-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 12 Jun 2026 17:27:35 -0400
Source: chromium
Architecture: source
Version: 149.0.7827.114-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (149.0.7827.114-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-12007: Use after free  Core. Reported by Google.
     - CVE-2026-12008: Use after free  DigitalCredentials. Reported by Google.
     - CVE-2026-12009: Insufficient validation of untrusted input
       Accessibility. Reported by Google.
     - CVE-2026-12010: Heap buffer overflow  GPU. Reported by Google.
     - CVE-2026-12011: Use after free  WebMIDI. Reported by Google.
     - CVE-2026-12012: Use after free  Network. Reported by Google.
     - CVE-2026-12013: Use after free  Media.
       Reported by Henock Habte, Independent Security Researcher.
     - CVE-2026-12014: Use after free  Cast. Reported by Google.
     - CVE-2026-12015: Use after free  Autofill. Reported by Google.
     - CVE-2026-12016: Insufficient validation of untrusted input  DevTools.
       Reported by Google.
     - CVE-2026-12017: Insufficient validation of untrusted input
       Extensions. Reported by Google.
     - CVE-2026-12018: Inappropriate implementation  Mojo. Reported by Google.
     - CVE-2026-12019: Out of bounds write  Codecs. Reported by Google.
     - CVE-2026-12020: Use after free  Autofill. Reported by Google.
     - CVE-2026-12022: Race  Safe Browsing. Reported by Google.
     - CVE-2026-12023: Use after free  GPU. Reported by Google.
     - CVE-2026-12024: Insufficient policy enforcement  DevTools.
       Reported by Google.
     - CVE-2026-12025: Insufficient validation of untrusted input  Network.
       Reported by Google.
     - CVE-2026-12026: Out of bounds read  Video. Reported by Google.
     - CVE-2026-12027: Insufficient policy enforcement  Headless.
       Reported by Google.
     - CVE-2026-12028: Use after free  GPU. Reported by Google.
     - CVE-2026-12029: Use after free  Video. Reported by Google.
     - CVE-2026-12030: Heap buffer overflow  GPU. Reported by Google.
     - CVE-2026-12031: Inappropriate implementation  Views. Reported by Google
     - CVE-2026-12032: Inappropriate implementation  Passwords.
       Reported by Google.
     - CVE-2026-12033: Out of bounds read  VideoCapture. Reported by Google.
     - CVE-2026-12034: Insufficient validation of untrusted input  Linux
       Toolkit Theming. Reported by Google.
     - CVE-2026-12035: Use after free  Views. Reported by Google.
Checksums-Sha1:
 f6c3867b4f1564c482011209cd2cd73eabfc3c45 4068 chromium_149.0.7827.114-1~deb12u1.dsc
 e9709ecc1862160ce4b049323a4bc83b7a789b75 929165944 chromium_149.0.7827.114.orig.tar.xz
 828f0ffd0acf83c07a5efaa8f867c443f61d3613 8583572 chromium_149.0.7827.114-1~deb12u1.debian.tar.xz
 b737129e3900c31e1348bda0a5a939ef8d06cf48 26842 chromium_149.0.7827.114-1~deb12u1_source.buildinfo
Checksums-Sha256:
 46d69ef1be6c2c06866def48bfed86acfec7ddd4bd2a340f1a9153ac1e11eb7f 4068 chromium_149.0.7827.114-1~deb12u1.dsc
 d6377291548ae6c80559c1ec3f8d7a72e15d10b6f0ccc9c6822b6248bdd3e8cf 929165944 chromium_149.0.7827.114.orig.tar.xz
 fb84b12b898d6dbe2bfbbc9447e597409c3ce65976de6b984f3e03e9cec37308 8583572 chromium_149.0.7827.114-1~deb12u1.debian.tar.xz
 3c469724bd2d1f37f4cb06b53f74c7072e7879d1be8a8634055c1934ae05f370 26842 chromium_149.0.7827.114-1~deb12u1_source.buildinfo
Files:
 f19c5fffce35fb267f62d680eb3423c6 4068 web optional chromium_149.0.7827.114-1~deb12u1.dsc
 9dec348fabc08e3fe29937c7382ac106 929165944 web optional chromium_149.0.7827.114.orig.tar.xz
 bef23153c1ce4b4146564ae662e79d5e 8583572 web optional chromium_149.0.7827.114-1~deb12u1.debian.tar.xz
 f4aedb93833cd2e42b802de27f29e74f 26842 web optional chromium_149.0.7827.114-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmostvwUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfK5w//T7wePwJ1mtxezgJlI+Mn1RxWb9nZ
SmM94BsHWHvVSkCosNANC7Uqht3ITDL0VHoZAXnOlheVCx6lDSJjCi/6JAIq0O+V
zzgRZLzh5MAQGZtOSxG80sxY+7xK50gh8h3uZYHfqMHS9tFWNmuoX3ho0dUFgsrb
/01kNatT4+7cQ4cAhNeK7UCuG32hjdHpjyKzt/jKR5EP8ugLY64h8IXh+mEeaghe
cLT9o75vMU3S8Wh7EJRVbVn2eVGFl7fDbPcg8l7f4lX78ak9sKAi4tRzvjOhzD6M
yoy1BBS/wxDHgwsZ7blChiAkFhwZH61wlIUZ0qr4TEwwGDlFlgA7wOaFWPNLvsi+
UO2ESgoJz6c2ekyjgc0bTQZhRwLElbY6RS/DK3nhQ1IK6trj5C+7DHv+rPdA36wf
i47V3ydZ1TYVa0ggUGHU0r7ozOkvVpas26xL+58Qe3BTWRBSSuntGi+z/dA3DMPT
q071pMA4blPjCZpcqw27hss6SG7fjF1znZAPNokevkNJADB24xEleaMopRS41MIg
XyN8f8Lt37I1pF7vKlo9qM8vat644uL23TXjt02AsUnPWVsuebXeM/CI+w9jHw2f
lZEsFRs/JsmARl/Ll1iCTX/FJg5F3qnsJ1IPAzf1UkmOgKJR68T3YhQNLwXdh2Xl
Tvib+3MvkHXFV5I=
=5Sj0
-----END PGP SIGNATURE-----