-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 19 Mar 2026 19:35:31 -0400
Source: chromium
Architecture: source
Version: 146.0.7680.153-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1130569
Changes:
 chromium (146.0.7680.153-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-4439: Out of bounds memory access in WebGL.
       Reported by Goodluck.
     - CVE-2026-4440: Out of bounds read and write in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4441: Use after free in Base. Reported by Google.
     - CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse.
     - CVE-2026-4443: Heap buffer overflow in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4444: Stack buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4445: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4446: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge.
     - CVE-2026-4448: Heap buffer overflow in ANGLE.
       Reported by M. Fauzan Wijaya (Gh05t666nero).
     - CVE-2026-4449: Use after free in Blink. Reported by Syn4pse.
     - CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c.
     - CVE-2026-4451: Insufficient validation of untrusted input in
       Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip.
     - CVE-2026-4454: Use after free in Network.
       Reported by heapracer (@heapracer).
     - CVE-2026-4455: Heap buffer overflow in PDFium.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4456: Use after free in Digital Credentials API.
       Reported by sean wong.
     - CVE-2026-4457: Type Confusion in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim.
     - CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by
       Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern)
     - CVE-2026-4460: Out of bounds read in Skia.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4461: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-4462: Out of bounds read in Blink.
       Reported by heapracer (@heapracer).
     - CVE-2026-4463: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun.
   * d/patches/disable/glic.patch: refresh for upstream tab nudging changes
 .
   [ Jianfeng Liu ]
   * add upstreamed patch of boringssl to fix loong64 build (closes: #1130569)
Checksums-Sha1:
 9aefd8fb1bcde402156190d0869c455fc30a29bd 4068 chromium_146.0.7680.153-1~deb12u1.dsc
 8fc3098f965c6e9fa85d937af16af9ec6cf1894c 785885456 chromium_146.0.7680.153.orig.tar.xz
 eb8ca90949a9b52e0f00c1cfb2033d7126173823 8557360 chromium_146.0.7680.153-1~deb12u1.debian.tar.xz
 1c82763ada981821f12b6a1f30809baac74cac88 26842 chromium_146.0.7680.153-1~deb12u1_source.buildinfo
Checksums-Sha256:
 2533b34bdb95c1f93830e2c20d26dfa7164ef7fe2edbdc9b42b2b68d5fd97106 4068 chromium_146.0.7680.153-1~deb12u1.dsc
 f41ebead3e3a1508924e530612558438745f12849b4582c2b2cf0e4dcdf9c641 785885456 chromium_146.0.7680.153.orig.tar.xz
 b69896b6e7b8855ce3e42e812473d99611ba28d43aaccbc570cadc3d282bc952 8557360 chromium_146.0.7680.153-1~deb12u1.debian.tar.xz
 ba23541f678c83929589ba49a60dd0db96be2b6aa59036bb92f17fe83406257c 26842 chromium_146.0.7680.153-1~deb12u1_source.buildinfo
Files:
 4ba819c3dfbed8948a81d7c332380a9b 4068 web optional chromium_146.0.7680.153-1~deb12u1.dsc
 5a8972735b57cf577994e69097f8f72f 785885456 web optional chromium_146.0.7680.153.orig.tar.xz
 36320eceb1500ac8545999bf8d0f6485 8557360 web optional chromium_146.0.7680.153-1~deb12u1.debian.tar.xz
 b92d8d757ebd992264a828c38e5a09cf 26842 web optional chromium_146.0.7680.153-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmm8tBEUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjdBhg/9FC2/aS+U43vsQapTMtEg8t9vFESW
WFmkDpsdRt/89eDDWnrqJSvh7qV1ig5MIuMce5nRD6pESX6Mt7tdJNPe8wnqBPUN
UdvlNZXIUwXeN4ykoI4DpNVutttRa43btdA9UQ+dXIudobvcaqmLqWHoJ+Mv7rbY
GbplVZXcuwrt2lGRpeWcivDLoXLxNjkrIGCsDbnjeXEowLaPQu/4npgz7FDBwLmp
jxziVtoLE+9fAJUsaeX4C1IC/JUZT8LFojEkaCyWpNjiwseDKGRARsmD84Kts4wl
CyneCWsGaAmoW8GC4J+sziN2i9JW2oczn6RVNriffVfCGVv8KwbCSgL/YBPdeD44
MQ6P0EMvBH0Ud2NDR5+4PNOAWVk5827JXRisTUmEX8Yla7bApP4zUCktqGLWMoqR
9imLiqLPenTjceRSXv/FtOLS2npbiOXuN10KKk0dt2MwAHuiltPVfoKqDnWMy46z
eML8ceHM5ejeKV6wuR3QUzFRhkAn2EtHCsM1VQFUOSXbUZjztHmg9xAx7/CdW2mm
mYFyPC281/B6ZcfSBN5IJPpB+kB+9QHkJrpbrlDv+KwmfjFHhOBIlVl3LTPZpKwK
h6jwclfjW7NDjLqimWf2GZOuEh3FEwDsNIvZGog1/Lc/4Jxq+FNq3CD37qt1douB
3M7UNPH7zIDfnlQ=
=vZ+D
-----END PGP SIGNATURE-----