-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Jun 2026 17:27:35 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 149.0.7827.114-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (149.0.7827.114-1~deb13u1) trixie-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-12007: Use after free  Core. Reported by Google.
     - CVE-2026-12008: Use after free  DigitalCredentials. Reported by Google.
     - CVE-2026-12009: Insufficient validation of untrusted input
       Accessibility. Reported by Google.
     - CVE-2026-12010: Heap buffer overflow  GPU. Reported by Google.
     - CVE-2026-12011: Use after free  WebMIDI. Reported by Google.
     - CVE-2026-12012: Use after free  Network. Reported by Google.
     - CVE-2026-12013: Use after free  Media.
       Reported by Henock Habte, Independent Security Researcher.
     - CVE-2026-12014: Use after free  Cast. Reported by Google.
     - CVE-2026-12015: Use after free  Autofill. Reported by Google.
     - CVE-2026-12016: Insufficient validation of untrusted input  DevTools.
       Reported by Google.
     - CVE-2026-12017: Insufficient validation of untrusted input
       Extensions. Reported by Google.
     - CVE-2026-12018: Inappropriate implementation  Mojo. Reported by Google.
     - CVE-2026-12019: Out of bounds write  Codecs. Reported by Google.
     - CVE-2026-12020: Use after free  Autofill. Reported by Google.
     - CVE-2026-12022: Race  Safe Browsing. Reported by Google.
     - CVE-2026-12023: Use after free  GPU. Reported by Google.
     - CVE-2026-12024: Insufficient policy enforcement  DevTools.
       Reported by Google.
     - CVE-2026-12025: Insufficient validation of untrusted input  Network.
       Reported by Google.
     - CVE-2026-12026: Out of bounds read  Video. Reported by Google.
     - CVE-2026-12027: Insufficient policy enforcement  Headless.
       Reported by Google.
     - CVE-2026-12028: Use after free  GPU. Reported by Google.
     - CVE-2026-12029: Use after free  Video. Reported by Google.
     - CVE-2026-12030: Heap buffer overflow  GPU. Reported by Google.
     - CVE-2026-12031: Inappropriate implementation  Views. Reported by Google
     - CVE-2026-12032: Inappropriate implementation  Passwords.
       Reported by Google.
     - CVE-2026-12033: Out of bounds read  VideoCapture. Reported by Google.
     - CVE-2026-12034: Insufficient validation of untrusted input  Linux
       Toolkit Theming. Reported by Google.
     - CVE-2026-12035: Use after free  Views. Reported by Google.
 .
   [ Jianfeng Liu ]
   * d/patches/loongarch64/0024-fix-libyuv-lsx.patch: drop due to upstream
     reverting to version of libyuv that doesn't have lsx issue.
Checksums-Sha1:
 cec72dd6369c0980bb090165a4287675da3d3cb0 8954068 chromium-l10n_149.0.7827.114-1~deb13u1_all.deb
 edb568e635e935e9ca5ab751a9edf3a002d1d129 27154 chromium_149.0.7827.114-1~deb13u1_all-buildd.buildinfo
Checksums-Sha256:
 7292c0ea1ad30d0fc1ad47f7e2012012a8694372b65875e58a915ea62b4d46ad 8954068 chromium-l10n_149.0.7827.114-1~deb13u1_all.deb
 e10111b136ee5a2c2c811db5ea467bbb45e65bf01c18be2888055912bea6fbb6 27154 chromium_149.0.7827.114-1~deb13u1_all-buildd.buildinfo
Files:
 8bcc92208971d98ac4a9060a2d7e6129 8954068 localization optional chromium-l10n_149.0.7827.114-1~deb13u1_all.deb
 6f966efce9dbc9cd8588fa86787ce98f 27154 web optional chromium_149.0.7827.114-1~deb13u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmotJRoACgkQmgPNRvTf
/zdb+A/7Bl6Ik3ZbrvfVouPei6YLvdfecCCi/7/JOL0R0gCiVFKZOyAAxeQ3NlHx
LIxBFzcWftHicD4mGzjj3whnscYtW7Wx5lZzTL+nDL8hzfEYC9m6kl9hR7O10Zf3
uLY6YpO/JY2Egip85PN3Bm5JENauNv85KeS3aFyEesNlduJHjUDNXnbza2Mut/MY
0hulRcUz13RYchhjOURHTcWUL4ZjaklV45oUZbJTefbqoe9qzOtqcBvt8AizVi+H
iWZCAEyJcL/yKOnnNVPjFds1szfRTr8n5u5pEsRTUsvlpw5xddKNXgLbFv+71PLG
huUX+VvCw+8d5ULVWjAlD7Qs8fx6jnl5TBb30ZnNbidn9SRcEGV6BKcbAOwllclm
RcO8SZYyqauWcLeFGC6fBU1RpZ4f7iJe2mkYw4/lFKjc6r3u4+OsUuDooK+8DAHj
fGD6kDO7xsOhYe8Xb2RWMNEI7wQUkdzGC6JHLKiCNyGRs9OVPhIaanUz8T1GeERB
A+oOWJcUOVCccUoX5H303rlusX119JeB6Rtxw1kdU+4QyiTZq0wCu2Aco1zXX8UV
Q8QE9h0RGMHqskSD/+p7/tLXMbWJPrpQE5gyqq5ofDZN8x27DfvOF2LYN6OaPBn1
zDYTE9NnfuvuaY5GO2jBlBntLa+fLuA1XKCeMY8eSp5rH6OvZOY=
=L3ow
-----END PGP SIGNATURE-----