-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 May 2026 11:48:56 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: ppc64el
Version: 148.0.7778.215-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-conova-02) <buildd_ppc64el-ppc64el-conova-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (148.0.7778.215-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-9872: Out of bounds write in GPU. Reported by cinzinga.
     - CVE-2026-9873: Use after free in Network. Reported by cinzinga.
     - CVE-2026-9874: Use after free in Dawn. Reported by Anonymous.
     - CVE-2026-9875: Out of bounds read in WebGL. Reported by Anonymous.
     - CVE-2026-9876: Use after free in WebGL. Reported by happy2me.
     - CVE-2026-9877: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9878: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9879: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9880: Insufficient validation of untrusted input in WebGL.
       Reported by Google.
     - CVE-2026-9881: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-9882: Integer overflow in ANGLE. Reported by Google.
     - CVE-2026-9883: Use after free in Base. Reported by Google.
     - CVE-2026-9884: Use after free in Browser. Reported by Google.
     - CVE-2026-9885: Insufficient validation of untrusted input in UI.
       Reported by Google.
     - CVE-2026-9886: Use after free in Base. Reported by Google.
     - CVE-2026-9887: Use after free in Proxy. Reported by Google.
     - CVE-2026-9888: Use after free in WebView. Reported by Google.
     - CVE-2026-9889: Out of bounds read and write in Dawn. Reported by Google.
     - CVE-2026-9890: Use after free in XR. Reported by Google.
     - CVE-2026-9891: Use after free in Extensions. Reported by Google.
     - CVE-2026-9892: Inappropriate implementation in Skia. Reported by Google.
     - CVE-2026-9893: Use after free in Skia. Reported by Google.
     - CVE-2026-9894: Use after free in GPU. Reported by tohafrit.
     - CVE-2026-9895: Out of bounds read in GPU.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-9896: Out of bounds write in V8. Reported by 303f06e3.
     - CVE-2026-9897: Use after free in DOM. Reported by Google.
     - CVE-2026-9898: Insufficient validation of untrusted input in GPU.
       Reported by Google.
     - CVE-2026-9899: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9900: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9901: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9902: Use after free in Accessibility. Reported by Google.
     - CVE-2026-9903: Insufficient validation of untrusted input in
       Site Isolation. Reported by Google.
     - CVE-2026-9904: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9905: Use after free in Accessibility. Reported by Google.
     - CVE-2026-9906: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-9907: Out of bounds read in Dawn. Reported by Google.
     - CVE-2026-9908: Out of bounds read in ANGLE. Reported by Google.
     - CVE-2026-9909: Integer overflow in Skia. Reported by Google.
     - CVE-2026-9910: Out of bounds memory access in ANGLE. Reported by Google.
     - CVE-2026-9911: Integer overflow in ANGLE. Reported by Google.
     - CVE-2026-9912: Inappropriate implementation in GPU. Reported by Google.
     - CVE-2026-9913: Inappropriate implementation in ANGLE. Reported by Google
     - CVE-2026-9914: Insufficient validation of untrusted input in ANGLE.
       Reported by Google.
     - CVE-2026-9915: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9916: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9917: Uninitialized Use in WebGL. Reported by Google.
     - CVE-2026-9918: Inappropriate implementation in Tint. Reported by Google.
     - CVE-2026-9919: Out of bounds read in WebGL. Reported by Google.
     - CVE-2026-9920: Uninitialized Use in GPU. Reported by Google.
     - CVE-2026-9921: Uninitialized Use in WebGL. Reported by Google.
     - CVE-2026-9922: Use after free in GPU. Reported by Google.
     - CVE-2026-9923: Use after free in Skia. Reported by Google.
     - CVE-2026-9924: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9925: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9926: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9927: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9928: Out of bounds read in ANGLE.
       Reported by Jeff Muizelaar - Mozilla.
     - CVE-2026-9929: Inappropriate implementation in WebGL. Reported by Google
     - CVE-2026-9930: Out of bounds write in Dawn. Reported by Google.
     - CVE-2026-9931: Use after free in GPU. Reported by Google.
     - CVE-2026-9932: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9933: Use after free in Input. Reported by Google.
     - CVE-2026-9934: Use after free in Aura. Reported by Google.
     - CVE-2026-9935: Uninitialized Use in ANGLE. Reported by Google.
     - CVE-2026-9936: Use after free in GFX. Reported by Google.
     - CVE-2026-9937: Use after free in UI. Reported by Google.
     - CVE-2026-9938: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-9939: Heap buffer overflow in WebCodecs. Reported by Google.
     - CVE-2026-9940: Heap buffer overflow in ANGLE. Reported by Google.
