-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 29 May 2026 11:48:56 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: arm64 Version: 148.0.7778.215-1~deb13u1 Distribution: trixie-security Urgency: high Maintainer: arm64 Build Daemon (arm-conova-04) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (148.0.7778.215-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-9872: Out of bounds write in GPU. Reported by cinzinga. - CVE-2026-9873: Use after free in Network. Reported by cinzinga. - CVE-2026-9874: Use after free in Dawn. Reported by Anonymous. - CVE-2026-9875: Out of bounds read in WebGL. Reported by Anonymous. - CVE-2026-9876: Use after free in WebGL. Reported by happy2me. - CVE-2026-9877: Use after free in ANGLE. Reported by Google. - CVE-2026-9878: Use after free in ANGLE. Reported by Google. - CVE-2026-9879: Out of bounds write in ANGLE. Reported by Google. - CVE-2026-9880: Insufficient validation of untrusted input in WebGL. Reported by Google. - CVE-2026-9881: Use after free in Bluetooth. Reported by Google. - CVE-2026-9882: Integer overflow in ANGLE. Reported by Google. - CVE-2026-9883: Use after free in Base. Reported by Google. - CVE-2026-9884: Use after free in Browser. Reported by Google. - CVE-2026-9885: Insufficient validation of untrusted input in UI. Reported by Google. - CVE-2026-9886: Use after free in Base. Reported by Google. - CVE-2026-9887: Use after free in Proxy. Reported by Google. - CVE-2026-9888: Use after free in WebView. Reported by Google. - CVE-2026-9889: Out of bounds read and write in Dawn. Reported by Google. - CVE-2026-9890: Use after free in XR. Reported by Google. - CVE-2026-9891: Use after free in Extensions. Reported by Google. - CVE-2026-9892: Inappropriate implementation in Skia. Reported by Google. - CVE-2026-9893: Use after free in Skia. Reported by Google. - CVE-2026-9894: Use after free in GPU. Reported by tohafrit. - CVE-2026-9895: Out of bounds read in GPU. Reported by 86ac1f1587b71893ed2ad792cd7dde32. - CVE-2026-9896: Out of bounds write in V8. Reported by 303f06e3. - CVE-2026-9897: Use after free in DOM. Reported by Google. - CVE-2026-9898: Insufficient validation of untrusted input in GPU. Reported by Google. - CVE-2026-9899: Use after free in ANGLE. Reported by Google. - CVE-2026-9900: Out of bounds write in ANGLE. Reported by Google. - CVE-2026-9901: Use after free in ANGLE. Reported by Google. - CVE-2026-9902: Use after free in Accessibility. Reported by Google. - CVE-2026-9903: Insufficient validation of untrusted input in Site Isolation. Reported by Google. - CVE-2026-9904: Use after free in ANGLE. Reported by Google. - CVE-2026-9905: Use after free in Accessibility. Reported by Google. - CVE-2026-9906: Out of bounds write in GPU. Reported by Google. - CVE-2026-9907: Out of bounds read in Dawn. Reported by Google. - CVE-2026-9908: Out of bounds read in ANGLE. Reported by Google. - CVE-2026-9909: Integer overflow in Skia. Reported by Google. - CVE-2026-9910: Out of bounds memory access in ANGLE. Reported by Google. - CVE-2026-9911: Integer overflow in ANGLE. Reported by Google. - CVE-2026-9912: Inappropriate implementation in GPU. Reported by Google. - CVE-2026-9913: Inappropriate implementation in ANGLE. Reported by Google - CVE-2026-9914: Insufficient validation of untrusted input in ANGLE. Reported by Google. - CVE-2026-9915: Heap buffer overflow in ANGLE. Reported by Google. - CVE-2026-9916: Out of bounds write in ANGLE. Reported by Google. - CVE-2026-9917: Uninitialized Use in WebGL. Reported by Google. - CVE-2026-9918: Inappropriate implementation in Tint. Reported by Google. - CVE-2026-9919: Out of bounds read in WebGL. Reported by Google. - CVE-2026-9920: Uninitialized Use in GPU. Reported by Google. - CVE-2026-9921: Uninitialized Use in WebGL. Reported by Google. - CVE-2026-9922: Use after free in GPU. Reported by Google. - CVE-2026-9923: Use after free in Skia. Reported by Google. - CVE-2026-9924: Heap buffer overflow in