From: ftpmaster@ftp-master.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 13 Feb 2026 04:52:11 -0500
Source: chromium
Architecture: source
Version: 145.0.7632.75-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Chromium Team
Changed-By: Andres Salomon
Changes:
chromium (145.0.7632.75-1~deb13u1) trixie-security; urgency=high
.
* New upstream security release.
- CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim.
.
chromium (145.0.7632.45-1~deb13u1) trixie-security; urgency=high
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive),
Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive).
- CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google.
- CVE-2026-2315: Inappropriate implementation in WebGPU.
Reported by Google.
- CVE-2026-2316: Insufficient policy enforcement in Frames.
Reported by Luan Herrera (@lbherrera_).
- CVE-2026-2317: Inappropriate implementation in Animation.
Reported by Brendan Draper.
- CVE-2026-2318: Inappropriate implementation in PictureInPicture.
Reported by Shaheen Fazim.
- CVE-2026-2319: Race in DevTools. Reported by Anonymous.
- CVE-2026-2320: Inappropriate implementation in File input.
Reported by Alesandro Ortiz.
- CVE-2026-2321: Use after free in Ozone. Reported by Google.
- CVE-2026-2322: Inappropriate implementation in File input.
Reported by Robbe Van Roey | PinkDraconian.
- CVE-2026-2323: Inappropriate implementation in Downloads.
Reported by Hafiizh.
* d/copyright:
- delete third_party/litert/src, Google's new WebAI thing.
- delete esbuild directory so we can use debian's esbuild.
- delete new rollup binary rollup-linux-x64-gnu.
* d/rules:
- build with webnn_use_tflite=false to fix build.
- disable building a bunch more unit tests.
- copy esbuild libs and binary from the system.
* d/control:
- build-dep on libpthreadpool-dev.
- build-dep on esbuild.
* d/patches:
- CVE-2026-1861.patch: drop, merged upstream.
- CVE-2026-1862.patch: drop, merged upstream.
- upstream/fix-rk3588-v4l2-av1-decoder.patch: drop, merged upstream.
- debianization/manpage.patch: refresh.
- debianization/rustc-bootstrap.patch: refresh.
- fixes/armhf-no-thumb.patch: rework patch due to upstream dropping
non-thumb.
- disable/tests.patch: refresh.
- disable/signin.patch: refresh.
- disable/catapult.patch: refresh.
- disable/widevine-cdm-cu.patch: refresh.
- upstream/disable-unrar.patch: add upstream fix for disabling unrar.
- trixie/gn-string-hash.patch: add a workaround for older gn missing
string_hash() function.
- disable/enterprise-tests.patch: add patch to fix build error
related to building unnecessary unit tests.
- system/rollup.patch: update for upstream changes around switching
some rollup calls to esbuild and away from rollup-wasm.
- llvm-19/static-assert.patch: add build fixes specific to clang-19.
- disable/unrar.patch: add another build fix for deleting unrar.
- trixie/gn-len.patch: add build fix for trixie's older gn.
- trixie/nodejs-main.patch: add build fix for trixie's older nodejs.
- rust-1.85/jxl-features.patch: enable some unstable features for jxl.
- rust-1.85/jxl-simd-avx512.patch: enable unstable features for
jxl_simd, and also mark a bunch of avx-related calls as unsafe due to
an older rustc bug.
- rust-1.85/parsing.patch: add unstable let_chains features.
.
[ Timothy Pearson ]
* d/patches:
- patches/fixes/swiftshader-dependencies.patch: Fix SwiftShader include
dependencies
* d/patches/ppc64le:
- ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: Remove
obsolete Clang 7 workaround and refresh for upstream changes
- ppc64le/third_party/0002-third_party-libvpx-Remove-bad-pp
64-config.patch:
refresh for upstream changes
- ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
upstream sources
- ppc64le/third_party/0001-Force-baseline-POWER8-AltiVec-VS
-CPU-features-when-.pa:
refresh for upstream changes
- ppc64le/fixes/fix-page-allocator-overflow.patch: Refresh for upstream
changes
- ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-gen
rated-config.patch:
Regenerate from upstream sources
- ppc64le/sandbox/0009-sandbox-ignore-byte-span-error.patch: Work around
upstream
byte_span_from_ref issues
.
[ Jianfeng Liu ]
* d/patches:
- loongarch64/0012-sandbox-linux-add-statx-support-for-loongarch64.patch:
update for upstream changes.
- loongarch64/0016-medium-cmodel-support-for-loongarch64.patch: refresh.
.
[ Daniel Richard G. ]
* d/patches:
- trixie/rust-is-multiple-of.patch: Drop the -Zallow-features= bit.
- disable/rustc-allow-features.patch: move the -Zallow-features=
flag here so that it's separate from individual rust fixes.
Checksums-Sha1:
e05009608e247122ea340df6394bd3c8beb3e095 4106 chromium_145.0.76
2.75-1~deb13u1.dsc
095b839b85ed46d3e8ccfaca94732aa5983c3323 749398580 chromium_145
0.7632.75.orig.tar.xz
8e1411fb5a5e3873de21cdbf9bd5af16d526a8f3 453568 chromium_145.0.
632.75-1~deb13u1.debian.tar.xz
b99a83c49f5fe48c9f28a790347240fbccf5c78b 26889 chromium_145.0.7
32.75-1~deb13u1_source.buildinfo
Checksums-Sha256:
7e6f340d28b52994a406f0f427eedce8d78c4f8a4a1043a18802cd0f9cbb7738 4106
chromium_145.0.7632.75-1~deb13u1.dsc
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
