-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Apr 2026 12:42:51 -0400
Source: chromium
Binary: chromium-l10n
Architecture: all
Version: 146.0.7680.177-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium-l10n - web browser - language packs
Changes:
 chromium (146.0.7680.177-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-5272: Heap buffer overflow in GPU.
       Reported by inspector-ambitious.
     - CVE-2026-5273: Use after free in CSS. Reported by Anonymous.
     - CVE-2026-5274: Integer overflow in Codecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5275: Heap buffer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5276: Insufficient policy enforcement in WebUSB.
       Reported by Ariel Simon.
     - CVE-2026-5277: Integer overflow in ANGLE.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5278: Use after free in Web MIDI.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5279: Object corruption in V8.
       Reported by Hyeonjun Ahn (@_deayzl).
     - CVE-2026-5280: Use after free in WebCodecs.
       Reported by heapracer (@heapracer).
     - CVE-2026-5281: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5282: Out of bounds read in WebCodecs.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5283: Inappropriate implementation in ANGLE.
       Reported by sweetchip.
     - CVE-2026-5284: Use after free in Dawn.
       Reported by 86ac1f1587b71893ed2ad792cd7dde32.
     - CVE-2026-5285: Use after free in WebGL.
       Reported by c6eed09fc8b174b0f3eebedcceb1e792.
     - CVE-2026-5286: Use after free in Dawn. Reported by sweetchip.
     - CVE-2026-5287: Use after free in PDF. Reported by Syn4pse.
     - CVE-2026-5288: Use after free in WebView. Reported by Google.
     - CVE-2026-5289: Use after free in Navigation. Reported by Google.
     - CVE-2026-5290: Use after free in Compositing. Reported by Google.
     - CVE-2026-5291: Inappropriate implementation in WebGL.
       Reported by heapracer (@heapracer).
     - CVE-2026-5292: Out of bounds read in WebCodecs. Reported by Google.
   * d/patches:
     - upstream/Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch:
       drop, merged upstream.
     - ungoogled/disable-ai.patch: resync with u-c.
 .
   [ Daniel Richard G. ]
   * d/copyright: Exclude *.pb (protobuf) binary files.
   * d/patches: Various ungoogled-chromium-related updates.
     - disable/glic.patch: Drop, replaced with disable-ai.patch from the
       ungoogled-chromium project.
     - ungoogled/disable-ai.patch: Import new patch from ungoogled-chromium
       that zaps glic, screen_ai, and various other adjacent AI-based features.
     - ungoogled/disable-mei-preload.patch: Import patch to allow building
       without *.pb files.
     - ungoogled/disable-privacy-sandbox.patch: Update imported patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0005-blink-add-audio-vector-support.patch: Fix FBTFS from
       upstream adding vector-accelerated audio delay functions
 .
   [ Jianfeng Liu ]
   * d/patches/upstream:
     - Fix-blink-compilation-for-platforms-other-than-x86-and-arm.patch: Fix
       FBTFS from upstream for blink audio delay function on loong64
Checksums-Sha1:
 c113f0cdd0e1bd29a8b972a4ca13be6f5196cc34 8668844 chromium-l10n_146.0.7680.177-1~deb12u1_all.deb
 24597b086e5f0fb5b418a17458a355795e0839b6 26912 chromium_146.0.7680.177-1~deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 69cc53ce3a9d0b991541d56f5056d9a9c3aa3711e3bfacbc10cb0e0a5ac234d1 8668844 chromium-l10n_146.0.7680.177-1~deb12u1_all.deb
 f754a7ade2fd5ccd065e9215827b128c7245f7f9c5e6bc9127ea1f679b973fe9 26912 chromium_146.0.7680.177-1~deb12u1_all-buildd.buildinfo
Files:
 4ce51fd98510828ba97ce6fa301c7326 8668844 localization optional chromium-l10n_146.0.7680.177-1~deb12u1_all.deb
 d035284fa6416d78654432602173f2d4 26912 web optional chromium_146.0.7680.177-1~deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmnOmjIACgkQmgPNRvTf
/zf1QxAAtI65tWGinHQCgXZnkTC6jFSEd9IQx7j0nH1FXA6cf7PzE/xLSlcfBmJP
k/xfPP1T4SxipmfIfLqAoEHsxoMQBApVONCW/dGSfYHmujWjkULvsxMlmyCYNsYj
bvrSnhUy0HYSViyB7n5jk1fY5aPaadH2oxXT+i7hfxBbzbmxoFtgGkRdpU1flM8j
SyX9RMEvpmr6K2grvocR+9XrIlnXhKBfbL4GEAThqrZCo4TBYg0Oe9OqrkhFGlpX
bucvX0qf0sSbSJvRjXDvO8FxY0y3+YcCfCNR1SVW+0UH/4Jb/5//rKRpnJq4mCdh
GF4fhGDDHbn8R39P02427S9RVHZdnW0lFXF3kMIuR1Z3ybStoHVj07mqYQnsMehR
stEEHwFqZzx+JpdAkJZnyxEgKxM8QjHpkndHWVUbiUSrrO3LUna0XdmvwXPw1WyK
nWJPrF0wTRSo4Esyo9ua4WQO5RHETAfdIgMYJ25EeukX8Z4Rbihi/EOYvfpRnIOz
u6MhO+Z31/lzQzKU6zGNZV1mGdh4d1Q8v2LTHOF+3SDUkp19ZFRXx4lu9oX2ZhJe
vQgTzuS9jWiqJUlXyfqjzzZBeRWNkiYA37QPK5YiCnYS2WEdg+rivdJHq9UmfTaD
yAG52mwjEU01tFTUqHGAY2HlkfL/U1RIrWfQzGdmOLf675BcsL4=
=/F/T
-----END PGP SIGNATURE-----