ANGLE. Reported by Google. - CVE-2026-9925: Use after free in ANGLE. Reported by Google. - CVE-2026-9926: Heap buffer overflow in ANGLE. Reported by Google. - CVE-2026-9927: Use after free in ANGLE. Reported by Google. - CVE-2026-9928: Out of bounds read in ANGLE. Reported by Jeff Muizelaar - Mozilla. - CVE-2026-9929: Inappropriate implementation in WebGL. Reported by Google - CVE-2026-9930: Out of bounds write in Dawn. Reported by Google. - CVE-2026-9931: Use after free in GPU. Reported by Google. - CVE-2026-9932: Use after free in ANGLE. Reported by Google. - CVE-2026-9933: Use after free in Input. Reported by Google. - CVE-2026-9934: Use after free in Aura. Reported by Google. - CVE-2026-9935: Uninitialized Use in ANGLE. Reported by Google. - CVE-2026-9936: Use after free in GFX. Reported by Google. - CVE-2026-9937: Use after free in UI. Reported by Google. - CVE-2026-9938: Inappropriate implementation in V8. Reported by Google. - CVE-2026-9939: Heap buffer overflow in WebCodecs. Reported by Google. - CVE-2026-9940: Heap buffer overflow in ANGLE. Reported by Google. - CVE-2026-9941: Use after free in ANGLE. Reported by Google. - CVE-2026-9942: Uninitialized Use in ANGLE. Reported by Google. - CVE-2026-9943: Out of bounds read in WebGL. Reported by Google. - CVE-2026-9944: Uninitialized Use in ANGLE. Reported by Google. - CVE-2026-9945: Use after free in Media. Reported by Google. - CVE-2026-9946: Use after free in ANGLE. Reported by Google. - CVE-2026-9947: Use after free in XML. Reported by Google. - CVE-2026-9948: Use after free in Views. Reported by Google. - CVE-2026-9949: Use after free in Core. Reported by Google. - CVE-2026-9950: Insufficient validation of untrusted input in iOS. Reported by Google. - CVE-2026-9951: Use after free in UI. Reported by Google. - CVE-2026-9952: Use after free in WebAudio. Reported by Google. - CVE-2026-9953: Out of bounds read in ANGLE. Reported by Google. - CVE-2026-9954: Use after free in TabStrip. Reported by yueliu of Microsoft. - CVE-2026-9955: Inappropriate implementation in iOS. Reported by Google. - CVE-2026-9956: Use after free in iOS. Reported by Google. - CVE-2026-9957: Use after free in PDF. Reported by Google. - CVE-2026-9958: Use after free in PDFium. Reported by Google. - CVE-2026-9959: Race in WebRTC. Reported by Google. - CVE-2026-9960: Integer overflow in PDFium. Reported by Google. - CVE-2026-9961: Use after free in SurfaceCapture. Reported by Google. - CVE-2026-9962: Use after free in WebRTC. Reported by Google. - CVE-2026-9963: Uninitialized Use in iOS. Reported by Google. - CVE-2026-9964: Use after free in Bluetooth. Reported by Google. - CVE-2026-9965: Out of bounds write in ANGLE. Reported by Google. - CVE-2026-9966: Integer overflow in XML. Reported by Google. - CVE-2026-9967: Out of bounds write in GPU. Reported by Google. - CVE-2026-9968: Integer overflow in V8. Reported by Google. - CVE-2026-9969: Insufficient validation of untrusted input in ANGLE. Reported by Google. - CVE-2026-9970: Use after free in WebGL. Reported by TFGC. - CVE-2026-9971: Inappropriate implementation in iOS. Reported by Google. - CVE-2026-9972: Uninitialized Use in Gamepad. Reported by Google. - CVE-2026-9973: Out of bounds write in V8. Reported by amyb of OpenAI. - CVE-2026-9974: Out of bounds write in GPU. Reported by Google. - CVE-2026-9975: Out of bounds read and write in ANGLE. Reported by Google - CVE-2026-9976: Inappropriate implementation in USB. Reported by Google. - CVE-2026-9977: Insufficient validation of untrusted input in WebShare. Reported by Google. - CVE-2026-9978: Use after free in Glic. Reported by Google. - CVE-2026-9979: Insufficient validation of untrusted input in Input. Reported by Google. - CVE-2026-9980: Insufficient validation of untrusted input in Printing. Reported by Google. - CVE-2026-9981: Inappropriate implementation in Skia. Reported by Google. - CVE-2026-9982: Insufficient validation of untrusted input in ANGLE. Reported by Google. - CVE-2026-9983: