-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 14 May 2026 16:39:29 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: ppc64el Version: 148.0.7778.167-1~deb13u1 Distribution: trixie-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-headless-shell - web browser - old headless shell chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Changes: chromium (148.0.7778.167-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-8509: Heap buffer overflow in WebML. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-8510: Integer overflow in Skia. Reported by q@calif.io. - CVE-2026-8511: Use after free in UI. Reported by Google. - CVE-2026-8512: Use after free in FileSystem. Reported by Google. - CVE-2026-8513: Use after free in Input. Reported by Google. - CVE-2026-8514: Use after free in Aura. Reported by Google. - CVE-2026-8515: Use after free in HID. Reported by Google. - CVE-2026-8516: Insufficient validation of untrusted input in DataTransfer. Reported by Google. - CVE-2026-8517: Object lifecycle issue in WebShare. Reported by Google. - CVE-2026-8518: Use after free in Blink. Reported by Google. - CVE-2026-8519: Integer overflow in ANGLE. Reported by Google. - CVE-2026-8520: Race in Payments. Reported by Google. - CVE-2026-8521: Use after free in Tab Groups. Reported by Google. - CVE-2026-8522: Use after free in Downloads. Reported by Google. - CVE-2026-8523: Use after free in Mojo. Reported by Paul Seekamp / nullenc0de. - CVE-2026-8558: Out of bounds write in Fonts. Reported by Matej Smycka. - CVE-2026-8524: Out of bounds write in WebAudio. Reported by Brendan Dolan-Gavitt, XBOW. - CVE-2026-8525: Heap buffer overflow in ANGLE. Reported by Nathaniel Oh (@calysteon). - CVE-2026-8526: Out of bounds write in WebRTC. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-8527: Insufficient validation of untrusted input in Downloads. Reported by rachmat.abdul.ro. - CVE-2026-8528: Insufficient validation of untrusted input in SiteIsolation. Reported by Google. - CVE-2026-8529: Heap buffer overflow in Codecs. Reported by Google. - CVE-2026-8530: Use after free in Network. Reported by Google. - CVE-2026-8531: Heap buffer overflow in WebML. Reported by Syn4pse. - CVE-2026-8532: Integer overflow in XML. Reported by Google. - CVE-2026-8533: Use after free in Accessibility. Reported by Google. - CVE-2026-8534: Integer overflow in GPU. Reported by Google. - CVE-2026-8535: Out of bounds read in Media. Reported by Google. - CVE-2026-8536: Insufficient validation of untrusted input in ReadingMode. Reported by Google. - CVE-2026-8537: Insufficient policy enforcement in ViewTransitions. Reported by Google. - CVE-2026-8538: Insufficient validation of untrusted input in GPU. Reported by Google. - CVE-2026-8539: Script injection in SanitizerAPI. Reported by Jungwoo Lee (@physicube) and Wongi Lee (@_qwerty_po). - CVE-2026-8540: Type Confusion in V8. Reported by Google. - CVE-2026-8541: Out of bounds read in UI. Reported by Google. - CVE-2026-8542: Use after free in Core. Reported by Google. - CVE-2026-8543: Out of bounds read in FileSystem. Reported by Google. - CVE-2026-8544: Use after free in Media. Reported by Google. - CVE-2026-8545: Object corruption in Compositing. Reported by Google. - CVE-2026-8546: Out of bounds read in GPU. Reported by Google. - CVE-2026-8547: Insufficient policy enforcement in Passwords. Reported by Google. - CVE-2026-8548: Out of bounds write in Media. Reported by Google. - CVE-2026-8549: Use after free in Media. Reported by Google. - CVE-2026-8550: Use after free in Google Lens. Reported by Google. - CVE-2026-8551: Use after free in Downloads. Reported by Google. - CVE-2026-8552: Heap buffer overflow in GPU. Reported by Google. - CVE-2026-8553: Use after free in GPU. Reported by Google. - CVE-2026-8554: Type Confusion in ANGLE. Reported by Google. - CVE-2026-8555: Use after free in GTK. Reported by Google. - CVE-2026-8556: Inappropriate implementation in ANGLE. Reported by Google - CVE-2026-8557: Use after free in Accessibility. Reported by Google. - CVE-2026-8559: Integer overflow in Internationalization. Reported by Google. - CVE-2026-8560: Heap buffer overflow in SwiftShader. Reported by Cassidy Kim(@cassidy6564). - CVE-2026-8561: Incorrect security UI in Fullscreen. Reported by Wolfgang Ettlinger (aff. Certitude Consulting GmbH) Alexander Hurbean (aff. Certitude Consulting GmbH). - CVE-2026-8562: Side-channel information leakage in Navigation. Reported by Google. - CVE-2026-8563: Insufficient policy enforcement in IFrame Sandbox. Reported by Luan Herrera (@lbherrera_). - CVE-2026-8564: Incorrect security UI in Downloads. Reported by Alesandro Ortiz https://AlesandroOrtiz.com. - CVE-2026-8565: Inappropriate implementation in Downloads. Reported by Farras Givari. - CVE-2026-8566: Insufficient policy enforcement in Payments. Reported by Jorian Woltjer. - CVE-2026-8567: Integer overflow in ANGLE. Reported by cinzinga. - CVE-2026-8568: Insufficient policy enforcement in AI. Reported by Tianyi Hu. - CVE-2026-8569: Out of bounds write in Codecs. Reported by Google. - CVE-2026-8570: Type Confusion in V8. Reported by Google. - CVE-2026-8571: Insufficient policy enforcement in GPU. Reported by Mark Blaszczyk. - CVE-2026-8572: Insufficient policy enforcement in Network. Reported by Google. - CVE-2026-8573: Integer overflow in Codecs. Reported by Google. - CVE-2026-8574: Use after free in Core. Reported by Google. - CVE-2026-8575: Use after free in UI. Reported by Google. - CVE-2026-8576: Inappropriate implementation in CORS. Reported by Google - CVE-2026-8577: Integer overflow in Fonts. Reported by Google. - CVE-2026-8578: Out of bounds read in GPU. Reported by Google. - CVE-2026-8579: Insufficient validation of untrusted input in Skia. Reported by Google. - CVE-2026-8580: Use after free in Mojo. Reported by Google. - CVE-2026-8581: Use after free in GPU. Reported by Google. - CVE-2026-8582: Object lifecycle issue in Dawn. Reported by Google. - CVE-2026-8583: Insufficient policy enforcement in WebXR. Reported by Google. - CVE-2026-8584: Inappropriate implementation in Views. Reported by Google - CVE-2026-8585: Inappropriate implementation in Media. Reported by Google - CVE-2026-8586: Inappropriate implementation in Chromoting. Reported by Google. - CVE-2026-8587: Use after free in Extensions. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. * rust-1.85/file_as_c_str.patch: fix build on non-x86 archs, as char* signed-ness is apparently different there versus arm & ppc64 [trixie, bookworm]. Checksums-Sha1: a9c5790049f1eab250a614b92a7d08811801effb 5790972 chromium-common-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb 5c6e28048153d7cf0928f04eac35ed266c1d3eaf 31530312 chromium-common_148.0.7778.167-1~deb13u1_ppc64el.deb 441ad82dddc2e922c61033a88eec44a1ca2a54e6 30030928 chromium-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb 87df5444ade555c7a091b84bd6ee9c2b806bbe80 7317624 chromium-driver_148.0.7778.167-1~deb13u1_ppc64el.deb ad482052c3713aba7f2dafc4f76421f799671140 24783688 chromium-headless-shell-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb b766f84c4d3f62de048bb51e076eb9e4aa0a4907 59215928 chromium-headless-shell_148.0.7778.167-1~deb13u1_ppc64el.deb 8b8513ab862d6e1e1db1c2d786aa36cc297c73be 20336 chromium-sandbox-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb 6ca3e509cc93e360f44c74672953b35657668321 117976 chromium-sandbox_148.0.7778.167-1~deb13u1_ppc64el.deb e864da18035f4481f8dd082700ac76df9fa371d2 25714096 chromium-shell-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb d13acc046650708ea63ca793b3ab8489725f97b9 59230368 chromium-shell_148.0.7778.167-1~deb13u1_ppc64el.deb 3f9c43ca7f9056f6500f97bb3ed0bad529c5c13a 30482 chromium_148.0.7778.167-1~deb13u1_ppc64el-buildd.buildinfo 4156c7e3033c964f23d156920b9af195641ad951 