-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 May 2026 16:39:29 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: amd64 Version: 148.0.7778.167-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (148.0.7778.167-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-8509: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-8510: Integer overflow in Skia. Reported by q@calif.io. - CVE-2026-8511: Use after free in UI. Reported by Google. - CVE-2026-8512: Use after free in FileSystem. Reported by Google. - CVE-2026-8513: Use after free in Input. Reported by Google. - CVE-2026-8514: Use after free in Aura. Reported by Google. - CVE-2026-8515: Use after free in HID. Reported by Google. - CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer. Reported by Google. - CVE-2026-8517: Object lifecycle issue in WebShare. Reported by Google. - CVE-2026-8518: Use after free in Blink. Reported by Google. - CVE-2026-8519: Integer overflow in ANGLE. Reported by Google. - CVE-2026-8520: Race in Payments. Reported by Google. - CVE-2026-8521: Use after free in Tab Groups. Reported by Google. - CVE-2026-8522: Use after free in Downloads. Reported by Google. - CVE-2026-8523: Use after free in Mojo. Reported by Paul Seekamp / nullenc0de. - CVE-2026-8558: Out of bounds write in Fonts. Reported by Matej Smycka. - CVE-2026-8524: Out of bounds write in WebAudio. Reported by Brendan Dolan-Gavitt, XBOW. - CVE-2026-8525: Heap buffer overflow in ANGLE. Reported by Nathaniel Oh (@calysteon). - CVE-2026-8526: Out of bounds write in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-8527: Insufficient validation of untrusted input in Downloads. Reported by rachmat.abdul.ro. - CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation. Reported by Google. - CVE-2026-8529: Heap buffer overflow in Codecs. Reported by Google. - CVE-2026-8530: Use after free in Network. Reported by Google. - CVE-2026-8531: Heap buffer overflow in WebML. Reported by Syn4pse. - CVE-2026-8532: Integer overflow in XML. Reported by Google. - CVE-2026-8533: Use after free in Accessibility. Reported by Google. - CVE-2026-8534: Integer overflow in GPU. Reported by Google. - CVE-2026-8535: Out of bounds read in Media. Reported by Google. - CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode. Reported by Google. - CVE-2026-8537: Insufficient policy enforcement in ViewTransitions. Reported by Google. - CVE-2026-8538: Insufficient validation of untrusted input in GPU. Reported by Google. - CVE-2026-8539: Script injection in SanitizerAPI. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po). - CVE-2026-8540: Type Confusion in V8. Reported by Google. - CVE-2026-8541: Out of bounds read in UI. Reported by Google. - CVE-2026-8542: Use after free in Core. Reported by Google. - CVE-2026-8543: Out of bounds read in FileSystem. Reported by Google. - CVE-2026-8544: Use after free in Media. Reported by Google. - CVE-2026-8545: Object corruption in Compositing. Reported by Google. - CVE-2026-8546: Out of bounds read in GPU. Reported by Google. - CVE-2026-8547: Insufficient policy enforcement in Passwords. Reported by Google. - CVE-2026-8548: Out of bounds write in Media. Reported by Google. - CVE-2026-8549: Use after free in Media. Reported by Google. - CVE-2026-8550: Use after free in Google Lens. Reported by Google. - CVE-2026-8551: Use after free in Downloads. Reported by Google. - CVE-2026-8552: Heap buffer overflow in GPU. Reported by Google. - CVE-2026-8553: Use after free in GPU. Reported by Google. - CVE-2026-8554: Type Confusion in ANGLE. Reported by Google. - CVE-2026-8555: Use after free in GTK. Reported by Google. - CVE-2026-8556: Inappropriate implementation in ANGLE. Reported by Google - CVE-2026-8557: Use after free in Accessibility. Reported by