-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 146.0.7680.71-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-05) <buildd_arm64-arm-ubc-05@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.71-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
     - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3916: Out of bounds read in Web Speech.
       Reported by Grischa Hauser.
     - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
     - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
     - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
     - CVE-2026-3921: Use after free in TextEncoding.
       Reported by Pranamya Keshkamat & Cantina.xyz.
     - CVE-2026-3922: Use after free in MediaStream.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3923: Use after free in WebMIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3924: Use after free in WindowDialog.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3925: Incorrect security UI in LookalikeChecks.
       Reported by NDevTK and Alesandro Ortiz.
     - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
     - CVE-2026-3927: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
     - CVE-2026-3928: Insufficient policy enforcement in Extensions.
       Reported by portsniffer443.
     - CVE-2026-3929: Side-channel information leakage in ResourceTiming.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3930: Unsafe navigation in Navigation.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3932: Insufficient policy enforcement in PDF.
       Reported by Ayato Shitomi.
     - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3935: Incorrect security UI in WebAppInstalls.
       Reported by Barath Stalin K.
     - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
     - CVE-2026-3937: Incorrect security UI in Downloads.
       Reported by Abhishek Kumar.
     - CVE-2026-3938: Insufficient policy enforcement in Clipboard.
       Reported by vicevirus.
     - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
     - CVE-2026-3940: Insufficient policy enforcement in DevTools.
       Reported by Jorian Woltjer, Mian, bug_blitzer.
     - CVE-2026-3941: Insufficient policy enforcement in DevTools.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-3942: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
   * d/rules: update rustc version string for new upstream expectations of
     no spaces.
   * d/patches:
     - upstream/disable-unrar.patch: drop, merged upstream.
     - disable/signin.patch: drop part of the patch. This patch should be
       reviewed in the future and coordinated w/ ungoogled-chromium, since
       it originally came from them.
     - disable/glic.patch: add a bunch more glic removals.
     - disable/license-headless-shell.patch: refresh.
     - disable/unrar.patch: refresh.
     - system/rollup.patch: refresh.
     - bookworm/foreach.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
     - disable/catapult.patch: update to remove some more catapult deps.
     - fixes/force-rust-nightly.patch: drop, no longer needed.
     - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
       flag/feature added to llvm-23.
     - fixes/bytemuck.patch: add rust build fix in bytemuck.
     - llvm-19/clang-19-crash.patch: add build fix; delete code that makes
       clang-19++ crash.
     - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
       issue.
     - loongarch64/0018-fix-study-crash.patch: refresh.
     - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
       refresh.
     - ppc64le/fixes/fix-study-crash.patch: refresh.
     - llvm-19/clone-traits.patch: add patch to remove a static assertion.
     - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
     - upstream/profile.patch: add header inclusion build fix from upstream.
     - trixie/value-or.patch: move to llvm-19/ directory & also add another
       place that clang-19 gets confused during build.
     - rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
     - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
       changes, and added unsafe{} blocks to the macro definitions to shrink
       this patch in the future [trixie, bookworm].
     - fixes/missing-dep.patch: add patch for dependency-related build failure
       that only happens sometimes.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/patches:
     - disable/lint.patch: New patch to disable CSS/JS linting tools.
     - bookworm/node18-compat.patch: New patch to fix various compatibility
       issues with nodejs 18 [bookworm].
     - trixie/gn-len.patch: Zap another instance of len() for older GN
       [trixie, bookworm].
Checksums-Sha1:
 a8c6072966ac258e222a24466b593b886b4e4063 5594856 chromium-common-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 414b1cdcd69b9e56951ee69d8bbb0d32fd51c931 29159020 chromium-common_146.0.7680.71-1~deb13u1_armhf.deb
