Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.changes > #13791
| From | Debian FTP Masters <ftpmaster@ftp-master.debian.org> |
|---|---|
| Newsgroups | linux.debian.changes |
| Subject | Accepted chromium 148.0.7778.96-1~deb12u1 (source) into oldstable-proposed-updates |
| Date | 2026-05-17 12:50 +0200 |
| Message-ID | <MVHej-5Nti-43@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
[Multipart message — attachments visible in raw view] - view raw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 06 May 2026 16:32:51 -0400
Source: chromium
Architecture: source
Version: 148.0.7778.96-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (148.0.7778.96-1~deb12u1) bookworm-security; urgency=high
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2026-7896: Integer overflow in Blink.
Reported by c6eed09fc8b174b0f3eebedcceb1e792.
- CVE-2026-7897: Use after free in Mobile. Reported by Google.
- CVE-2026-7898: Use after free in Chromoting. Reported by Google.
- CVE-2026-7899: Out of bounds read and write in V8.
Reported by Project WhatForLunch (@pjwhatforlunch).
- CVE-2026-7900: Heap buffer overflow in ANGLE. Reported by Anonymous.
- CVE-2026-7901: Use after free in ANGLE. Reported by Syn4pse (@ret2happy)
- CVE-2026-7902: Out of bounds memory access in V8.
Reported by JunYoung Park(@candymate) of KAIST Hacking Lab.
- CVE-2026-7903: Integer overflow in ANGLE. Reported by heesun.
- CVE-2026-7904: Out of bounds read in Fonts.
Reported by c6eed09fc8b174b0f3eebedcceb1e792.
- CVE-2026-7905: Insufficient validation of untrusted input in Media.
Reported by Google.
- CVE-2026-7906: Use after free in SVG. Reported by Google.
- CVE-2026-7907: Use after free in DOM. Reported by Google.
- CVE-2026-7908: Use after free in Fullscreen. Reported by Google.
- CVE-2026-7909: Inappropriate implementation in ServiceWorker.
Reported by Google.
- CVE-2026-7910: Use after free in Views. Reported by Google.
- CVE-2026-7911: Use after free in Aura. Reported by Google.
- CVE-2026-7912: Integer overflow in GPU. Reported by Google.
- CVE-2026-7913: Insufficient policy enforcement in DevTools.
Reported by Google.
- CVE-2026-7914: Type Confusion in Accessibility. Reported by Google.
- CVE-2026-7915: Insufficient data validation in DevTools.
Reported by Google.
- CVE-2026-7916: Insufficient data validation in InterestGroups.
Reported by Google.
- CVE-2026-7917: Use after free in Fullscreen. Reported by Google.
- CVE-2026-7918: Use after free in GPU. Reported by Google.
- CVE-2026-7919: Use after free in Aura. Reported by Google.
- CVE-2026-7920: Use after free in Skia. Reported by Google.
- CVE-2026-7921: Use after free in Passwords. Reported by Google.
- CVE-2026-7922: Use after free in ServiceWorker. Reported by Google.
- CVE-2026-7923: Out of bounds write in Skia. Reported by Google.
- CVE-2026-7924: Uninitialized Use in Dawn. Reported by Google.
- CVE-2026-7925: Use after free in Chromoting. Reported by Google.
- CVE-2026-7926: Use after free in PresentationAPI. Reported by anonymous
- CVE-2026-7927: Type Confusion in Runtime. Reported by Google.
- CVE-2026-7928: Use after free in WebRTC. Reported by Google.
- CVE-2026-7929: Use after free in MediaRecording. Reported by Google.
- CVE-2026-7930: Insufficient validation of untrusted input in Cookies.
Reported by Satoki.
- CVE-2026-7931: Insufficient validation of untrusted input in iOS.
Reported by Qadhafy Muhammad Tera.
- CVE-2026-7932: Insufficient policy enforcement in Downloads.
Reported by Povcfe of Tencent Security Xuanwu Lab.
- CVE-2026-7933: Out of bounds read in WebCodecs.
Reported by heapracer (@heapracer).
- CVE-2026-7934: Insufficient validation of untrusted input in
Popup Blocker. Reported by Google.
- CVE-2026-7935: Inappropriate implementation in Speech.
Reported by Qadhafy Muhammad Tera.
- CVE-2026-7936: Object lifecycle issue in V8. Reported by Christian Holler.
- CVE-2026-7937: Insufficient policy enforcement in DevTools. Reported by
lebr0nli of National Yang Ming Chiao Tung University, Dept. of CS,
Security and Systems Lab.
- CVE-2026-7938: Use after free in CSS.
Reported by c6eed09fc8b174b0f3eebedcceb1e792.
- CVE-2026-7939: Inappropriate implementation in SanitizerAPI.
Reported by s3zer0.