Type Confusion in Skia. Reported by Google. - CVE-2026-9984: Use after free in UI. Reported by Google. - CVE-2026-9985: Insufficient validation of untrusted input in Media. Reported by Google. - CVE-2026-9986: Insufficient validation of untrusted input in OptimizationGuide. Reported by Google. - CVE-2026-9987: Insufficient validation of untrusted input in WebAppInstalls. Reported by Google. - CVE-2026-9988: Use after free in WebRTC. Reported by Google. - CVE-2026-9989: Inappropriate implementation in Media. Reported by Google - CVE-2026-9990: Use after free in WebAppInstalls. Reported by Google. - CVE-2026-9991: Inappropriate implementation in Media. Reported by Google - CVE-2026-9992: Use after free in Network. Reported by Google. - CVE-2026-9993: Use after free in Views. Reported by Google. - CVE-2026-9994: Use after free in Core. Reported by Google. - CVE-2026-9995: Use after free in WebXR. Reported by Google. - CVE-2026-9996: Out of bounds read in WebRTC. Reported by Google. - CVE-2026-9997: Use after free in Input. Reported by Google. - CVE-2026-9998: Integer overflow in Skia. Reported by Google. - CVE-2026-9999: Inappropriate implementation in ANGLE. Reported by Google - CVE-2026-10000: Use after free in Passwords. Reported by Google. - CVE-2026-10001: Use after free in PerformanceManager. Reported by Google - CVE-2026-10002: Use after free in PDFium. Reported by Google. - CVE-2026-10003: Use after free in Views. Reported by Google. - CVE-2026-10004: Insufficient validation of untrusted input in Passwords. Reported by Google. - CVE-2026-10005: Use after free in WebAppInstalls. Reported by Google. - CVE-2026-10006: Race in WebAudio. Reported by Google. - CVE-2026-10007: Use after free in SVG. Reported by Google. - CVE-2026-10008: Uninitialized Use in GPU. Reported by Google. - CVE-2026-10009: Integer overflow in Skia. Reported by Google. - CVE-2026-10010: Inappropriate implementation in Input. Reported by Google. - CVE-2026-10011: Inappropriate implementation in Skia. Reported by Google - CVE-2026-10012: Use after free in Skia. Reported by Google. - CVE-2026-10013: Use after free in WebCodecs. Reported by Google. - CVE-2026-10014: Use after free in WebMIDI. Reported by Google. - CVE-2026-10015: Integer overflow in WTF. Reported by Google. - CVE-2026-10016: Use after free in DOM. Reported by pwn2addr. - CVE-2026-10017: Out of bounds read in Headless. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-10018: Integer overflow in ANGLE. Reported by Rahul Raj. - CVE-2026-10019: Integer overflow in ANGLE. Reported by Mufeed VH from Winfunc Research (winfunc.com). - CVE-2026-10020: Insufficient validation of untrusted input in Skia. Reported by Google. - CVE-2026-10021: Insufficient validation of untrusted input in USB. Reported by Google. - CVE-2026-10022: Type Confusion in V8. Reported by ggwhyp. Checksums-Sha1: 97f7c035779afc142fa5ab4ba9e0c5b556d7316a 6136344 chromium-common-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb af4c9a1a22880c0f5aa15be923f3311dc8b9e5f4 30282000 chromium-common_148.0.7778.215-1~deb13u1_arm64.deb 99f10afe991a382a84c42fa349f21690d79ede00 34713004 chromium-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 9d1c22e12d31e1fe9d99660a3ddc265a77c9b270 6671532 chromium-driver_148.0.7778.215-1~deb13u1_arm64.deb 22a78b9a5885dfa1a3d57e40cb579e898a089621 28979812 chromium-headless-shell-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 0cc8370055eac57c13249123f9543216b95e5a99 54889052 chromium-headless-shell_148.0.7778.215-1~deb13u1_arm64.deb 1ffd245ac7eef8d382be11d2e9b58b9f486a24ea 21088 chromium-sandbox-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 70e6b25d9fef73a4d9a0638f59787fcd8f4157a1 119944 chromium-sandbox_148.0.7778.215-1~deb13u1_arm64.deb f37794823ce237f0f31e7133a81d66376fd2f8a8 30418788 chromium-shell-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb eb046a31de084a5e46beb96f4e4cb4e02d8d1979 54703572 chromium-shell_148.0.7778.215-1~deb13u1_arm64.deb 