 0e4d627def9b3186f5e6a7c31fc727ba100685eb 34825988 chromium-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 89cb1950ef457b0565bedd5159177d41d883c8e9 7099012 chromium-driver_146.0.7680.71-1~deb13u1_armhf.deb
 620c4f798bb8e44995b77eb53a673e542b36eff8 27350476 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 3091cdde2cfd15ce901c158c80707af0f9857cb6 53495096 chromium-headless-shell_146.0.7680.71-1~deb13u1_armhf.deb
 5dc12d4734421eae1c849b59c671ab6ede10dd40 19260 chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 cc5ca34a6cd902d3c279007915adeebd2a7beb43 110612 chromium-sandbox_146.0.7680.71-1~deb13u1_armhf.deb
 b5d3b3d4b7de3a44bc054b8311531e8eb468f73b 29655408 chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 4b1b94f2503f10211a21e742146b6888af672d2e 58426824 chromium-shell_146.0.7680.71-1~deb13u1_armhf.deb
 b763784e21c623fe16e3faf3abd076f7ba794fb0 30182 chromium_146.0.7680.71-1~deb13u1_armhf-buildd.buildinfo
 acbd5c115c2da7370f5a927a54ec794cf2fc7073 69763836 chromium_146.0.7680.71-1~deb13u1_armhf.deb
Checksums-Sha256:
 9795cfd01116e71e587e80f1006e68557c40115fba435e02f7cdb896febc138c 5594856 chromium-common-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 80b5ed2d5fa231402000b128268121b697af9e7811a4eb731571f1eab3eb9729 29159020 chromium-common_146.0.7680.71-1~deb13u1_armhf.deb
 5e5537bf31d3b8cd63a3592b54cec3ed3cbea5d530bf4a2270dbd62dedac4560 34825988 chromium-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 e5d168a022e6f8dd237e289fed26d928a5964c34809c230d86918de650f0c9bd 7099012 chromium-driver_146.0.7680.71-1~deb13u1_armhf.deb
 2e4f85daa2f60fe93fc902931ef3e17127ddc8994610d9c7047c23d218678695 27350476 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 9279d4105eba7581f3706dd8c3ca094955b8f042e6a9c072aa4debdc3d8ca7ed 53495096 chromium-headless-shell_146.0.7680.71-1~deb13u1_armhf.deb
 2a044835c7e6129181692d3e2aaf2d2dab379b83770fd1175ed222521c612582 19260 chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 85a9b647cc7c8b2282ef555ae0009b6f9dfc9ddac35863f70c293e87882bf049 110612 chromium-sandbox_146.0.7680.71-1~deb13u1_armhf.deb
 dcfb0106e127c403d69586b705a5b855fab5dace6dab2039110889bae677f787 29655408 chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 13cf780164d665699744150c62f64e2a6b7556079bad3d86142e91822d6e3dc5 58426824 chromium-shell_146.0.7680.71-1~deb13u1_armhf.deb
 a06efec6d4226e99b7fef7435ab98157c19f123a64c57d9de44148a28b0e1872 30182 chromium_146.0.7680.71-1~deb13u1_armhf-buildd.buildinfo
 189033c1a21148724e9184faa4e8f234bc388296ead8ca13a3b2b04a10403e82 69763836 chromium_146.0.7680.71-1~deb13u1_armhf.deb
Files:
 86dcfa49f23ddf0e40d7f0f2f5c4640f 5594856 debug optional chromium-common-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 bc144242f64a1f60b401e99f2860eecc 29159020 web optional chromium-common_146.0.7680.71-1~deb13u1_armhf.deb
 7ea509e98846ffd1de9819655e583ae8 34825988 debug optional chromium-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 60c4bb9cc149a06554beacd87e4338a9 7099012 web optional chromium-driver_146.0.7680.71-1~deb13u1_armhf.deb
 406f6c3a49f248d471e74434f49e5c27 27350476 debug optional chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 ad5487dfafe884dfae581af03ff2e954 53495096 web optional chromium-headless-shell_146.0.7680.71-1~deb13u1_armhf.deb
 4656d5f17344db8188b6eac9e7e53889 19260 debug optional chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 8d2a57cefa26fa21171a0fa15aa67b7f 110612 web optional chromium-sandbox_146.0.7680.71-1~deb13u1_armhf.deb
 e0b2d4f5e04b4ccbd7a678d277287227 29655408 debug optional chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_armhf.deb
 6751d904249840f599836e03129c1afc 58426824 web optional chromium-shell_146.0.7680.71-1~deb13u1_armhf.deb
 8090658d4c96fb3642d2ea386db6280f 30182 web optional chromium_146.0.7680.71-1~deb13u1_armhf-buildd.buildinfo
 cbff47b328463ccf663ce22ba284dda5 69763836 web optional chromium_146.0.7680.71-1~deb13u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAmmzG3EACgkQLRECdjCZ
QkdZ2RAAoMeyjdcHOF8dTIIjsbhjQttEjgvAwAtJWEsYonk4Czl5cmV8FoeYVGrY
Ye/md2oded+6zeRo4CIzydBemxKdKlVF7lrRRSXb2DqaFQtCtADxz9c9LF+wWhCI
JYmoNJ2G8hi1f6VeZDj9R+mDkjtqUeoJEu5FE01BgfcMkItPlbup/P53PsoF6ZHH
jSZwpzU/K/TETLMeNr/FKK5Cm3/gmiaU0xeiNTzPg8nrs/cQugBlPFXAF6pGBCkC
anRhOHcWXLvKddjHWU4yvMDRn95sywsYFJCBmY5/aUXzlGIsjv/mwOUHfngunAi6
SMvzu5Mv/ATRvadCyQ8ZtXAMty23LZa4a/573bZM0BR43X44acVU175gZv67pplj
SBzNYzgb/ZYZqIxR0gif6gqDU/trp5C+jFWyO6NY0HIQ4MzOaHLD/8BbbhuFEQax
KjQgxZ5L8OT7husbhO0PjujwjmLjxq7Ya8EGuuUq7VPn0atDTazKYVQqu34pDd9P
5Hpn2cj8FzM8U0vKSnHTi90FnrsH8old4mjw/yJWSRcrmi8aQht1qGfqw1kV30y/
lrP+S5sdIMUzMVvR3QJtb0c/DFSg+ZuUE6oO+zY6oXyK0nDNR70MpxL69eVqw7Oe
J75Z6aEwVt5V2UH8LqNiN+7qLUUQlcXMSVE2eGv36zYMdCgjHC0=
=q4kd
-----END PGP SIGNATURE-----