- CVE-2026-7940: Use after free in V8. Reported by sakana.
- CVE-2026-7941: Insufficient validation of untrusted input in Mobile.
Reported by Adithya Kotian.
- CVE-2026-7942: Integer overflow in ANGLE. Reported by Google.
- CVE-2026-7943: Insufficient validation of untrusted input in ANGLE.
Reported by 86ac1f1587b71893ed2ad792cd7dde32.
- CVE-2026-7944: Insufficient validation of untrusted input
in Persistent Cache. Reported by Google.
- CVE-2026-7945: Insufficient validation of untrusted input in COOP.
Reported by Google.
- CVE-2026-7946: Insufficient policy enforcement in WebUI.
Reported by Google.
- CVE-2026-7947: Insufficient validation of untrusted input in Network.
Reported by Google.
- CVE-2026-7948: Race in Chromoting. Reported by Google.
- CVE-2026-7949: Out of bounds read in Skia. Reported by Google.
- CVE-2026-7950: Out of bounds read and write in GFX. Reported by Google.
- CVE-2026-7951: Out of bounds write in WebRTC.
Reported by soft.connect.fr.
- CVE-2026-7952: Insufficient policy enforcement in Extensions.
Reported by Google.
- CVE-2026-7953: Insufficient validation of untrusted input in Omnibox.
Reported by Google.
- CVE-2026-7954: Race in Shared Storage. Reported by Google.
- CVE-2026-7955: Uninitialized Use in GPU. Reported by Google.
- CVE-2026-7956: Use after free in Navigation. Reported by Google.
- CVE-2026-7957: Out of bounds write in Media. Reported by Google.
- CVE-2026-7958: Inappropriate implementation in ServiceWorker.
Reported by Google.
- CVE-2026-7959: Inappropriate implementation in Navigation.
Reported by Google.
- CVE-2026-7960: Race in Speech. Reported by Google.
- CVE-2026-7961: Insufficient validation of untrusted input in Permissions
Reported by Google.
- CVE-2026-7962: Insufficient policy enforcement in DirectSockets.
Reported by Google.
- CVE-2026-7963: Inappropriate implementation in ServiceWorker.
Reported by Google.
- CVE-2026-7964: Insufficient validation of untrusted input in FileSystem.
Reported by Google.
- CVE-2026-7965: Insufficient validation of untrusted input in DevTools.
Reported by Google.
- CVE-2026-7966: Insufficient validation of untrusted input
in SiteIsolation. Reported by Google.
- CVE-2026-7967: Insufficient validation of untrusted input in Navigation.
Reported by Google.
- CVE-2026-7968: Insufficient validation of untrusted input in CORS.
Reported by Google.
- CVE-2026-7969: Integer overflow in Network. Reported by Google.
- CVE-2026-7970: Use after free in TopChrome. Reported by Google.
- CVE-2026-7971: Inappropriate implementation in ORB. Reported by Google.
- CVE-2026-7972: Uninitialized Use in GPU. Reported by Google.
- CVE-2026-7973: Integer overflow in Dawn. Reported by Google.
- CVE-2026-7974: Use after free in Blink. Reported by Google.
- CVE-2026-7975: Use after free in DevTools. Reported by Google.
- CVE-2026-7976: Use after free in Views. Reported by Google.
- CVE-2026-7977: Inappropriate implementation in Canvas.
Reported by Google.
- CVE-2026-7978: Inappropriate implementation in Companion.
Reported by Google.
- CVE-2026-7979: Inappropriate implementation in Media. Reported by Google
- CVE-2026-7980: Use after free in WebAudio. Reported by Google.
- CVE-2026-7981: Out of bounds read in Codecs. Reported by Google.
- CVE-2026-7982: Uninitialized Use in WebCodecs. Reported by Google.
- CVE-2026-7983: Out of bounds read in Dawn. Reported by Google.
- CVE-2026-7984: Use after free in ReadingMode. Reported by Google.
- CVE-2026-7985: Use after free in GPU. Reported by Google.
- CVE-2026-7986: Insufficient policy enforcement in Autofill.
Reported by Google.
- CVE-2026-7987: Use after free in WebRTC. Reported by Google.
- CVE-2026-7988: Type Confusion in WebRTC. Reported by Google.
- CVE-2026-7989: Insufficient data validation in DataTransfer.
Reported by Google.
- CVE-2026-7990: Insufficient validation of untrusted input in Updater.
Reported by Google.
- CVE-2026-7991: Use after free in UI. Reported by Google.
- CVE-2026-7992: Insufficient validation of untrusted input in UI.
Reported by Google.
- CVE-2026-7993: Insufficient validation of untrusted input in Payments.
Reported by Google.
- CVE-2026-7994: Inappropriate implementation in Chromoting.
Reported by Google.
- CVE-2026-7995: Out of bounds read in AdFilter. Reported by Google.
