-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 14 Jul 2026 23:16:33 -0400 Source: chromium Architecture: source Version: 150.0.7871.124-1~deb13u1 Distribution: trixie-security Urgency: high Maintainer: Debian Chromium Team Changed-By: Andres Salomon Changes: chromium (150.0.7871.124-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-15764: Use after free in Ozone. Reported by Google. - CVE-2026-15765: Use after free in Ozone. Reported by Google. - CVE-2026-15766: Uninitialized Use in Skia. Reported by Google. - CVE-2026-15767: Heap buffer overflow in libyuv. Reported by Google. - CVE-2026-15768: Insufficient policy enforcement in HTML-in-Canvas. Reported by Google. - CVE-2026-15769: Insufficient validation of untrusted input in Linux Toolkit Theming. Reported by Google. - CVE-2026-15770: Uninitialized Use in V8. Reported by Google. - CVE-2026-15771: Insufficient validation of untrusted input in Media. Reported by Google. - CVE-2026-15772: Use after free in GPU. Reported by Google. - CVE-2026-15773: Use after free in Core. Reported by xinchaotian of Microsoft. - CVE-2026-15774: Use after free in Skia. Reported by Google. - CVE-2026-15775: Insufficient policy enforcement in V8. Reported by wang1r923096443@gmail.com. - CVE-2026-15776: Type Confusion in V8. Reported by Salvatore Gulizia (nickname: Serotav). - CVE-2026-15777: Use after free in UI. Reported by Google. - CVE-2026-15778: Insufficient validation of untrusted input in Navigation. Reported by Google. * d/patches/upstream/libyuv-loongarch-fix-row_lsx.cc-and-row_lasx.cc.patch: drop, merged upstream. Checksums-Sha1: 437de3381c8e4d0ceef2dd924d4063a825af866f 4099 chromium_150.0.7871.124-1~deb13u1.dsc b4fbd12de7df3afe3e8369f4497a4af6b478837d 941311420 chromium_150.0.7871.124.orig.tar.xz 4a3db24b1e6d178a1c00bd8ef2f9562c56d2790c 536788 chromium_150.0.7871.124-1~deb13u1.debian.tar.xz 3ad3b6c918b6c20c0fc8111df0964177e723c436 27274 chromium_150.0.7871.124-1~deb13u1_source.buildinfo Checksums-Sha256: 235e810fbbfc073b882d38212537c9da57ce71b11e9257e8a5aab8ce0c24722d 4099 chromium_150.0.7871.124-1~deb13u1.dsc 50f06f405618eda4a1d8b7399ad45985cab4eabf2ee9b5adeb80c0397ceb92c1 941311420 chromium_150.0.7871.124.orig.tar.xz cb50051dbffed8c67969a781fb6d3ab31fa78fb026521cb402b66a3fba4b837a 536788 chromium_150.0.7871.124-1~deb13u1.debian.tar.xz 2f6aa30a8b9bd7c6f3c412ad41c702c40bc1e75882e8a07844073e09ca2d5132 27274 chromium_150.0.7871.124-1~deb13u1_source.buildinfo Files: c3c968b4cae2dad14c07bc2138bfe08c 4099 web optional chromium_150.0.7871.124-1~deb13u1.dsc aca404ee4f0888c74efeb1e62c60bfc4 941311420 web optional chromium_150.0.7871.124.orig.tar.xz 6ef0051e2812db8c8a6e7e0e4abd4b2a 536788 web optional chromium_150.0.7871.124-1~deb13u1.debian.tar.xz 88ee07c618dd033b37510017dda6d292 27274 web optional chromium_150.0.7871.124-1~deb13u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmpXTkQUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjcjRw/8DcBwyPTLz+NkBndBEms2pzwZV+Ut DT2yckJJRRWI7WxtSpDbztE0sFsO9nnXoqSLFMmMToGDgh0yWmlGD+gOZm6K0VXJ bPQIXzeSJsolHEoSP/9e8DNhKuNYRJkAZkVfwgO/F8akRG42CNpiEfQmPcAIPXzb jDlFEAv0/IEaBgTV+TgQPrn6Cvv93CXxUfRn8mIUKfi8oLuLAzgnUM2kakrjTDnt h2mM7ZpLRRAbag1GfYInlhkdkfXMvBcxoyaqQG6RSUDYReysS/G1aeDwiTMuzpFP HevTXo7wt5H+GB9e7zL3yJfGveMGyUoxkRP8dbw15Byk8kS/QQcaYSVGYtmXTp8D M0Bq1k5bjBYR9D/zPGwQRIT9MHX/J7svm3TQDIMXTYHuhvjclkUq5MdaOIcvGHWk ethoaYZS47k/w8/AFog1oLxurob0qdzhOhLmL+qhkgzZjogK/9ct12agfKCaYJHy lMm9BFRNki5+vy4yES3y+Et45pfQAbKGcntla4GuHEwCiPl0AEQbd/6NCEuOmBZ/ U5wXLiBIJ0wA1AB3RvBtivbTEZRhGdDwN/SWDX0HN5dxXHY8RVIGtzOriVoHZ9AR QOhBgqj4ktcMrXyzxdSWPZF9+VbB4fI6Xu+B/8oHRIKDECE/TjhjqnYFHhPr7mVn rF/QzR2lj1I4ETY= =Z6gN -----END PGP SIGNATURE-----