-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Mar 2026 20:01:51 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: ppc64el
Version: 146.0.7680.71-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (146.0.7680.71-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga.
     - CVE-2026-3915: Heap buffer overflow in WebML. Reported by Tobias Wienand
     - CVE-2026-3916: Out of bounds read in Web Speech.
       Reported by Grischa Hauser.
     - CVE-2026-3917: Use after free in Agents. Reported by Syn4pse.
     - CVE-2026-3918: Use after free in WebMCP. Reported by Syn4pse.
     - CVE-2026-3919: Use after free in Extensions. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3920: Out of bounds memory access in WebML. Reported by Google.
     - CVE-2026-3921: Use after free in TextEncoding.
       Reported by Pranamya Keshkamat & Cantina.xyz.
     - CVE-2026-3922: Use after free in MediaStream.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3923: Use after free in WebMIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3924: Use after free in WindowDialog.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-3925: Incorrect security UI in LookalikeChecks.
       Reported by NDevTK and Alesandro Ortiz.
     - CVE-2026-3926: Out of bounds read in V8. Reported by qymag1c.
     - CVE-2026-3927: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
     - CVE-2026-3928: Insufficient policy enforcement in Extensions.
       Reported by portsniffer443.
     - CVE-2026-3929: Side-channel information leakage in ResourceTiming.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3930: Unsafe navigation in Navigation.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3931: Heap buffer overflow in Skia. Reported by Huinian Yang
       (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd
     - CVE-2026-3932: Insufficient policy enforcement in PDF.
       Reported by Ayato Shitomi.
     - CVE-2026-3934: Insufficient policy enforcement in ChromeDriver.
       Reported by Povcfe of Tencent Security Xuanwu Lab.
     - CVE-2026-3935: Incorrect security UI in WebAppInstalls.
       Reported by Barath Stalin K.
     - CVE-2026-3936: Use after free in WebView. Reported by Am4deu$.
     - CVE-2026-3937: Incorrect security UI in Downloads.
       Reported by Abhishek Kumar.
     - CVE-2026-3938: Insufficient policy enforcement in Clipboard.
       Reported by vicevirus.
     - CVE-2026-3939: Insufficient policy enforcement in PDF. Reported by NDevTK
     - CVE-2026-3940: Insufficient policy enforcement in DevTools.
       Reported by Jorian Woltjer, Mian, bug_blitzer.
     - CVE-2026-3941: Insufficient policy enforcement in DevTools.
       Reported by Lyra Rebane (rebane2001).
     - CVE-2026-3942: Incorrect security UI in PictureInPicture.
       Reported by Barath Stalin K.
   * d/rules: update rustc version string for new upstream expectations of
     no spaces.
   * d/patches:
     - upstream/disable-unrar.patch: drop, merged upstream.
     - disable/signin.patch: drop part of the patch. This patch should be
       reviewed in the future and coordinated w/ ungoogled-chromium, since
       it originally came from them.
     - disable/glic.patch: add a bunch more glic removals.
     - disable/license-headless-shell.patch: refresh.
     - disable/unrar.patch: refresh.
     - system/rollup.patch: refresh.
     - bookworm/foreach.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from ungoogled-chromium.
     - disable/catapult.patch: update to remove some more catapult deps.
     - fixes/force-rust-nightly.patch: drop, no longer needed.
     - llvm-22/ignore-for-ubsan.patch: add a build fix for a compiler
       flag/feature added to llvm-23.
     - fixes/bytemuck.patch: add rust build fix in bytemuck.
     - llvm-19/clang-19-crash.patch: add build fix; delete code that makes
       clang-19++ crash.
     - llvm-19/keyfactory.patch: add build fix for what I suspect is a clang-19
       issue.
     - loongarch64/0018-fix-study-crash.patch: refresh.
     - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch:
       refresh.
     - ppc64le/fixes/fix-study-crash.patch: refresh.
     - llvm-19/clone-traits.patch: add patch to remove a static assertion.
     - llvm-19/octal.patch: add patch to work around 0o666 vs 0666 support.
     - upstream/profile.patch: add header inclusion build fix from upstream.