- CVE-2026-7996: Insufficient validation of untrusted input in SSL.
Reported by heesun.
- CVE-2026-7997: Insufficient validation of untrusted input in Updater.
Reported by ochkofficial.
- CVE-2026-7998: Insufficient validation of untrusted input in Dialog.
Reported by Tianyi Hu.
- CVE-2026-7999: Inappropriate implementation in V8.
Reported by Taisic Yun (@taisic) of Theori.
- CVE-2026-8000: Insufficient validation of untrusted input
in ChromeDriver. Reported by Ryan Jupp - HAAO.
- CVE-2026-8001: Use after free in Printing.
Reported by c6eed09fc8b174b0f3eebedcceb1e792.
- CVE-2026-8002: Use after free in Audio. Reported by Google.
- CVE-2026-8003: Insufficient validation of untrusted input in TabGroups.
Reported by Google.
- CVE-2026-8004: Insufficient policy enforcement in DevTools.
Reported by Google.
- CVE-2026-8005: Insufficient validation of untrusted input in Cast.
Reported by Google.
- CVE-2026-8006: Insufficient policy enforcement in DevTools.
Reported by Google.
- CVE-2026-8007: Insufficient validation of untrusted input in Cast.
Reported by Google.
- CVE-2026-8008: Inappropriate implementation in DevTools.
Reported by Google.
- CVE-2026-8009: Inappropriate implementation in Cast. Reported by Google.
- CVE-2026-8010: Insufficient validation of untrusted input
in SiteIsolation. Reported by Google.
- CVE-2026-8011: Insufficient policy enforcement in Search.
Reported by Google.
- CVE-2026-8012: Inappropriate implementation in MHTML. Reported by Google
- CVE-2026-8013: Insufficient validation of untrusted input in FedCM.
Reported by Google.
- CVE-2026-8014: Inappropriate implementation in Preload.
Reported by Google.
- CVE-2026-8015: Inappropriate implementation in Media. Reported by Google
- CVE-2026-8016: Use after free in WebRTC. Reported by Google.
- CVE-2026-8017: Side-channel information leakage in Media.
Reported by Google.
- CVE-2026-8018: Insufficient policy enforcement in DevTools.
Reported by Google.
- CVE-2026-8019: Insufficient policy enforcement in WebApp.
Reported by Google.
- CVE-2026-8020: Uninitialized Use in GPU. Reported by Google.
- CVE-2026-8021: Script injection in UI. Reported by Google.
- CVE-2026-8022: Inappropriate implementation in MHTML. Reported by Google
* d/copyright:
- drop gperf binary that upstream now includes.
- update for dropping of "khronos" from opengl paths.
* d/rules:
- copy gperf binary from /usr/bin into build tree.
- set webnn_use_litert=false.
* d/clean:
- update for harfbuzz-ng to harfbuzz rename.
* d/patches:
- upstream/Fix-GL-native-pixmap-import-support-reset-in-GpuInit.patch:
drop, merged upstream.
- disable/lint.patch: refresh.
- trixie/nodejs-set-intersection.patch: refresh for file rename.
- ungoogled/disable-ai.patch: sync from u-c.
- trixie/gn-inputs.patch, trixie/gn-inputs2.patch: add patches to
revert gn "inputs" usage, which isn't supported by our older
generate-ninja package.
- llvm-22/ignore-for-ubsan.patch: add another bit to remove the same
unsupported compiler flag.
- llvm-19/iota.patch: add build fix for missing std::ranges::iota().
- upstream/turboshaft.patch: add build fix pulled from (v8) upstream
for value_or() type ambiguity.
- trixie/revert-v8-sanitize.patch: add patch to revert v8 gn-related
changes that cause the build to fail w/ older gn.
- llvm-19/raw-ref-map-find.patch: add patch to work around older
clang-19 std::map::find() limitation.
- rust-1.85/jxl-features.patch: refresh for new version [trixie,
bookworm].
- rust-1.85/jxl-simd-avx512.patch: refresh for new version, and also
drop large portions of this patch that add unsafe{} to macro calls
(since I already added an unsafe block in the macro definition).
And mark more functions as unsafe [trixie, bookworm].
- trixie/adler1.patch: refresh [trixie, bookworm].
- trixie/rust-is-multiple-of.patch: refresh & move to rust-1.85/
directory [trixie, bookworm].
- rust-1.85/file_as_c_str.patch: add patch to work around lack of
std::panic::file_as_c_str() [trixie, bookworm].
- rust-1.85/mojo-features.patch: add patch to enable some newer
rust features in mojom parser [trixie, bookworm].
- rust-1.85/zip8.patch: add patch to enable some newer rust features
in zip [trixie, bookworm].
- bookworm/constexpr.patch: refresh for moved file [bookworm].
