-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 19 Mar 2026 19:35:31 -0400
Source: chromium
Architecture: source
Version: 146.0.7680.153-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1130569
Changes:
 chromium (146.0.7680.153-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-4439: Out of bounds memory access in WebGL.
       Reported by Goodluck.
     - CVE-2026-4440: Out of bounds read and write in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4441: Use after free in Base. Reported by Google.
     - CVE-2026-4442: Heap buffer overflow in CSS. Reported by Syn4pse.
     - CVE-2026-4443: Heap buffer overflow in WebAudio.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4444: Stack buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4445: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4446: Use after free in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4447: Inappropriate implementation in V8. Reported by Erge.
     - CVE-2026-4448: Heap buffer overflow in ANGLE.
       Reported by M. Fauzan Wijaya (Gh05t666nero).
     - CVE-2026-4449: Use after free in Blink. Reported by Syn4pse.
     - CVE-2026-4450: Out of bounds write in V8. Reported by qymag1c.
     - CVE-2026-4451: Insufficient validation of untrusted input in
       Navigation. Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4452: Integer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-4453: Integer overflow in Dawn. Reported by sweetchip.
     - CVE-2026-4454: Use after free in Network.
       Reported by heapracer (@heapracer).
     - CVE-2026-4455: Heap buffer overflow in PDFium.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4456: Use after free in Digital Credentials API.
       Reported by sean wong.
     - CVE-2026-4457: Type Confusion in V8.
       Reported by Zhenpeng (Leo) Lin at depthfirst.
     - CVE-2026-4458: Use after free in Extensions. Reported by Shaheen Fazim.
     - CVE-2026-4459: Out of bounds read and write in WebAudio. Reported by
       Jihyeon Jeong (Compsec Lab, Seoul National University / Research Intern)
     - CVE-2026-4460: Out of bounds read in Skia.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4461: Inappropriate implementation in V8. Reported by Google.
     - CVE-2026-4462: Out of bounds read in Blink.
       Reported by heapracer (@heapracer).
     - CVE-2026-4463: Heap buffer overflow in WebRTC.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-4464: Integer overflow in ANGLE. Reported by heesun.
   * d/patches/disable/glic.patch: refresh for upstream tab nudging changes
 .
   [ Jianfeng Liu ]
   * add upstreamed patch of boringssl to fix loong64 build (closes: #1130569)
Checksums-Sha1:
 d6c1015d466b1df33dfd5e168ceebd84304b6257 4099 chromium_146.0.7680.153-1~deb13u1.dsc
 8fc3098f965c6e9fa85d937af16af9ec6cf1894c 785885456 chromium_146.0.7680.153.orig.tar.xz
 af2916d9425cdb148126e7477591aab7a3b6cf2b 468068 chromium_146.0.7680.153-1~deb13u1.debian.tar.xz
 6673bf25c4abd3ba552aa5edcc12c73c562957db 26801 chromium_146.0.7680.153-1~deb13u1_source.buildinfo
Checksums-Sha256:
 3bed95c085d448400044303fe5fa1325adf58b24415d73ba5fe1bac195107a8c 4099 chromium_146.0.7680.153-1~deb13u1.dsc
 f41ebead3e3a1508924e530612558438745f12849b4582c2b2cf0e4dcdf9c641 785885456 chromium_146.0.7680.153.orig.tar.xz
 d7dd7031c5d4f58b6d43de8d100ef36afc3866ec249141b7af1d352b79ac425e 468068 chromium_146.0.7680.153-1~deb13u1.debian.tar.xz
 c6fedea7b01deac328a5a28cfbde36712c19973b032e249592274b22eaec5678 26801 chromium_146.0.7680.153-1~deb13u1_source.buildinfo
Files:
 4ac89efa61209bf5afa2ff099f77f230 4099 web optional chromium_146.0.7680.153-1~deb13u1.dsc
 5a8972735b57cf577994e69097f8f72f 785885456 web optional chromium_146.0.7680.153.orig.tar.xz
 ffc1374d75ada310683aa9f7dd297ba1 468068 web optional chromium_146.0.7680.153-1~deb13u1.debian.tar.xz
 3d26d0e66c3fee390dc786757067074d 26801 web optional chromium_146.0.7680.153-1~deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmm8rMQUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjeBMg/+P42GLp3FOwa3K8d1DTftiGbYTAId
mPM9fumJkZWl5K/eC8RrT+EhyD1l+m6AYehAoThJ65OZN1Uh86+d3BV44crGccoz
qBXoQopSJ6tqzByFMwcDZVtR5vMsZYrOMsC+lmJLfO9/xIIy3HsWjhpNUPj4Aav4
lZf2jlFPv3BhPGKcvBSErmUOfmjGr9xtyHNWECe4UCQEFh6QWAOh8ZRf5MEXGYx4
Fkxehmo8on08fFx7LVFALFa+V2G/evDG2pTYS2DnTWQXdnpjoatjDC3xcoJ3jb7W
gTfmT5JillaxsVFyjReusWSvkm2xTuWB8/cMg5XrKpQg2qy7GpPCjDHrmaw2s9MR
l6Imaeq1AXsOWoHXT46uyD+0bv7aM8Eb/Er/jV4k5pRX7n3JWk0bSTO9QONYiFA2
7L5VIfcwe6Ct09pmCCOpu1Xbz2yPpki6euZG2Gq56bdlpmz2dBZklOpf5J0U3Lap
Ofy5LzoR7nKIx1AuQooH0Jo/w2Cz0bNgfLcu4ZnaWeyjp9JiDwr0SKPT/OCGpely
zi2C//KblRyfsWMyKRpD8lDKzOJBUf28yHKCZkN8b8lj9xIt865/3of+7iFzAEFB
x8gdpXgES2srnK7m2UD3Jt7EMCyO+EoiwzRJtoD+shQbFRAISwsEgLrQ7xqgL/Dp
Ig4MPpfR4wwitlQ=
=hcHH
-----END PGP SIGNATURE-----