     - CVE-2026-9941: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9942: Uninitialized Use in ANGLE. Reported by Google.
     - CVE-2026-9943: Out of bounds read in WebGL. Reported by Google.
     - CVE-2026-9944: Uninitialized Use in ANGLE. Reported by Google.
     - CVE-2026-9945: Use after free in Media. Reported by Google.
     - CVE-2026-9946: Use after free in ANGLE. Reported by Google.
     - CVE-2026-9947: Use after free in XML. Reported by Google.
     - CVE-2026-9948: Use after free in Views. Reported by Google.
     - CVE-2026-9949: Use after free in Core. Reported by Google.
     - CVE-2026-9950: Insufficient validation of untrusted input in iOS.
       Reported by Google.
     - CVE-2026-9951: Use after free in UI. Reported by Google.
     - CVE-2026-9952: Use after free in WebAudio. Reported by Google.
     - CVE-2026-9953: Out of bounds read in ANGLE. Reported by Google.
     - CVE-2026-9954: Use after free in TabStrip.
       Reported by yueliu of Microsoft.
     - CVE-2026-9955: Inappropriate implementation in iOS. Reported by Google.
     - CVE-2026-9956: Use after free in iOS. Reported by Google.
     - CVE-2026-9957: Use after free in PDF. Reported by Google.
     - CVE-2026-9958: Use after free in PDFium. Reported by Google.
     - CVE-2026-9959: Race in WebRTC. Reported by Google.
     - CVE-2026-9960: Integer overflow in PDFium. Reported by Google.
     - CVE-2026-9961: Use after free in SurfaceCapture. Reported by Google.
     - CVE-2026-9962: Use after free in WebRTC. Reported by Google.
     - CVE-2026-9963: Uninitialized Use in iOS. Reported by Google.
     - CVE-2026-9964: Use after free in Bluetooth. Reported by Google.
     - CVE-2026-9965: Out of bounds write in ANGLE. Reported by Google.
     - CVE-2026-9966: Integer overflow in XML. Reported by Google.
     - CVE-2026-9967: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-9968: Integer overflow in V8. Reported by Google.
     - CVE-2026-9969: Insufficient validation of untrusted input in ANGLE.
       Reported by Google.
     - CVE-2026-9970: Use after free in WebGL. Reported by TFGC.
     - CVE-2026-9971: Inappropriate implementation in iOS. Reported by Google.
     - CVE-2026-9972: Uninitialized Use in Gamepad. Reported by Google.
     - CVE-2026-9973: Out of bounds write in V8. Reported by amyb of OpenAI.
     - CVE-2026-9974: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-9975: Out of bounds read and write in ANGLE. Reported by Google
     - CVE-2026-9976: Inappropriate implementation in USB. Reported by Google.
     - CVE-2026-9977: Insufficient validation of untrusted input in WebShare.
       Reported by Google.
     - CVE-2026-9978: Use after free in Glic. Reported by Google.
     - CVE-2026-9979: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-9980: Insufficient validation of untrusted input in Printing.
       Reported by Google.
     - CVE-2026-9981: Inappropriate implementation in Skia. Reported by Google.
     - CVE-2026-9982: Insufficient validation of untrusted input in ANGLE.
       Reported by Google.
     - CVE-2026-9983: Type Confusion in Skia. Reported by Google.
     - CVE-2026-9984: Use after free in UI. Reported by Google.
     - CVE-2026-9985: Insufficient validation of untrusted input in Media.
       Reported by Google.
     - CVE-2026-9986: Insufficient validation of untrusted input in
       OptimizationGuide. Reported by Google.
     - CVE-2026-9987: Insufficient validation of untrusted input in
       WebAppInstalls. Reported by Google.
     - CVE-2026-9988: Use after free in WebRTC. Reported by Google.
     - CVE-2026-9989: Inappropriate implementation in Media. Reported by Google
     - CVE-2026-9990: Use after free in WebAppInstalls. Reported by Google.
     - CVE-2026-9991: Inappropriate implementation in Media. Reported by Google
     - CVE-2026-9992: Use after free in Network. Reported by Google.
     - CVE-2026-9993: Use after free in Views. Reported by Google.
     - CVE-2026-9994: Use after free in Core. Reported by Google.
     - CVE-2026-9995: Use after free in WebXR. Reported by Google.
     - CVE-2026-9996: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-9997: Use after free in Input. Reported by Google.
     - CVE-2026-9998: Integer overflow in Skia. Reported by Google.
     - CVE-2026-9999: Inappropriate implementation in ANGLE. Reported by Google
     - CVE-2026-10000: Use after free in Passwords. Reported by Google.