- bookworm/dav1d-drop-hdr.patch: refresh [bookworm].
- bookworm/eslint.patch: drop, no longer needed [bookworm].
- ungoogled/remove-navigation-source-param.patch: add patch from u-c
to drop the "&source=chrome.ob" that shows up when you search for
something via omnibox.
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/0002-regenerate-xnn-buildgn.patch refresh for upstream
changes
- third_party/skia-vsx-instructions.patch: refresh for upstream changes
- fixes/fix-different-data-layouts.patch: refresh for upstream changes
.
[ Jianfeng Liu ]
* d/patches/loongarch64:
- 0004-loong64-sandbox-sandbox-linux-Update-syscall-helpers.patch: Refresh
for upstream changes
- 0024-disable-BROTLI_MODEL-macro-for-some-targets.patch: Drop, merged
upstream
.
[ Daniel Richard G. ]
* d/patches/llvm-19/clang19.patch: Also drop -Wlifetime-safety-permissive
flag from v8 build, as clang-19 (and 20) doesn't recognize it.
Checksums-Sha1:
08ddc843721b990dd4c71aceaa639017e583ffde 4061 chromium_148.0.7778.96-1~deb12u1.dsc
841b57cc15f162d924a5acce700684e27c1a8907 901704900 chromium_148.0.7778.96.orig.tar.xz
03d4ad59c46f2121cd6343f92a71606d6b995fd5 8572980 chromium_148.0.7778.96-1~deb12u1.debian.tar.xz
9907c78e2dcaf904467a7f84c74fc106726fe822 26838 chromium_148.0.7778.96-1~deb12u1_source.buildinfo
Checksums-Sha256:
778e0d412d16d12b73cf20f24d8cda2d5af83e43b26cc6f0392125d9eceb5a54 4061 chromium_148.0.7778.96-1~deb12u1.dsc
3908c80c6462a7b6398a9a9a989285e309ceb10cabb0200974a70f7eda782847 901704900 chromium_148.0.7778.96.orig.tar.xz
c975653b461918b4cd893ccf0b401f70e3698929aad848b605e37dd2ef2a9296 8572980 chromium_148.0.7778.96-1~deb12u1.debian.tar.xz
8fd0dcd0f799c697c3ca03de2410d0c4a0c11a1d8629a96172dedbbe1db32c06 26838 chromium_148.0.7778.96-1~deb12u1_source.buildinfo
Files:
a0edcf0142593c690328be28e281824a 4061 web optional chromium_148.0.7778.96-1~deb12u1.dsc
95afd8de61da4977a0244a70c9be0178 901704900 web optional chromium_148.0.7778.96.orig.tar.xz
d8042073223a74f822bc1ab5ed1fb408 8572980 web optional chromium_148.0.7778.96-1~deb12u1.debian.tar.xz
d283b121ba9778c54524105801b40e79 26838 web optional chromium_148.0.7778.96-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmn7vlAUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfLow//WFIYxBY8A1tzhfJADTcmBI15QFGv
VJA0rXPuD2S32EeVxweY+fx8Utbnr7ftoxgQFjjgKXQxApa3hQVRTkOfGzhV8jA5
hLUPxOGlQsg1lC9XTIGSQ4mG4RZbDcQWDINLTzoGkaOad04MfXecolsZzRxj7nJW
bWdDun3L0BzS8UptrqoglZcy77IDrlt2NZbB8C8+uEvcjPciGnXBHrDkvE1JaWpz
0IKJ1oYwnoHFLW0bMzfPm5Mv+LV/LSHw4V5pqu9DX7wL7NH6Ymij0H7lpWasibQB
2F4DQPTmEaUg1LM+LgJaMu1WywWqLa6aB49xZqusc8oVpx8PbBXbjYPR0xGCDeLH
PSYuJNiP8iwvPQQaZYHExzn/acu3FsJbZCXlECxWNigGkxkq+23Y0Mdlhl7d3dSd
rYkbwr4WkEZxzgAEWoX5iNcmAVNeggovLOdAhJ8rX+4Pp4+NVVKB2fsRjZvHL2h1
m/xEFDdrvzDC46mn6Lr69HYlCrHtqycTiTw+LqPuRUdYdb+yBI+IeH5pwM3sv8cG
S5ByY68d6Lim5DJnimOLX+VGF3HL6X1Mu+HscTDxTR+XYvabXbTItiiCEdi1kzVf
AtnVe6arC6qp/ftuQonc6+IociMC0oJHJUTk+kd4XMa4f3RmSCGzn69ro/SWkVr6
kLS0rsFxnnttn9E=
=L8kK
-----END PGP SIGNATURE-----
Back to linux.debian.changes | Previous | Next | Find similar
Accepted chromium 148.0.7778.96-1~deb12u1 (source) into oldstable-proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-05-17 12:50 +0200
csiph-web