39651ebb7f320356dc7928a603454e852925c11b 30646 chromium_148.0.7778.215-1~deb13u1_arm64-buildd.buildinfo d683f1b78edab0ed3c65e8ef41480da0967fc87f 73484144 chromium_148.0.7778.215-1~deb13u1_arm64.deb Checksums-Sha256: 6d3258f2e97adb1966945448e92d3fe687de08675f2dbaa06bac12530bc3173d 6136344 chromium-common-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 00cb12b35d8b2646e568566c363525b048d5fc1f2c9759e30b65648aec926d47 30282000 chromium-common_148.0.7778.215-1~deb13u1_arm64.deb a44a35acd0af458678a5878caf7650bb60388250c4c87ac9d4ed6bc1fe93c51a 34713004 chromium-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 85f359ea84d90721acb99e5c1b5255a30f095849d2ded53c770de90095dd6d71 6671532 chromium-driver_148.0.7778.215-1~deb13u1_arm64.deb 3e25933e72c1a0c87b638b5473b4e6adbae307f9a8b64058fb422bcdba7bec52 28979812 chromium-headless-shell-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 72ea2b0265ca3d0aebe04791c6d4739bebf1af46213ee333387db9bff2080ade 54889052 chromium-headless-shell_148.0.7778.215-1~deb13u1_arm64.deb 8ad0b47d17877e50e8d99d5a31653ecc35d33c0a900d9b5ee8f5a88ec5fb7c4d 21088 chromium-sandbox-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 5e000c8c0336cc0e42ee03d727ab1a503450c8e0fba6b8ca3506a5abb89eaf1f 119944 chromium-sandbox_148.0.7778.215-1~deb13u1_arm64.deb e0163364fd522fdc9e94206701800c275e57d123256d7ed740de34226405f0cd 30418788 chromium-shell-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb bd3aeb56c0394255db4b7a6e4744234b2173daab430df882f0a21292f4de5153 54703572 chromium-shell_148.0.7778.215-1~deb13u1_arm64.deb aee3fb76cdce5491ff20b63f5d7f36979db265fd0fe21556e2e5a29ec125878e 30646 chromium_148.0.7778.215-1~deb13u1_arm64-buildd.buildinfo 1804411d50e9114e7fc03f5c63e15262f9f04d589305c477acc410f37833a761 73484144 chromium_148.0.7778.215-1~deb13u1_arm64.deb Files: 59454031967c86e680c8548cc8170430 6136344 debug optional chromium-common-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 57c8a671a0be7e06d2042d849deace1b 30282000 web optional chromium-common_148.0.7778.215-1~deb13u1_arm64.deb 5279381aa3a6db5d2222e39c3c204c84 34713004 debug optional chromium-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 79b0e390a92b048a0224d025465403a3 6671532 web optional chromium-driver_148.0.7778.215-1~deb13u1_arm64.deb bb753bc5914820d0422b09558d4460fd 28979812 debug optional chromium-headless-shell-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 6de6e5de583c5f44c78e4c5f6a5743c9 54889052 web optional chromium-headless-shell_148.0.7778.215-1~deb13u1_arm64.deb 2fe0270c5746371898252aaa8d9b124c 21088 debug optional chromium-sandbox-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb d2f6566641a5cdf6f21774c783f043d2 119944 web optional chromium-sandbox_148.0.7778.215-1~deb13u1_arm64.deb b108efc66a46c169528aa55c3c3d52a1 30418788 debug optional chromium-shell-dbgsym_148.0.7778.215-1~deb13u1_arm64.deb 74a33e9846cd446568a5985c7ceb2cac 54703572 web optional chromium-shell_148.0.7778.215-1~deb13u1_arm64.deb d18bb5d19a29537b32012236bb2af048 30646 web optional chromium_148.0.7778.215-1~deb13u1_arm64-buildd.buildinfo 9d033bea3abf9dcd1b266a06fd9fa92d 73484144 web optional chromium_148.0.7778.215-1~deb13u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmocXEsACgkQScpU3dYu lLgV5BAAwvV5t1M1qvO+6TtD5IPeoUrEd+uIZPcp3wNGn4T/0iBsIHVqrYUx4NKS 2NXx7EixT5CL397HAiSgRc/8RsM93FsWDiqTjEeoSVxq/M8NgIM/fJjq1xOz93f0 1HNrosxLtle3masfqcySySgUbNK39ja6Nrlmp+d/+l6BmvMbVxpaloBU9WZv1ET6 9MU6l5+tkrHU2hHmwn0wlcKfD3P0Tkwn8pG1eG7c6FmC8S6qFUdsdo9IxDAGdKNj kr09B5ZVZM1KkDWHRUMVak+zp2fQHz5GNBb4IJYvAH//F8D6QUdHfCfMqv9GgD7K 4oZFj17ICVlc1zdUynP+eSCUK2chy6Rs4vs1zLzX51tVgI4Ymh355bVt+HhisKBY M13/hc1PHcZImdeiAgYk/Q3bE8E9x+Ge3Atdj8yKXk0iaOc/mGAOnJbWuY5tpGVC xjnS0r9iUp4sLBeM5RUmA2s0dJdEWjb/FheKetET5HduX6NP9WGxaso/Vp9Q43Zd HKdZPYqFFrlKrQQizBmwS3DQ33+lLdBLhYOHoe7X5ak2HvJLV01zSrnI2pvc229n TghUqXas2usmZ//honAB3wl+e52y7DjtDspVzIWLVeEg5maAmsvVKE8YS7xXgp9d ko/Re6OAgicJK84mmqNmhB0wBPKPkeMccxh30ZzzOLPUbfrP89Y= =qQ1h -----END PGP SIGNATURE-----