-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 19 Mar 2026 19:35:31 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 146.0.7680.153-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Closes: 1130569
Changes:
 chromium (146.0.7680.153-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-4439: Out of bounds memory access in WebGL.
       Reported by Goodluck.
     - CVE-2026-4440: Out of bounds read and write in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4441: Use after free in Base. Reported by Google.
     - CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse.
     - CVE-2026-4443: Heap buffer overflow in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4444: Stack buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4445: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4446: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge.
     - CVE-2026-4448: Heap buffer overflow in ANGLE.
       Reported by M. Fauzan Wijaya (Gh05t666nero).
     - CVE-2026-4449: Use after free in Blink. Reported by Syn4pse.
     - CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c.
     - CVE-2026-4451: Insufficient validation of untrusted input in
       Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip.
     - CVE-2026-4454: Use after free in Network.
       Reported by heapracer (@heapracer).
     - CVE-2026-4455: Heap buffer overflow in PDFium.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4456: Use after free in Digital Credentials API.
       Reported by sean wong.
     - CVE-2026-4457: Type Confusion in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim.
     - CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by
       Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern)
     - CVE-2026-4460: Out of bounds read in Skia.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4461: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-4462: Out of bounds read in Blink.
       Reported by heapracer (@heapracer).
     - CVE-2026-4463: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun.
   * d/patches/disable/glic.patch: refresh for upstream tab nudging changes
 .
   [ Jianfeng Liu ]
   * add upstreamed patch of boringssl to fix loong64 build (closes: #1130569)
Checksums-Sha1:
 21f3de19b4e045fc9727c03d8b884bfba0d08626 8690576 chromium-l10n_146.0.7680.153-1~deb12u1_all.deb
 ae5c6252122c8b175e1188672254744a09a43859 26896 chromium_146.0.7680.153-1~deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 69fa45535b341bbc5abffbb70b08dd93a01bc7cd7f8fabcb46a0c116b35dc84c 8690576 chromium-l10n_146.0.7680.153-1~deb12u1_all.deb
 c171d26b6fd001a26d822a611527fcbe535a91d4c6099ba67590dfa513aae9c8 26896 chromium_146.0.7680.153-1~deb12u1_all-buildd.buildinfo
Files:
 e5ca0c5bb966f3ecf5e05bddf0b775ff 8690576 localization optional chromium-l10n_146.0.7680.153-1~deb12u1_all.deb
 0e8ac18a9e683b72942ab29ad4e832d1 26896 web optional chromium_146.0.7680.153-1~deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmm9OHYACgkQaBVi67oX
tfmIjQ//Z+LpSZmX41EjvMVNt7kt+rVMQgsafdpQPrWBBOqDe0vo0EPpmyIj0fcQ
jF1NcvQYo2WFBkngKDwYkVc2KIydJQsAGNeqSM1Pb9FD2B7LA84JSOu/S8NU4lWY
rlczH5V/tv96RhzCVcFbqRzM5BZq/e0JcZpM9RC80b6crNe8t2rIj7428wb0TvZ0
IW3SttGxhtx8tNrvNF2mlBuPGrOp896q4Of6EKhvMxz/icLOt8fsuOJcD742IADp
seRJcqbigibvYHzABGHfbE5q0DhbBh/dcZRC9RR9NBkcCnvgWfoTJ3WpHAjwgQOG
5cJz2JbPePBPxjSJTgMwO3o8lqA+wib555j3vyD7VxgYg+5P42/7ZCPo7CX36fOf
hLaF6DWof9SxkELT107p8S7hn1I+Puj4zQO4tU8fnxCfsFVwyNTYsvuBVuC1Fb38
sbUUy5eTv7VWShQSdUPhkrXZuIrL4rP7ZI/Sji/F5NnjRodJ4223SyjSvGzFL/6L
cD9/aG2ygJNGXoPEidA/gDEqbGnysKgWjmESFOX6A3ukzS9TZtcP0JYqDDSp4+fR
x4U4YTjGzbcjxXEJ9F4k1EF4nZ0opA8eSuZ/VYk8HO2Gyp8rlQALWp4jwmU8JYhA
DMY/lqp9jrpQBP/ctkDMBfWawim6ZGu9ldYAZMRX3i5POiKme3E=
=gAwH
-----END PGP SIGNATURE-----