-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 146.0.7680.71-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.71-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
     - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3916: Out of bounds read in Web Speech.
       Reported by Grischa Hauser.
     - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
     - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
     - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
     - CVE-2026-3921: Use after free in TextEncoding.
       Reported by Pranamya Keshkamat & Cantina.xyz.
     - CVE-2026-3922: Use after free in MediaStream.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3923: Use after free in WebMIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3924: Use after free in WindowDialog.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3925: Incorrect security UI in LookalikeChecks.
       Reported by NDevTK and Alesandro Ortiz.
     - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
     - CVE-2026-3927: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
     - CVE-2026-3928: Insufficient policy enforcement in Extensions.
       Reported by portsniffer443.
     - CVE-2026-3929: Side-channel information leakage in ResourceTiming.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3930: Unsafe navigation in Navigation.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3932: Insufficient policy enforcement in PDF.
       Reported by Ayato Shitomi.
     - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3935: Incorrect security UI in WebAppInstalls.
       Reported by Barath Stalin K.
     - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
     - CVE-2026-3937: Incorrect security UI in Downloads.
       Reported by Abhishek Kumar.
     - CVE-2026-3938: Insufficient policy enforcement in Clipboard.
       Reported by vicevirus.
     - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
     - CVE-2026-3940: Insufficient policy enforcement in DevTools.
       Reported by Jorian Woltjer, Mian, bug_blitzer.
     - CVE-2026-3941: Insufficient policy enforcement in DevTools.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-3942: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
   * d/rules: update rustc version string for new upstream expectations of
     no spaces.
   * d/patches:
     - upstream/disable-unrar.patch: drop, merged upstream.
     - disable/signin.patch: drop part of the patch. This patch should be
       reviewed in the future and coordinated w/ ungoogled-chromium, since
       it originally came from them.
     - disable/glic.patch: add a bunch more glic removals.
     - disable/license-headless-shell.patch: refresh.
     - disable/unrar.patch: refresh.
     - system/rollup.patch: refresh.
     - bookworm/foreach.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
     - disable/catapult.patch: update to remove some more catapult deps.
     - fixes/force-rust-nightly.patch: drop, no longer needed.
     - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
       flag/feature added to llvm-23.
     - fixes/bytemuck.patch: add rust build fix in bytemuck.
     - llvm-19/clang-19-crash.patch: add build fix; delete code that makes
       clang-19++ crash.
     - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
       issue.
     - loongarch64/0018-fix-study-crash.patch: refresh.
     - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
       refresh.
     - ppc64le/fixes/fix-study-crash.patch: refresh.
     - llvm-19/clone-traits.patch: add patch to remove a static assertion.
     - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
     - upstream/profile.patch: add header inclusion build fix from upstream.
     - trixie/value-or.patch: move to llvm-19/ directory & also add another
       place that clang-19 gets confused during build.
     - rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
     - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
       changes, and added unsafe{} blocks to the macro definitions to shrink
       this patch in the future [trixie, bookworm].
     - fixes/missing-dep.patch: add patch for dependency-related build failure
       that only happens sometimes.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/patches:
     - disable/lint.patch: New patch to disable CSS/JS linting tools.
     - bookworm/node18-compat.patch: New patch to fix various compatibility
       issues with nodejs 18 [bookworm].
     - trixie/gn-len.patch: Zap another instance of len() for older GN
       [trixie, bookworm].
Checksums-Sha1:
 a401bf12aab1a20ba5c36c7705cce8d0a340fbfd 5181688 chromium-common-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 037438662edeed2e4243038cf94ce41b00958419 29365164 chromium-common_146.0.7680.71-1~deb13u1_i386.deb