Google. - CVE-2026-8559: Integer overflow in Internationalization. Reported by Google. - CVE-2026-8560: Heap buffer overflow in SwiftShader. Reported by Cassidy Kim(@cassidy6564). - CVE-2026-8561: Incorrect security UI in Fullscreen. Reported by Wolfgang Ettlinger (aff. Certitude Consulting GmbH) Alexander Hurbean (aff. Certitude Consulting GmbH). - CVE-2026-8562: Side-channel information leakage in Navigation. Reported by Google. - CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox. Reported by Luan Herrera (@lbherrera_). - CVE-2026-8564: Incorrect security UI in Downloads. Reported by Alesandro Ortiz https://AlesandroOrtiz.com. - CVE-2026-8565: Inappropriate implementation in Downloads. Reported by Farras Givari. - CVE-2026-8566: Insufficient policy enforcement in Payments. Reported by Jorian Woltjer. - CVE-2026-8567: Integer overflow in ANGLE. Reported by cinzinga. - CVE-2026-8568: Insufficient policy enforcement in AI. Reported by Tianyi Hu. - CVE-2026-8569: Out of bounds write in Codecs. Reported by Google. - CVE-2026-8570: Type Confusion in V8. Reported by Google. - CVE-2026-8571: Insufficient policy enforcement in GPU. Reported by Mark Blaszczyk. - CVE-2026-8572: Insufficient policy enforcement in Network. Reported by Google. - CVE-2026-8573: Integer overflow in Codecs. Reported by Google. - CVE-2026-8574: Use after free in Core. Reported by Google. - CVE-2026-8575: Use after free in UI. Reported by Google. - CVE-2026-8576: Inappropriate implementation in CORS. Reported by Google - CVE-2026-8577: Integer overflow in Fonts. Reported by Google. - CVE-2026-8578: Out of bounds read in GPU. Reported by Google. - CVE-2026-8579: Insufficient validation of untrusted input in Skia. Reported by Google. - CVE-2026-8580: Use after free in Mojo. Reported by Google. - CVE-2026-8581: Use after free in GPU. Reported by Google. - CVE-2026-8582: Object lifecycle issue in Dawn. Reported by Google. - CVE-2026-8583: Insufficient policy enforcement in WebXR. Reported by Google. - CVE-2026-8584: Inappropriate implementation in Views. Reported by Google - CVE-2026-8585: Inappropriate implementation in Media. Reported by Google - CVE-2026-8586: Inappropriate implementation in Chromoting. Reported by Google. - CVE-2026-8587: Use after free in Extensions. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. * rust-1.85/file_as_c_str.patch: fix build on non-x86 archs, as char* signed-ness is apparently different there versus arm & ppc64 [trixie, bookworm]. Checksums-Sha1: f10fe8b9dd52c9830e638027c6260d00ec87491e 5522240 chromium-common-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 33c82db393a00f1b9920a9daa93f209f4d135d54 25748400 chromium-common_148.0.7778.167-1~deb12u1_amd64.deb 95f6c18d36784982c9a95d5f158e56501fad2559 35892880 chromium-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 80602ffc532ee73d12c049881bae7106886551de 7578456 chromium-driver_148.0.7778.167-1~deb12u1_amd64.deb 78db03d240e9aff691254ca4789254676db826f3 29585600 chromium-headless-shell-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 0815e887b5fc5f9478ee2cf7bd7b9dbd80381968 57626816 chromium-headless-shell_148.0.7778.167-1~deb12u1_amd64.deb 5523d11535f42ee79ee1f9ddf7b93394db39c8c0 19312 chromium-sandbox-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 1a6e31744db7c23e0c7e962d3ba687876acf16c2 119992 chromium-sandbox_148.0.7778.167-1~deb12u1_amd64.deb ab6dd439502fd026ed99bb623f576d1deb7da6b4 32426768 chromium-shell-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 930322a4b847c0801e3e60d33320f9e3d6a94ba5 63113268 chromium-shell_148.0.7778.167-1~deb12u1_amd64.deb eac8db285d8c80fbc7864dbead95df96dbf3d3f1 30448 chromium_148.0.7778.167-1~deb12u1_amd64-buildd.buildinfo 6ba6bd0fc37695290987ca23b9e47a2483153a0d 75091228 chromium_148.0.7778.167-1~deb12u1_amd64.deb