     - CVE-2026-10001: Use after free in PerformanceManager. Reported by Google
     - CVE-2026-10002: Use after free in PDFium. Reported by Google.
     - CVE-2026-10003: Use after free in Views. Reported by Google.
     - CVE-2026-10004: Insufficient validation of untrusted input in Passwords.
       Reported by Google.
     - CVE-2026-10005: Use after free in WebAppInstalls. Reported by Google.
     - CVE-2026-10006: Race in WebAudio. Reported by Google.
     - CVE-2026-10007: Use after free in SVG. Reported by Google.
     - CVE-2026-10008: Uninitialized Use in GPU. Reported by Google.
     - CVE-2026-10009: Integer overflow in Skia. Reported by Google.
     - CVE-2026-10010: Inappropriate implementation in Input.
       Reported by Google.
     - CVE-2026-10011: Inappropriate implementation in Skia. Reported by Google
     - CVE-2026-10012: Use after free in Skia. Reported by Google.
     - CVE-2026-10013: Use after free in WebCodecs. Reported by Google.
     - CVE-2026-10014: Use after free in WebMIDI. Reported by Google.
     - CVE-2026-10015: Integer overflow in WTF. Reported by Google.
     - CVE-2026-10016: Use after free in DOM. Reported by pwn2addr.
     - CVE-2026-10017: Out of bounds read in Headless.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-10018: Integer overflow in ANGLE. Reported by Rahul Raj.
     - CVE-2026-10019: Integer overflow in ANGLE.
       Reported by Mufeed VH from Winfunc Research (winfunc.com).
     - CVE-2026-10020: Insufficient validation of untrusted input in Skia.
       Reported by Google.
     - CVE-2026-10021: Insufficient validation of untrusted input in USB.
       Reported by Google.
     - CVE-2026-10022: Type Confusion in V8. Reported by ggwhyp.
Checksums-Sha1:
 2051958e286335033e70def962d44d0712351deb 5791360 chromium-common-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 6658406613fc2fc574396fb2942ce8d9ed91a782 31530152 chromium-common_148.0.7778.215-1~deb13u1_ppc64el.deb
 d793cef936ee3dbe53b585e81ffb1e7b8f57ec35 30028620 chromium-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 06f4186ee5350d43000a68b14f3484738d760881 7318228 chromium-driver_148.0.7778.215-1~deb13u1_ppc64el.deb
 d1f0ca97476f144cea5f0543409e669396ead3d9 24778568 chromium-headless-shell-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 9c132b99f473d2dd193b0345bfde8e2c06f01790 59230812 chromium-headless-shell_148.0.7778.215-1~deb13u1_ppc64el.deb
 b2aa4b1e8b8d64047b61dcefe05d68b66bdd37c7 20336 chromium-sandbox-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 a20bf3e4a0fe760bd4b7d411e1294bf9541e55e1 119260 chromium-sandbox_148.0.7778.215-1~deb13u1_ppc64el.deb
 295ebcee57d76847210a0b21a28c38008df28684 25711548 chromium-shell-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 64894efc18fb0f288827452bb3e437e4b420c2e7 59269028 chromium-shell_148.0.7778.215-1~deb13u1_ppc64el.deb
 b2de6825c2f91d731cdfac9a6134266082266e14 30613 chromium_148.0.7778.215-1~deb13u1_ppc64el-buildd.buildinfo
 f327a626304c7c3a91dce86958b238214d41daca 80489916 chromium_148.0.7778.215-1~deb13u1_ppc64el.deb
Checksums-Sha256:
 cd7db6bc12a8223188d668d6b1cec637019cd31d01df93c30be64d793a8f2522 5791360 chromium-common-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 58c1bd5b1730e8cf03e492811bfd6d98a4d4793cfc32594a59de54b8433f76ec 31530152 chromium-common_148.0.7778.215-1~deb13u1_ppc64el.deb