     - trixie/value-or.patch: move to llvm-19/ directory & also add another
       place that clang-19 gets confused during build.
     - rust-1.85/jxl-features.patch: refresh [trixie, bookworm].
     - rust-1.85/jxl-simd-avx512.patch: update for (numerous) upstream
       changes, and added unsafe{} blocks to the macro definitions to shrink
       this patch in the future [trixie, bookworm].
     - fixes/missing-dep.patch: add patch for dependency-related build failure
       that only happens sometimes.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
       for upstream changes
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
 .
   [ Daniel Richard G. ]
   * d/patches:
     - disable/lint.patch: New patch to disable CSS/JS linting tools.
     - bookworm/node18-compat.patch: New patch to fix various compatibility
       issues with nodejs 18 [bookworm].
     - trixie/gn-len.patch: Zap another instance of len() for older GN
       [trixie, bookworm].
Checksums-Sha1:
 3559c0fdac4ab31c86ab9b805e089a6bbb00d70f 5698340 chromium-common-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 4ca03941ac8117e91a7c1f158ad8c65f2433a125 35115432 chromium-common_146.0.7680.71-1~deb13u1_ppc64el.deb
 7bd92e4bf9fe10fcafc76772a0dacf2b4a9ede99 29903244 chromium-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 28ca872626428fd7fb89beb7912393d6b98ffdc8 7159908 chromium-driver_146.0.7680.71-1~deb13u1_ppc64el.deb
 15972322afbc5680779802cfccb821775e0b70a6 24808388 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 4b95fd79c2a55d8e53d4697e159a93a83b6092e6 58092256 chromium-headless-shell_146.0.7680.71-1~deb13u1_ppc64el.deb
 3f79eb5fe1139aa8d859c38cfcf84e8d5352dbea 20332 chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 b28ccd795d2d14d7cbbce8674c53bcb4837b7056 111012 chromium-sandbox_146.0.7680.71-1~deb13u1_ppc64el.deb
 c1a7e260295817a8b982537cdc4c812fcac52d38 25535008 chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 52d63d9fa4758c6b8acc38fc300689888d5c5a99 57574944 chromium-shell_146.0.7680.71-1~deb13u1_ppc64el.deb
 a5899e182d7603532a3eb92b44c793b51b1ab0a9 30240 chromium_146.0.7680.71-1~deb13u1_ppc64el-buildd.buildinfo
 2c27f0860a603441264546f5640c3f00141b2181 78184632 chromium_146.0.7680.71-1~deb13u1_ppc64el.deb
Checksums-Sha256:
 435958674e0c2f2dd3f56858743af8dbf32af45feda56726d7d3143d4f5e72ec 5698340 chromium-common-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 0646cd73c3caad20e49cd52a9b4af2750c2fa4517a8e4cb6f6449fffa73c4e7f 35115432 chromium-common_146.0.7680.71-1~deb13u1_ppc64el.deb
 27c4af2be178232413e6d2854bd876a574d7792fdfb296309663b4276c522078 29903244 chromium-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 beaaee30d1a324c9a2f64b09629458ebcd76634b5f2b558400161ff9c6b4be4d 7159908 chromium-driver_146.0.7680.71-1~deb13u1_ppc64el.deb
 61880deaadfbe4fd7166b411a255f8b998e486cc1dda2ac6be319ca0e3a15c84 24808388 chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 43fb603b2de8f41c0fd702442d1af1acfffaa622f50c94dbd39e8b7d4f8395d8 58092256 chromium-headless-shell_146.0.7680.71-1~deb13u1_ppc64el.deb
