-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 19 May 2026 18:28:20 -0400
Source: chromium
Architecture: source
Version: 148.0.7778.178-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (148.0.7778.178-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-9111: Use after free in WebRTC. Reported by Google.
     - CVE-2026-9110: Inappropriate implementation in UI. Reported by Google.
     - CVE-2026-9112: Use after free in GPU.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-9113: Out of bounds read in GPU.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-9114: Use after free in QUIC. Reported by Google.
     - CVE-2026-9115: Insufficient policy enforcement in Service Worker.
       Reported by Google.
     - CVE-2026-9116: Insufficient policy enforcement in ServiceWorker.
       Reported by Google.
     - CVE-2026-9117: Type Confusion in GFX. Reported by Google.
     - CVE-2026-9118: Use after free in XR. Reported by Google.
     - CVE-2026-9119: Heap buffer overflow in WebRTC. Reported by Google.
     - CVE-2026-9120: Use after free in WebRTC. Reported by Google.
     - CVE-2026-9126: Use after free in DOM. Reported by Google.
     - CVE-2026-9121: Out of bounds read in GPU.
       Reported by David Korczynski (Adalogics) .
     - CVE-2026-9122: Out of bounds read in GPU.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-9123: Heap buffer overflow in Chromecast. Reported by Google.
     - CVE-2026-9124: Insufficient validation of untrusted input in Input.
       Reported by Google.
Checksums-Sha1:
 841aaad91d882ef2096cdb050ce568d85e7ab1e4 4068 chromium_148.0.7778.178-1~deb12u1.dsc
 5afc9926484713b48274eeb9f00da3aa078df6ec 900766244 chromium_148.0.7778.178.orig.tar.xz
 323578fe6d91a3ffbbd833f6f864c90ab86aa96c 8573848 chromium_148.0.7778.178-1~deb12u1.debian.tar.xz
 7f19e5bce1b6d57cdc6ea92bdfa93775e79a4edb 26842 chromium_148.0.7778.178-1~deb12u1_source.buildinfo
Checksums-Sha256:
 0f5b12d6aba536a1f4671bc1fe4569ea4e8d683656aa4ecceff0bcd21f405821 4068 chromium_148.0.7778.178-1~deb12u1.dsc
 adbe4403a5f8ef514a2521880580504a2d4ee56557d4e8bfd1c67d729f3d0c6c 900766244 chromium_148.0.7778.178.orig.tar.xz
 588cc4a51ff182f40a88fb737467e81219faaa3038a0d7f1b1b70a2240d96b6a 8573848 chromium_148.0.7778.178-1~deb12u1.debian.tar.xz
 219f1c5b71f903d07f7c4015256c42a7d2db573dc0b00200f21d7b7078191a7a 26842 chromium_148.0.7778.178-1~deb12u1_source.buildinfo
Files:
 ce8c70aaeb70a4a2dd0fdc09c7e2d334 4068 web optional chromium_148.0.7778.178-1~deb12u1.dsc
 2243a128d1497cb61fd10dd6830b8a4f 900766244 web optional chromium_148.0.7778.178.orig.tar.xz
 40cc8dac55fbfbb368309adbc9383d77 8573848 web optional chromium_148.0.7778.178-1~deb12u1.debian.tar.xz
 84e035a6d8a7952de71b1d4adcbfef42 26842 web optional chromium_148.0.7778.178-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmoOIm0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjew9Q/+M1TfhfL0QnAyj3iHiZT0q+70c7Pg
Nds8ConOzHH0DVYz4anjCtvqOlSIX40wyYv45Ss9OPQrpArQxs/VdvcuuvYWwpqz
PE1Urv9+RgYIJo1cMp81sc7K/pdsqOlLV9gqfQnfD5veiRtEsV/0plJyWJZKAy8i
VKkW3oquhGlmTMFvSzTWS2Z7DViOAY3hHFIC1zIstVKekaO8QfnfN4QQy/JqeWQ8
+0N8/oE7FzmHJ+BwDbr4T+PcqsI2XARDUBqaWmoBTvKCKIjNAuKFB4LLuTMnMULO
Tj+X4Q1Do8gwku0KezdgdgFEgq9xxWoSoEJRO5Jzfjb8CjJj4sp+NbZzfSG/znAX
RZr/CPjHRoHVF3CDqpGqiENxqJnrN0WiUbmF1UmuP7b9BdsQrkuhhbEFkNY2btQr
awDHuLHkEzzSMbuCaxivhAJUeJT2q979cHDxSXzd4GVEu/3jjFPEspAxTwUFjlox
a7wJNv0om/95YtKp2yastFMGWf/OVvxsDB9IM7aiaHIRzsmwXWPBFGU/0odSbsTo
qIrLBEg2K5QIJzObF977BYv855T4iuF+kftN5uXAdaDdO7JDlZL8x0VMBo+gPCyY
g3AN0V/5xAodp4zEUSicxwKrjoH9bsjEGjp1Qld/tEJQxkM+Re9CzPOr82mL+juZ
+ld52plnR9EKSxI=
=Doqz
-----END PGP SIGNATURE-----