 8fc3281912e3d496d1d3a84b959f051bfd1ac74a1745f3523c433ffcfdfb549d 30028620 chromium-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 78d66621009485530cacbfd2685521392e2587857fbd4af98da8428d7a1038e9 7318228 chromium-driver_148.0.7778.215-1~deb13u1_ppc64el.deb
 cee2c08c887fa8a4e8a6d5e6985b5911ed21aa6335a9c5881b071a6910edcbd8 24778568 chromium-headless-shell-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 3ecbfc94c3803a8aa3c97d6907ef7206bef002e6399786d4dd3a450f2f910d11 59230812 chromium-headless-shell_148.0.7778.215-1~deb13u1_ppc64el.deb
 40a7797fb1da5cbae847cdf1667c991ea6e5f4d7fe9b1ee1744a5b58f6febd5d 20336 chromium-sandbox-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 9a55d79b8a12274354dc93a6f842afcd4fa5c40b16cc4241b529ae558bba14d1 119260 chromium-sandbox_148.0.7778.215-1~deb13u1_ppc64el.deb
 1192480f00150d70675f5e2d13d6367bf515472d00a7c4bbe01e731720786ec3 25711548 chromium-shell-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 d21e7f4b5851d57e03691909cccc79dfb177463d0716b95a5714ccaf3ccf577f 59269028 chromium-shell_148.0.7778.215-1~deb13u1_ppc64el.deb
 bde4fcb6868fb9170af3670dd375e5c7936a0011fb7beea27c13ba97801aeecd 30613 chromium_148.0.7778.215-1~deb13u1_ppc64el-buildd.buildinfo
 b1ec4316c88253ffdb1554f38a66ebde6701628a41d1a945e2bd5e79dccd2e63 80489916 chromium_148.0.7778.215-1~deb13u1_ppc64el.deb
Files:
 b9e555539a6f0d7821dac149f4bfa1f0 5791360 debug optional chromium-common-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 50f5ca528772693b0c4a9aa098ac648f 31530152 web optional chromium-common_148.0.7778.215-1~deb13u1_ppc64el.deb
 b0faf1d87001dd5968020180a6784658 30028620 debug optional chromium-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 b0c4b68fad3dea2143fb956e630fa062 7318228 web optional chromium-driver_148.0.7778.215-1~deb13u1_ppc64el.deb
 9850b3e81a49309826723fce9347f87e 24778568 debug optional chromium-headless-shell-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 1882b3607357fb36d19dc773a098e143 59230812 web optional chromium-headless-shell_148.0.7778.215-1~deb13u1_ppc64el.deb
 7eb99950f545a9539ecc87c873dc5b7f 20336 debug optional chromium-sandbox-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 6f178aabdd33d49b68e048fe53db8987 119260 web optional chromium-sandbox_148.0.7778.215-1~deb13u1_ppc64el.deb
 582a211cf819504114ff51062bfa39fc 25711548 debug optional chromium-shell-dbgsym_148.0.7778.215-1~deb13u1_ppc64el.deb
 4a258e5d8ea900897526e1dfb7dccf2f 59269028 web optional chromium-shell_148.0.7778.215-1~deb13u1_ppc64el.deb
 85e622d12f000d91ab341c6becd9f7fb 30613 web optional chromium_148.0.7778.215-1~deb13u1_ppc64el-buildd.buildinfo
 c1cdaf5b5ea5be9ac410ccabc0f6c973 80489916 web optional chromium_148.0.7778.215-1~deb13u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEySUEQfg5pZeb/U372FRWNm40e2YFAmochbEACgkQ2FRWNm40
e2bVLQ//dFO/kH4HC62JNeBNdE+mHRIXzUO0IxPuYZF/3qummAGwWQKgUki49wHf
VqdTC3ITFBioJbYBY0aeP8E+7yJXRDUQTIQH9EHwhohD3zcXDcuW5tyBY7B+cjn0
+Y/ykJuqGHKOTy1Yks0epKPBUU2jknHtxisYPqVhiYvelzsSwKat6cp8cMd8flf6
Cz9InqkNcAD7ofpavNIG/MjVqienxzduK4tGzQpxZBdJfEa2F3XP6dEUnG9EcVSQ
RFHrsv6ij3nlNID1IsGtoj31B2kHluxPfsbSLx7C5NTRMsOhA+ogNrLYVTpkCMn8
mXnOh54oEE25HEoIMqsOlqlhwK6Lj3fDsrQC1tiH348bwsng+wDNKWoSWSwSDEmF
Qtpknn334JDC47TVMbbHYFsEGOaRqTTjTfklvjNWm+t5GYmAyXjflA3oN4OyDAkA
4HwX0/y4nUzzVOEZch4Nu3Qbxt05+51yIUP/AUdkIkoDosaqlSvmTSLE7t4S+QHr
RsAfAC3S7yZTULxbgCZoqkcK/o/VgTWLueXYarqdoopjHkOhBmJoeKonu9XdOH1Z
VJKIWm36pSd1m4Muxk2ZrWvDVj3O7fjMNM871AG/SYQIE4j1qnGgNeYyLFXpk75Q
+49zq0Bi7xhsetSYrDj2UgiKBY42Ev5BFkcyN+jCvkKTi8ExHQA=
=Qmj2
-----END PGP SIGNATURE-----