Checksums-Sha256: 3006656fda02aa50dd457deb7d18c48e57a9e5eed3968aa75a9103a207e7e0ba 5522240 chromium-common-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 54c485b30fb4866a03b1f929386bd2e8fbca87e8b00cd8f6cdbcfcd1eac4aca9 25748400 chromium-common_148.0.7778.167-1~deb12u1_amd64.deb b315d5b5678dbc1f8d00705bef26da8e2d9876948cbe95cd1079f8112a3e60b2 35892880 chromium-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 591d8dd00199fa5ff7eaac0f5c9bfef4ed35278b96ca6bd6a4bba5b7d7d0ed35 7578456 chromium-driver_148.0.7778.167-1~deb12u1_amd64.deb 52ed61ab3f35259ef3e05b9766e41bffe604bd1a97b78ab5c063c8a458ea97db 29585600 chromium-headless-shell-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 4f80953dd6d466db149ef7cdd6613605150293aaa2730b97c54d3f20a27ac466 57626816 chromium-headless-shell_148.0.7778.167-1~deb12u1_amd64.deb c56712ef8c159aff159d31bcdfc5f8610091ba5d425055105b9b80365b0235bd 19312 chromium-sandbox-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb afa436fd9e2ff9a5c64a4aca9641085d51cb7e379cf0896de50bfe07c1140b22 119992 chromium-sandbox_148.0.7778.167-1~deb12u1_amd64.deb 3c9c4ac17911432f0f9e60af5e0698f9ca8a5d6ca83dc8051b3898dc86db4723 32426768 chromium-shell-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 1ebeddd16407de2eed6a0d7ed12e45a76066afb3fd5bb8a01db212aef80cd4c3 63113268 chromium-shell_148.0.7778.167-1~deb12u1_amd64.deb dbf681705a7f23b70b49b88d1c05291836851ff77311a69b3e084bcc219bff25 30448 chromium_148.0.7778.167-1~deb12u1_amd64-buildd.buildinfo 9b863f20ea59bc49d0d55338f8a5afba11eb8861848df36536e960c5df7adefa 75091228 chromium_148.0.7778.167-1~deb12u1_amd64.deb Files: 52855853b114c248d97815b5face689a 5522240 debug optional chromium-common-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 51af32538b554513d9e626d20ea0f56c 25748400 web optional chromium-common_148.0.7778.167-1~deb12u1_amd64.deb a5821a0205cc993caec0cb70efee046f 35892880 debug optional chromium-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb a7b6503b425fca067241981d0606a5c1 7578456 web optional chromium-driver_148.0.7778.167-1~deb12u1_amd64.deb 62751cbc40f7cbf203ecccb733ce4b44 29585600 debug optional chromium-headless-shell-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 12e762ed4644aa7d21fa21ebaaa5fa5e 57626816 web optional chromium-headless-shell_148.0.7778.167-1~deb12u1_amd64.deb 79d684877e67cae07cfa87c07a204dff 19312 debug optional chromium-sandbox-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb cb08a0849b6fae7df6b68a3498f7394e 119992 web optional chromium-sandbox_148.0.7778.167-1~deb12u1_amd64.deb b79512a5b4cf5ad8c5e3ab7be03788be 32426768 debug optional chromium-shell-dbgsym_148.0.7778.167-1~deb12u1_amd64.deb 370c0caec3d1642157f92b0d79a8b5cc 63113268 web optional chromium-shell_148.0.7778.167-1~deb12u1_amd64.deb 47db52972052e113082860fecf678492 30448 web optional chromium_148.0.7778.167-1~deb12u1_amd64-buildd.buildinfo 906c4592587be04be6b1a2b26aa941b1 75091228 web optional chromium_148.0.7778.167-1~deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmoGuuQACgkQTwt/65ON 6zcuuxAAmH+QsHKkNzVe+fbC232AfjmkK/1C0MGcanerfmyN0tYSEgDyY5X0LjNk BBmhZhTEBo9RvCGjrh+nk0d7maGuuOjQ2QlhYdcdCFyCutBpuraVMpmZ3QFpJbmY Zty7YrpZAaL48Iou+B93o6b3kkrmhIfLUHJnbexHcyIYaWxxfme6IpkYm6OXrlkA hbdvv6xTQrWZQHZdPeeECDaF/YrZewqanzSKii9IoGAF4U/vSiBWvQQAcE7yPWKj 3VKcwBrEkMnzaQPVFHaxNDXCvbb7Ju9cCVjMgEC6gQHgGxTDNcXxHLJ5XWKMgApC T+MIWeQjCZRYF0BUh8uhbXz3++72FSGcWmvxSVE9FWCNJsRCUn2luaKpTJkeIy47 Mz+svSd385UnTBsaZI3QYc6rZDYyvVBLVTxtfKeaEa5WL4/mNDJbE3X2pK3N/+mw v3k+MtPramzU0fhYU+afJ+euE0I4qCUeV6JlOr9aXH15pd1BkU+bbcUT2/fobPfC 3iME2ObZOddFyoARvic6b758TmGi4gC1vRxfJg2sgwOI58Pl74XSlQCjX1tIlnw+ rgG4+Ek3jGLu96n3IF14JtHkP+m8Kbrt9YR12NPQTIkg9WtqHMUWRT3Fo1iTZ+Co xvD4m+Qn1xAau41Qp7qLuI9UwSoXiVoV8FNlt7er3qTGaS3raOs= =IkDk -----END PGP SIGNATURE-----