-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 17 Jun 2026 01:14:44 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 149.0.7827.155-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (149.0.7827.155-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-12437: Use after free in WebShare. Reported by Google.
     - CVE-2026-12438: Inappropriate implementation in WebView.
       Reported by Google.
     - CVE-2026-12439: Use after free in Digital Credentials.
       Reported by Google.
     - CVE-2026-12440: Use after free in DigitalCredentials. Reported by Google
     - CVE-2026-12441: Use after free in File Input. Reported by Google.
     - CVE-2026-12442: Use after free in Passwords. Reported by Google.
     - CVE-2026-12443: Use after free in Web Authentication. Reported by Google
     - CVE-2026-12444: Out of bounds read in Chromoting. Reported by Google.
     - CVE-2026-12445: Use after free in Extensions. Reported by Google.
     - CVE-2026-12446: Insufficient data validation in Passwords.
       Reported by Google.
     - CVE-2026-12447: Heap buffer overflow in WebRTC. Reported by Google.
     - CVE-2026-12448: Inappropriate implementation in WebView.
       Reported by Google.
     - CVE-2026-12449: Use after free in Chromoting. Reported by Google.
     - CVE-2026-12450: Inappropriate implementation in Media.
       Reported by Zhixin Tu.
     - CVE-2026-12451: Use after free in DigitalCredentials. Reported by Google
     - CVE-2026-12452: Use after free in Downloads. Reported by Google.
     - CVE-2026-12453: Insufficient validation of untrusted input in Input.
       Reported by Google.
     - CVE-2026-12454: Race in Safe Browsing. Reported by Google.
     - CVE-2026-12455: Use after free in Tab Strip. Reported by Google.
     - CVE-2026-12456: Insufficient validation of untrusted input in
       Extensions. Reported by Google.
     - CVE-2026-12457: Insufficient data validation in Extensions.
       Reported by Google.
     - CVE-2026-12458: Incorrect security UI in Passwords. Reported by Google.
     - CVE-2026-12459: Inappropriate implementation in Serial.
       Reported by Google.
     - CVE-2026-12460: Insufficient policy enforcement in File System Access.
       Reported by Google.
     - CVE-2026-12461: Out of bounds read in WebRTC. Reported by Google.
     - CVE-2026-12462: Use after free in Media. Reported by Google.
     - CVE-2026-12463: Inappropriate implementation in Views.
       Reported by Google.
     - CVE-2026-12464: Use after free in Browser. Reported by Google.
     - CVE-2026-12465: Insufficient validation of untrusted input in Metrics.
       Reported by Google.
     - CVE-2026-12466: Heap buffer overflow in WebRTC. Reported by Google.
     - CVE-2026-12467: Use after free in Extensions. Reported by Google.
     - CVE-2026-12468: Inappropriate implementation in Updater.
       Reported by Google.
     - CVE-2026-12469: Uninitialized Use in GPU. Reported by Google.
Checksums-Sha1:
 62e22a0062ace3eef837c8258ce994f2ffc6bd09 8967268 chromium-l10n_149.0.7827.155-1~deb13u1_all.deb
 d5c06c6f107beae1abddbca8bec35e3e5cf3b9ac 27154 chromium_149.0.7827.155-1~deb13u1_all-buildd.buildinfo
Checksums-Sha256:
 5d30f350f92ebd1b08a66341b827b65a7898851db7aa435e3f30c580777350a2 8967268 chromium-l10n_149.0.7827.155-1~deb13u1_all.deb
 2c52cf5ce616b06c944b751fdf28ec8bea5b4fd62c48f9c11143d0adefb43fbc 27154 chromium_149.0.7827.155-1~deb13u1_all-buildd.buildinfo
Files:
 e27c0fcc064fd9d8adb41da9e9199def 8967268 localization optional chromium-l10n_149.0.7827.155-1~deb13u1_all.deb
 770e38d17ff54131f0a29af5de6ea829 27154 web optional chromium_149.0.7827.155-1~deb13u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmoz9N4ACgkQN8Ugyu9d
QiRgAw/+O7X95aNhVpc/npVCSkPOt/dRLHOuQ0J6sDktSfk2H6Vo73O0Fasw8uGL
ibXbJVcwZ7doBijaWQJ7NVEeYkX+to/sl9iILZcrI8JgdDhNXhC+LDFgfITfUrIC
Zlk+i2rqJQ49l9cz897rnhsN7BPpv8+LgHm/s/dkIKSenEaOlaLS0Zz1YbitO8EK
AMpJ1xUXNw+GfdrtHmcakQuQNaDQJqMtf4aQtpZsaXgmDEaUWlHJ8Qxv+P6n99YC
2RbSO3iP11pHyZsawPUIcyie+ZInpYJ6Znb9Xj3oy541R8F3fe49ZvHcy5uZ8VUx
mgmhLH4ePsqGKC+LeKv0JbdGIBNwCNzq9BhRPheCabSaFrARmf4flfKClW86NGNC
zZYpYR5sZkVyCygUGXoxnQvp2DbTa+J5Du1dQdBFs8GU6gPUltJUdHi7FRiS2vxb
5HfjzxIEG/FXWnmV2PHKbYFQvu1A8+U/ehcL+Us03BRY7CzVTco3aItfwXsXssIg
uF9q3baJPr75D2aT+valBA/HPmprKqaDfHCiF6ma6YInb/SERgn2YMyPRmScGEun
mVM7s/f2vA4VVz6IOjmb/9ldtvdwJzUWrWB2bd0xDkGqIHjDXT7qJc+k5aU/Icfy
9rLZx2uXPbZVoXUht0wyM0RTZykbpKnKNVcd74RCPd/PNdL5YNs=
=LdkJ
-----END PGP SIGNATURE-----