-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 15:06:40 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 147.0.7727.101-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (147.0.7727.101-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga.
     - CVE-2026-6297: Use after free in Proxy. Reported by heapracer.
     - CVE-2026-6298: Heap buffer overflow in Skia.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6299: Use after free in Prerender. Reported by Google.
     - CVE-2026-6358: Use after free in XR. Reported by Jihyeon Jeong
       (Compsec Lab, Seoul National University / Research Intern).
     - CVE-2026-6359: Use after free in Video.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6300: Use after free in CSS.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6301: Type Confusion in Turbofan. Reported by qymag1c.
     - CVE-2026-6302: Use after free in Video. Reported by Syn4pse.
     - CVE-2026-6303: Use after free in Codecs. Reported by Google.
     - CVE-2026-6304: Use after free in Graphite. Reported by Google.
     - CVE-2026-6305: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6306: Heap buffer overflow in PDFium.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-6307: Type Confusion in Turbofan.
       Reported by Project WhatForLunch (@pjwhatforlunch).
     - CVE-2026-6308: Out of bounds read in Media. Reported by Google.
     - CVE-2026-6309: Use after free in Viz. Reported by Google.
     - CVE-2026-6360: Use after free in FileSystem. Reported by asjidkalam.
     - CVE-2026-6310: Use after free in Dawn. Reported by Google.
     - CVE-2026-6311: Uninitialized Use in Accessibility. Reported by Google.
     - CVE-2026-6312: Insufficient policy enforcement in Passwords.
       Reported by Google.
     - CVE-2026-6313: Insufficient policy enforcement in CORS.
       Reported by Google.
     - CVE-2026-6314: Out of bounds write in GPU. Reported by Google.
     - CVE-2026-6315: Use after free in Permissions. Reported by Google.
     - CVE-2026-6316: Use after free in Forms. Reported by Google.
     - CVE-2026-6361: Heap buffer overflow in PDFium. Reported by Google.
     - CVE-2026-6362: Use after free in Codecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-6317: Use after free in Cast. Reported by Google.
     - CVE-2026-6363: Type Confusion in V8. Reported by Google.
     - CVE-2026-6318: Use after free in Codecs. Reported by Syn4pse.
     - CVE-2026-6319: Use after free in Payments. Reported by pwn2addr.
     - CVE-2026-6364: Out of bounds read in Skia.
       Reported by Google Threat Intelligence.
Checksums-Sha1:
 8b0e12d9c884238f41d78355422cc8ffe035eb38 8823836 chromium-l10n_147.0.7727.101-1~deb13u1_all.deb
 75e0f366dce817496ecd6cdb5fec529520fed978 26911 chromium_147.0.7727.101-1~deb13u1_all-buildd.buildinfo
Checksums-Sha256:
 3fa94d56f5703ef8e1a499f82491d3cec5c4db0ec02646c45ecce546b2858b1b 8823836 chromium-l10n_147.0.7727.101-1~deb13u1_all.deb
 3990aef0f6ac53a6b0ebd932d48c9aae05bedefb0cc1d39e382bf2e85f33ee8d 26911 chromium_147.0.7727.101-1~deb13u1_all-buildd.buildinfo
Files:
 b1842272f4f36c772b9076715f66fb47 8823836 localization optional chromium-l10n_147.0.7727.101-1~deb13u1_all.deb
 8567f006858822e2dd5c5aa1e772548f 26911 web optional chromium_147.0.7727.101-1~deb13u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmnhh3MACgkQmgPNRvTf
/zfUwBAAh3Z6RzbbtcKD8ojB4XWO6wPwUo0WqAqBMqEL6FV6CH/8YpFnX+q4TniN
C0lNJCp8C2LZPnsgbCkTbis+KsBqnYj1LKMDS/vyPFCzyGLMcdousbJpyI4ChU4V
rjNqzBcZ8gUzw4A63ZwhyXEtVYnhtIys3ovAeG1tWlo7xWC2Jf62nKE84K2gyJJH
Upc54+DSfbnW4rDY9ohT7H1lszWNtrYn/BIxc2S6V0Mzge1FYppsQeToVvHSTJSz
UpxJTSGM4lBm6nZ76xDzv03AMseKzF5s85msuhzniQRcy5UCS8HIG6twxLs5GPCa
XsEVg+1yysYcWYXxpeY3jLJm0dxLdKiRhEq6UDeJcSUlfZOqgqZZh3XAOzs2CsMe
z+9KGhlHMhExSBAogINvJGgRUspi2/a079rDQlGTkaD20EAJHnxL2j+Iz+JV0y/7
dAjDDyb0ZnLUVS6xwNkLYmvky1ufCDyuS5NB7k5aFXqHMWUpYj+vYE7nV4j36j/u
v1OXaYVHoTUqbwLrUnRmqkKoUXkiwdtVaWuQFNCHnkAe8ryuRwyzJTMBoTMbMFZ/
5eupQX9p638yIMM0HRuujGM6ct5jKZbF2gEIVWc9ep2ZM4ARMm6RNPpJmEu8MHVk
6VLv6g2y4zThUBKvFWK17291vs/uYt1JEZpSDvH1My+oTBncV34=
=XWTJ
-----END PGP SIGNATURE-----