 795ff6b84ab461c03ca06032b2d874a2ac78f588375a89003337b42fdacd0df2 20332 chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 8d9bbae48d8220b2255769858055b4471216f667c22da83971fe2462bf2e8510 111012 chromium-sandbox_146.0.7680.71-1~deb13u1_ppc64el.deb
 f335f0f247ef3e963c21141ae9d107350a9ec9a03b242c000b3d5f4c362d914e 25535008 chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 3b73fa7e8c89f649e3a45b3a4d33a4075a6c0aa11d204b979ac94a59e59ccb73 57574944 chromium-shell_146.0.7680.71-1~deb13u1_ppc64el.deb
 b13969267b472f688d046b78efe2f755e884f658e7d73986e34fe31d2bc450a7 30240 chromium_146.0.7680.71-1~deb13u1_ppc64el-buildd.buildinfo
 304157052971fc0073775f1949e15940f25778eebead741112bd964c63583f07 78184632 chromium_146.0.7680.71-1~deb13u1_ppc64el.deb
Files:
 d750de77ef51b72a01a2bd106e7c8f07 5698340 debug optional chromium-common-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 9d42b3e7cfa30fb359768d53bbcbcbed 35115432 web optional chromium-common_146.0.7680.71-1~deb13u1_ppc64el.deb
 9afa9f082dc2f9e31f83fa4c5d57e327 29903244 debug optional chromium-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 7599283257fcbb05a99865205857080a 7159908 web optional chromium-driver_146.0.7680.71-1~deb13u1_ppc64el.deb
 c5b4669dd02c02d58ca693a83651f6c2 24808388 debug optional chromium-headless-shell-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 e82e46aeeeb7d485b034cb8bff22ef8c 58092256 web optional chromium-headless-shell_146.0.7680.71-1~deb13u1_ppc64el.deb
 4e879def9883233b33670f3d221a712e 20332 debug optional chromium-sandbox-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 8b0eb67fe171a42cf98ddc727cc3b1fb 111012 web optional chromium-sandbox_146.0.7680.71-1~deb13u1_ppc64el.deb
 0eb0b4ad6b888ea4efe5bc6da80bc4d0 25535008 debug optional chromium-shell-dbgsym_146.0.7680.71-1~deb13u1_ppc64el.deb
 b00b4741e7dcad0abb096977163f1df6 57574944 web optional chromium-shell_146.0.7680.71-1~deb13u1_ppc64el.deb
 eba5a56887c20031f90e60c5db5da117 30240 web optional chromium_146.0.7680.71-1~deb13u1_ppc64el-buildd.buildinfo
 5603991e84e7d5d41b2c001233b56381 78184632 web optional chromium_146.0.7680.71-1~deb13u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEGHWM+bJZRznwgySGOrVShFbIMGEFAmmzRJ4ACgkQOrVShFbI
MGG2IQ/+KW3AMm/CgZxRPHZKvJ4jf9bVaWz/JOT2uE5fZD0QzKrocYWyHN7co+NB
qutQexNtpOj87pSbrRNYk88SU9tiOevpoE9voptCZGlnGILHuYDn2dtWIDKOtIhb
Iomgy8meGGt6ho7FiDUeXVFVRnEgkXtsY74wXjXiJLqsArQ8M61nrySFryD5J/j0
i5nwwoXj0yJrHgb9c89OJ1EzfxX4XzTPbKIqMwC7TQAFsrI/HJqJmPc4A2x1gFtx
tYIvRFC+CEvPY/urG2euK4YWkZdkQTap1Aacg1KCSAFwydiUbxJ3YA8joaHN/TiM
GljQ/3TbvK18aryU4FRsMDMZoxC5rEkF7cB6P6qEwPjVCWImgfzJXcJUtKi+cAzV
hL+yO3jR2WZaCTGEbV2w9rwkjPKA2RHGZI183vXt30iOQxMYPbQ5RpMJKltCkMe6
+G4kfn/DRjmIhRql112l2H8Hdooe0vMD4j464d/5S+AvANThmJS5CIsTC+1ZKgSy
6QqzthB25zJd52O+7FmHbDOvIaLoBNaTRrdMje3j5K/If0Xlq/S3BeSvNIUP/S9k
gZWZ6orsbWveumYEA74hs30mHlMMl1aRC6sxp9sksVocern7yfbCJOBDmGdbsBbo
dSMSYHYsFqad25tVqc9LQJ/SSpu6ieWLlLwrPdKgf/oGYoxpjxc=
=nA2X
-----END PGP SIGNATURE-----