80466568 chromium_148.0.7778.167-1~deb13u1_ppc64el.deb Checksums-Sha256: bdd6db9734f2c464cede0546b140a4ae2de9e0c15d59740d86f5d02df1ec6ccb 5790972 chromium-common-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb 792d2944d7e80a2de90dfa22d842739ac17106653fb16278099c1f44105f0195 31530312 chromium-common_148.0.7778.167-1~deb13u1_ppc64el.deb 21d9d69ca7a78d58d66b257cf4012703528679f8348b59729fc2f3666fc3fe4b 30030928 chromium-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb afc588c5c6387f30513695df28ca4699b7607f7de8d864a7647a07daaa4cacb2 7317624 chromium-driver_148.0.7778.167-1~deb13u1_ppc64el.deb 7df67470afef1ec975f26b02758a7e6edeb15d0f35798bf559544d730f8bee1d 24783688 chromium-headless-shell-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb 90d710ac24d5b40717eb1fb151315c87f6104a8cf357bf024a304bfcf8c9fdb2 59215928 chromium-headless-shell_148.0.7778.167-1~deb13u1_ppc64el.deb 1f24023fd0bf699871efeb1d6f6b9615bc3bad0adc82cc4464bb0d8915519f4c 20336 chromium-sandbox-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb 98c6291d6a18468761fc3d8ee4a657d88b2b87e2a9d5f37414e01468e7781c6f 117976 chromium-sandbox_148.0.7778.167-1~deb13u1_ppc64el.deb fa33aba54e3ece6255a1d94bf4666f0e50b199000e26bf172b97f100d9396d7a 25714096 chromium-shell-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb d56bc913b92cd9909af40ec01228599d010cab73caf5eaa60d54f657d625fc86 59230368 chromium-shell_148.0.7778.167-1~deb13u1_ppc64el.deb 700361d23facee29d111933d872d03dc58d0ccc338533b1938078ee114d1223b 30482 chromium_148.0.7778.167-1~deb13u1_ppc64el-buildd.buildinfo e5662b1990ea2b62164ed4b51dd6d9bd9212d5ba33a0cd72c546fc302c308ee9 80466568 chromium_148.0.7778.167-1~deb13u1_ppc64el.deb Files: 83071e2b80d0626d9fa93659ad57ca2d 5790972 debug optional chromium-common-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb 4c4b07330302cd6efb3eda115ceb8ca1 31530312 web optional chromium-common_148.0.7778.167-1~deb13u1_ppc64el.deb c9260c26a05e8af2322b63cb889e3b2e 30030928 debug optional chromium-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb bb45443229a154ddb2027a2cdabd20b4 7317624 web optional chromium-driver_148.0.7778.167-1~deb13u1_ppc64el.deb a75e35382592909ea8de8f452fdddb54 24783688 debug optional chromium-headless-shell-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb 95c0f28eda1e22a9e3a5aaa75f5ae2dd 59215928 web optional chromium-headless-shell_148.0.7778.167-1~deb13u1_ppc64el.deb 03d9d6b49080526aa78aa09b12cef2af 20336 debug optional chromium-sandbox-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb ac605e6047796aeb1b842e0f5d9c7b5d 117976 web optional chromium-sandbox_148.0.7778.167-1~deb13u1_ppc64el.deb 4e66185577de7220adb36e3489f3dcf8 25714096 debug optional chromium-shell-dbgsym_148.0.7778.167-1~deb13u1_ppc64el.deb 1084eeeef041a5f72bcf5ce8f4d7afe6 59230368 web optional chromium-shell_148.0.7778.167-1~deb13u1_ppc64el.deb 849fd831510212d604275faf61376410 30482 web optional chromium_148.0.7778.167-1~deb13u1_ppc64el-buildd.buildinfo 632f0f885d25fdf42710585c8ddac5cb 80466568 web optional chromium_148.0.7778.167-1~deb13u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETLpi2USYGUNSlYhoNINNphgym2QFAmoHTdEACgkQNINNphgy m2TvdQ/9HMCLML2/G2qP8+vISOuwUubl0OPBMai3jjtsXZa+EVSzZQVGt1OlXwHP JZf0qs87unRhL2TwuVfwLh27DxRPWZ1H2ab47ipeeVi78+f5T31oM4/bQXfyjGoA 8MMlr4GNpVPdMauj6HOGJKqAqs1QZhrYyYFh98LQrvgKZOUD6LQqztW81mIPfndB ojPy0UzafyGCd6+vSr5EjfwktocEJIHhLQcssg9Nn6ornIBk2SNSPciu/9I/tVmh LQ8HDrwGgjhW9GpckwkSSzZ+YzKPMUJ+Y+A/5PhsNqUVsDuMVMZOoDnyhwVaO8vv t5XZsSS8xvzbYwcxI59CUv1jqhF5eGdiwGlaT4pqgrIB6DlzZmxmB4hmDOWt9wje V2EaZl5bjjj5Er6ar+gei1MjhVeYDHMmrnrSZEvdCWb4lCeiCy+vCedkLBRVdw0C feJ/oINYDONgYQyZfc/CPkdahiF55t793+QNBBD6NocgssWNpbcha7qfuwrTV449 cwHb5N7vVGpwP5WHNcdJKa4nFWB4H/KtQLcBx0xqwDI8QWI/JEA+EqewZWsoIIk1 /FfwIZsgxX8pIn/qkwqY8cX1HwJhGw4yNVotJX1F3J5AfEXG5EDYG9q7Hk0PtTd2 u8bZhaZEI/ET7lOcy0Nz8hndHvp5Jit4/ShgQXqWKG7m3uTPh6E= =pLl3 -----END PGP SIGNATURE-----