-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 12 Jun 2026 17:27:35 -0400
Source: chromium
Architecture: source
Version: 149.0.7827.114-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (149.0.7827.114-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-12007: Use after free  Core. Reported by Google.
     - CVE-2026-12008: Use after free  DigitalCredentials. Reported by Google.
     - CVE-2026-12009: Insufficient validation of untrusted input
       Accessibility. Reported by Google.
     - CVE-2026-12010: Heap buffer overflow  GPU. Reported by Google.
     - CVE-2026-12011: Use after free  WebMIDI. Reported by Google.
     - CVE-2026-12012: Use after free  Network. Reported by Google.
     - CVE-2026-12013: Use after free  Media.
       Reported by Henock Habte, Independent Security Researcher.
     - CVE-2026-12014: Use after free  Cast. Reported by Google.
     - CVE-2026-12015: Use after free  Autofill. Reported by Google.
     - CVE-2026-12016: Insufficient validation of untrusted input  DevTools.
       Reported by Google.
     - CVE-2026-12017: Insufficient validation of untrusted input
       Extensions. Reported by Google.
     - CVE-2026-12018: Inappropriate implementation  Mojo. Reported by Google.
     - CVE-2026-12019: Out of bounds write  Codecs. Reported by Google.
     - CVE-2026-12020: Use after free  Autofill. Reported by Google.
     - CVE-2026-12022: Race  Safe Browsing. Reported by Google.
     - CVE-2026-12023: Use after free  GPU. Reported by Google.
     - CVE-2026-12024: Insufficient policy enforcement  DevTools.
       Reported by Google.
     - CVE-2026-12025: Insufficient validation of untrusted input  Network.
       Reported by Google.
     - CVE-2026-12026: Out of bounds read  Video. Reported by Google.
     - CVE-2026-12027: Insufficient policy enforcement  Headless.
       Reported by Google.
     - CVE-2026-12028: Use after free  GPU. Reported by Google.
     - CVE-2026-12029: Use after free  Video. Reported by Google.
     - CVE-2026-12030: Heap buffer overflow  GPU. Reported by Google.
     - CVE-2026-12031: Inappropriate implementation  Views. Reported by Google
     - CVE-2026-12032: Inappropriate implementation  Passwords.
       Reported by Google.
     - CVE-2026-12033: Out of bounds read  VideoCapture. Reported by Google.
     - CVE-2026-12034: Insufficient validation of untrusted input  Linux
       Toolkit Theming. Reported by Google.
     - CVE-2026-12035: Use after free  Views. Reported by Google.
 .
   [ Jianfeng Liu ]
   * d/patches/loongarch64/0024-fix-libyuv-lsx.patch: drop due to upstream
     reverting to version of libyuv that doesn't have lsx issue.
Checksums-Sha1:
 c3412f171f7439185d84f282fe1c33dcf540ab92 4099 chromium_149.0.7827.114-1~deb13u1.dsc
 e9709ecc1862160ce4b049323a4bc83b7a789b75 929165944 chromium_149.0.7827.114.orig.tar.xz
 48b5857ede68e3d85e2737997ed40feb93485950 497000 chromium_149.0.7827.114-1~deb13u1.debian.tar.xz
 e366791652196f29923b04d2372a95c27d160a70 27174 chromium_149.0.7827.114-1~deb13u1_source.buildinfo
Checksums-Sha256:
 c45a8fa93c6a281905ba54e46f25e51a98a6ab6ad6c41e6fb1dc078ace97d97a 4099 chromium_149.0.7827.114-1~deb13u1.dsc
 d6377291548ae6c80559c1ec3f8d7a72e15d10b6f0ccc9c6822b6248bdd3e8cf 929165944 chromium_149.0.7827.114.orig.tar.xz
 84d8c49d186833e3b3300ea1a4a4c84bdb4c8271272d3d7fa5b9c09d6a7c835a 497000 chromium_149.0.7827.114-1~deb13u1.debian.tar.xz
 c29a732c24c0c0892a7d474362951f4556c23f91720d3813e98987e5296bfdc8 27174 chromium_149.0.7827.114-1~deb13u1_source.buildinfo
Files:
 f2750e6ba3c8fb9aa07ea4b66c17dc37 4099 web optional chromium_149.0.7827.114-1~deb13u1.dsc
 9dec348fabc08e3fe29937c7382ac106 929165944 web optional chromium_149.0.7827.114.orig.tar.xz
 2cdffc6d4d0e8ca7b49dff31317e164a 497000 web optional chromium_149.0.7827.114-1~deb13u1.debian.tar.xz
 904165e05d73df90df57941e09b500f8 27174 web optional chromium_149.0.7827.114-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmosnP8UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudje6Rg/8Cy23OK/rWbVmDXLLhU5b+jlZBhpb
ICfO4FAyJJIY+V2ex+JwcEIJOX7ffRgVmXY0oKeRCmjtseYv8FxDmHUCi1qnpXqU
e45q2B0pZdPS0nT4Um4+djgzL4JsBM6QCFXYDvN51AnGO9mm6soge30ffCl8dhu4
MPOlzfKjBXoe0CC7qOExIG8WKsPdQBb/Q++ggtIVy6116dFYAuBk1z1EnvRvNe1S
TelbkEkSleWhFyFzXgOrbYlqcbhHVDP58h6hsklKSJGC48G7b4VP7AOv7W9kQOC8
8vPihhZC2lMLtrwxDgOfD2Kfcqpc6r3NKi4s2e2QzLwKeirQWoS6iERTGxbMwxDE
Kz9KavLxcbnMCL+P3gkurCzKo8qsBnk9heJX3bFB8vcK2pJItCE7RbZ3OKMr6PIE
Kh/wdy56+HQ+rZa54WtpkNAjma5GST/8H/RQMs8H6pdNnQLhRNSvpNGKlJiDVyQj
AzWZ2yM72ryS1h6jyQbxmpYKlP+bH7bJETCmExQaqpx7v2KUTnxqT04x3yO38aVM
ZhHkNkt/UYG6FYvzLQLv1amdoqJa7xk72LUTEdcDtj0wBZSxvN4oNZlgKOPFBT0a
AwVb2EJec1EsHqx+kWA8vI91QwldcFBYm8daWSuAp+qE9f2CLRqKTyC2d5RIEVkh
mRYNTmGY6qBFNzY=
=acGs
-----END PGP SIGNATURE-----