640375ee8cf0ca27c40558b5e0b5da7147e 18004 chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 10dc32df3c9a1f0efaa22c1e85e6fc26fdbbf7e10fc770c08716e7c7980af5f9 112732 chromium-sandbox_146.0.7680.71-1~deb12u1_armhf.deb
 6e25968e33a07cf384dd88a14eaba71f05be82d435c97b319b5c906c36475eeb 29643552 chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 3aa8eabcbef9e7277f47d2e0b5b9750ac1c8b753b048cc2acedd9f413d0125e5 58436296 chromium-shell_146.0.7680.71-1~deb12u1_armhf.deb
 0fce3128cb7f5a1e4b4e15257e6e6144384c3f92e597f2a4e360b053da3f430e 30262 chromium_146.0.7680.71-1~deb12u1_armhf-buildd.buildinfo
 dbc2311bfbc629f941dfca7df6b834f44dab5649c34e8446a37aa3e14fbba3b4 69756984 chromium_146.0.7680.71-1~deb12u1_armhf.deb
Files:
 d6af64d8154806bade54856ab122c834 5577496 debug optional chromium-common-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 496d1f304e02d2ea8ad2fc47bfc339ce 29180164 web optional chromium-common_146.0.7680.71-1~deb12u1_armhf.deb
 0695b8a13f3c75c80ca193e7783992cb 34874444 debug optional chromium-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 2440ddb44fb8b11ea1a53d9673b556af 7100884 web optional chromium-driver_146.0.7680.71-1~deb12u1_armhf.deb
 6c3a85c7654d5d6cb1f0a784d400f8a5 27329488 debug optional chromium-headless-shell-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 96fe0038677037405e59d97ff3d5e098 53506188 web optional chromium-headless-shell_146.0.7680.71-1~deb12u1_armhf.deb
 9bab7d831fbbcf1b0e3b591d53d03570 18004 debug optional chromium-sandbox-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 2338c0fecd2088398fc50c68d2d42210 112732 web optional chromium-sandbox_146.0.7680.71-1~deb12u1_armhf.deb
 5f6fe12b53b89800e511fc67f9431b99 29643552 debug optional chromium-shell-dbgsym_146.0.7680.71-1~deb12u1_armhf.deb
 e064e71b946e622a07d081ad638d810b 58436296 web optional chromium-shell_146.0.7680.71-1~deb12u1_armhf.deb
 c13b1be28cedc1aaadab7e0d2493c0ed 30262 web optional chromium_146.0.7680.71-1~deb12u1_armhf-buildd.buildinfo
 64fca8760d68eb98215a43beec3b4fa4 69756984 web optional chromium_146.0.7680.71-1~deb12u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbIns2iWsAAdAqh2MS/ZIXkV8oLAFAmmzGeUACgkQS/ZIXkV8
oLCfkBAArMLLOnLFofDcA19SzGXSxNdVeocQQ4gt4ZBz6lFeZGDHfci4/ft9Vdwn
gVBx6zvoSOCqS7YwVBSXJzM7ePCyNXP/E8jh35p5/Vxc7AxDd8EXJKemdZLroQKx
+bvjJDPlmUZxdEE6R7kR7FifGL6rM2rF2UpSkiot0+Pfm2WZWoVeHwfxJ9r0xAQy
QttfzTijXNPlycxaPq7uZd8/47nPUxHE0m8OEgPBCMHfVfD9aqtfjymSZZl1QYWM
0JvGgvTiNYVS+ndSEoq8xxyf31EDYYCSX2FyHE7B8jWbSLhX5Fb4MLl6rNpjpe6i
LHH+v1kve7Y4jhMY5VD5pRT4RB8lPS3vzuoy7HRAIjhdbzQuH0FMc3oFSlRi1C6K
jX7cckAydXLQg3izBf9Yvjxh0B5+DYOPi+YhxSUwny06k+UqmAkXP6TLk6laV5bO
NDqwePnNw9vBCtGQxHe29K5PhF0OUXflYcFO8sb6NkPgyBNlyu59wMIJOntId9Ug
wS541p9eYkSTkV6GZM4RYsA2DxW0kT4QErjSN50iJbbht15sU8dQ64OTHLBFEVoP
R7T5PAlGOoVJ6UyYFjG8vFilWvfvhBDy91sldW/rTc89KDJh4ggyB0ElZyrPGK5m
4DEsJy51jFFriDskaeEQg+wCskUVpe4UJRVwji+8EfVCUXXdg4Y=
=hhde
-----END PGP SIGNATURE-----