 f4ec2fcaa25b7a8f65277828f3f79ac81b260372 35600292 chromium-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 54bc623b2df0bd390034b92ef51d0ad10e221e9f 7777484 chromium-driver_146.0.7680.71-1~deb13u1_i386.deb
 60643db38c1417c19d8d133793f8f5420413655a 29522688 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 b6604bfd1da0b986caf8b23c2dfcc851b236c94d 58150796 chromium-headless-shell_146.0.7680.71-1~deb13u1_i386.deb
 8da3517320cbca3257f368281d402baa616eba90 18980 chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 e5c573e4b56ecb96df9c74a023937775533d6f1a 110832 chromium-sandbox_146.0.7680.71-1~deb13u1_i386.deb
 4da1014353c84f3e037dc5c03c31cda7349c322f 32298704 chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 738eab0e9e950d03f471e0f9f75344b3edceb099 63385192 chromium-shell_146.0.7680.71-1~deb13u1_i386.deb
 500e487f7d620f1b942989b5db0fe50b912b375c 30229 chromium_146.0.7680.71-1~deb13u1_i386-buildd.buildinfo
 78a2563e41718f699ef931d2ff0e51f3fa820f71 75570656 chromium_146.0.7680.71-1~deb13u1_i386.deb
Checksums-Sha256:
 97dd5d80691b4cd581975321de887fb0b671a88d7427d64e90e996c1556f0cd5 5181688 chromium-common-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 16c3f328390a0cc23faf104c7e5860cafcc556065373db932522c7a0632475a7 29365164 chromium-common_146.0.7680.71-1~deb13u1_i386.deb
 fd8aac2cd7cb906b561195fa86c0fd5f9cdaaf9840afdc93d9ec8cc089580c8b 35600292 chromium-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 fd6621e476a8964935f4d1a1a18460e443ab8c0d1302f3966814e3da10b8dfb9 7777484 chromium-driver_146.0.7680.71-1~deb13u1_i386.deb
 f801806d2d39dee468694c91c89908df54c67048262b3837411ec8be97e3321e 29522688 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 9828f1207bcd10d5e1a397304b27c366ca08842da3068e244c82a43f81921d28 58150796 chromium-headless-shell_146.0.7680.71-1~deb13u1_i386.deb
 62b7ccfc0e382d74f7ce8a203442d303b66bab7528671f5d447a1431ba79c20e 18980 chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 40cd0db7381b536d6a94baac1dd2dfe806d4b33f1250c5eb1c67ffecd14cac2a 110832 chromium-sandbox_146.0.7680.71-1~deb13u1_i386.deb
 446b00c80e91902ceca02e5000f3e1382cee162b2ec57c67f9e4c25231203511 32298704 chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 5a230b425eb1aeade958c62d083e14233e7e2d8e7de864e7fd5ff426f1da98ed 63385192 chromium-shell_146.0.7680.71-1~deb13u1_i386.deb
 1aa395930c8ee68100cbd8dbb5c4f2ee5d9f00dd3e47977c8fb46137e4a9ad31 30229 chromium_146.0.7680.71-1~deb13u1_i386-buildd.buildinfo
 8eebd41089f563fc15de176538ad6cb1dd848a5e4e1201caf145cfdd3c5c17a0 75570656 chromium_146.0.7680.71-1~deb13u1_i386.deb
Files:
 1299e15e15974fe7a1b3a0f3882212d8 5181688 debug optional chromium-common-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 dfaa691af94a13b4da0a7793361a4464 29365164 web optional chromium-common_146.0.7680.71-1~deb13u1_i386.deb
 0ad834eb6890e486acb6c9e1ce5d4b9f 35600292 debug optional chromium-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 c432d650b4f31ac95a19fe11624e2d7e 7777484 web optional chromium-driver_146.0.7680.71-1~deb13u1_i386.deb
 c7512e033052cc04eb54a34643cdafc8 29522688 debug optional chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 ab771ed12ab2a16a5d3a3c2229dd1549 58150796 web optional chromium-headless-shell_146.0.7680.71-1~deb13u1_i386.deb
 a28c6a9e7ab08439054517a3a94c614d 18980 debug optional chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 01708cbf2be2d462bc4700412e850c97 110832 web optional chromium-sandbox_146.0.7680.71-1~deb13u1_i386.deb
 f2cfc15d99758f421b42ba4b1402b01e 32298704 debug optional chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_i386.deb
 d658e31641564476c1073c75322742fc 63385192 web optional chromium-shell_146.0.7680.71-1~deb13u1_i386.deb
 783593622ba7db9b3598f4954f18bd50 30229 web optional chromium_146.0.7680.71-1~deb13u1_i386-buildd.buildinfo
 a4567501b183c36cf9d0642073d59173 75570656 web optional chromium_146.0.7680.71-1~deb13u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmmzDswACgkQYg9P9sm2
dfFvhw//RuuVwAPau24c+gpVdDceamd/R3xZr+nZGG/f8ldJI84dWZvEK8w6vCpv
pM86WPDy3gkzLKa6MayK59rpaW/A7xFM7JBF2crDnGc3glgA/oZRVU8mD/EE+klE
pU/ATHuxiG7HFu7APeF52g0dltYNHJJ4GfLviGJhn/1wvlnLtlyHWhD2MWuNT9bC
jEIg2WpQiQyr0n3s/hcqiKSKjcC8TPTwtXQ8iUdHZcWKxkIX00w+I1vj8a0//foP
xOjxHwvUj/7jdmzNUhW1eGw2TP7STFf0qBOXuFmNicnJbDjT2mWDNutt/v9BodZg
Zpf89aGdrOFq1nqZSJ5ST+5gAoM4bOrXQ106JY7q8B37Ba7g5fOBDgx1oTj3ZqOX
THwdBpG3x5PUxnHWp0dkfWrHErsvM5Fy2FSgeQfULSr6nBoJa0EReFoCXlnUEYvC
bmZKHBeyvhHoDi/AuHc4do2OCTsjBkxHHds+izYDGYWw5l8q69B6NTjzTzTYUYXw
7FNoZnfqMVLQ/JCvZxR/7V8A8vKSgyIWAVf0nRKSn1kRu9LflcmwTZU0F50Nz0Qu
WfOh9zKXy83tNvH3XP+NgpVpijdVcvVIq+3d0lcOtCb1lfRRKM6QHGlFcRYPSa37
78dCWypi8gS1l0nR5w+cnq0pKywVF8so23WCQIfP9gF2lPSa4qk=
=Pchq
-----END PGP SIGNATURE-----