-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 13 Feb 2026 04:52:11 -0500
Source: chromium
Architecture: source
Version: 145.0.7632.75-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (145.0.7632.75-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream security release.
     - CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim.
 .
 chromium (145.0.7632.45-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive),
       Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive).
     - CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google.
     - CVE-2026-2315: Inappropriate implementation in WebGPU.
       Reported by Google.
     - CVE-2026-2316: Insufficient policy enforcement in Frames.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2026-2317: Inappropriate implementation in Animation.
       Reported by Brendan Draper.
     - CVE-2026-2318: Inappropriate implementation in PictureInPicture.
       Reported by Shaheen Fazim.
     - CVE-2026-2319: Race in DevTools. Reported by Anonymous.
     - CVE-2026-2320: Inappropriate implementation in File input.
       Reported by Alesandro Ortiz.
     - CVE-2026-2321: Use after free in Ozone. Reported by Google.
     - CVE-2026-2322: Inappropriate implementation in File input.
       Reported by Robbe Van Roey | PinkDraconian.
     - CVE-2026-2323: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
   * d/copyright:
     - delete third_party/litert/src, Google's new WebAI thing.
     - delete esbuild directory so we can use debian's esbuild.
     - delete new rollup binary rollup-linux-x64-gnu.
   * d/rules:
     - build with webnn_use_tflite=false to fix build.
     - disable building a bunch more unit tests.
     - copy esbuild libs and binary from the system.
   * d/control:
     - build-dep on libpthreadpool-dev.
     - build-dep on esbuild.
   * d/patches:
     - CVE-2026-1861.patch: drop, merged upstream.
     - CVE-2026-1862.patch: drop, merged upstream.
     - upstream/fix-rk3588-v4l2-av1-decoder.patch: drop, merged upstream.
     - debianization/manpage.patch: refresh.
     - debianization/rustc-bootstrap.patch: refresh.
     - fixes/armhf-no-thumb.patch: rework patch due to upstream dropping
       non-thumb.
     - disable/tests.patch: refresh.
     - disable/signin.patch: refresh.
     - disable/catapult.patch: refresh.
     - disable/widevine-cdm-cu.patch: refresh.
     - upstream/disable-unrar.patch: add upstream fix for disabling unrar.
     - trixie/gn-string-hash.patch: add a workaround for older gn missing
       string_hash() function.
     - disable/enterprise-tests.patch: add patch to fix build error
       related to building unnecessary unit tests.
     - system/rollup.patch: update for upstream changes around switching
       some rollup calls to esbuild and away from rollup-wasm.
     - llvm-19/static-assert.patch: add build fixes specific to clang-19.
     - disable/unrar.patch: add another build fix for deleting unrar.
     - trixie/gn-len.patch: add build fix for trixie's older gn.
     - trixie/nodejs-main.patch: add build fix for trixie's older nodejs.
     - rust-1.85/jxl-features.patch: enable some unstable features for jxl.
     - rust-1.85/jxl-simd-avx512.patch: enable unstable features for
       jxl_simd, and also mark a bunch of avx-related calls as unsafe due to
       an older rustc bug.
     - rust-1.85/parsing.patch: add unstable let_chains features.
     - bookworm/dav1d-drop-hdr.patch: add fix for older dav1d library by
       dropping a video HDR feature.
 .
   [ Timothy Pearson ]
   * d/patches:
     - patches/fixes/swiftshader-dependencies.patch: Fix SwiftShader include
       dependencies
   * d/patches/ppc64le:
     - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: Remove
       obsolete Clang 7 workaround and refresh for upstream changes
     - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
       refresh for upstream changes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - ppc64le/third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.pa:
       refresh for upstream changes
     - ppc64le/fixes/fix-page-allocator-overflow.patch: Refresh for upstream
       changes
     - ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       Regenerate from upstream sources
     - ppc64le/sandbox/0009-sandbox-ignore-byte-span-error.patch: Work around upstream
       byte_span_from_ref issues
 .
   [ Jianfeng Liu ]
   * d/patches:
     - loongarch64/0012-sandbox-linux-add-statx-support-for-loongarch64.patch:
       update for upstream changes.
     - loongarch64/0016-medium-cmodel-support-for-loongarch64.patch: refresh.
 .
   [ Daniel Richard G. ]
   * d/patches/bookworm:
     - gn-absl.patch: Refresh.
     - node-esm-dirname.patch: Address a new instance of the problem.
     - node18-import.patch: Address a new instance of the problem.
     - trixie/rust-is-multiple-of.patch: Drop the -Zallow-features= bit.
     - disable/rustc-allow-features.patch: move the -Zallow-features=
       flag here so that it's separate from individual rust fixes.
Checksums-Sha1:
 0af732c575708f4552d2f7073ac3b898e015553c 4075 chromium_145.0.7632.75-1~deb12u1.dsc
 095b839b85ed46d3e8ccfaca94732aa5983c3323 749398580 chromium_145.0.7632.75.orig.tar.xz
 7d26596a62fcbb664cad1b2e4f8dc5d9b52ebb9a 8542768 chromium_145.0.7632.75-1~deb12u1.debian.tar.xz
 d16ba25ca17c99f015abe04b353d72072c46251a 26950 chromium_145.0.7632.75-1~deb12u1_source.buildinfo
Checksums-Sha256:
 f1ab23d9aaff710f47b3599e34f67d79a817f21ea4e2b9874197d230b77fee2c 4075 chromium_145.0.7632.75-1~deb12u1.dsc
 bffb79d531284fdf48c63c4a79223b55f62ff7f6dc14068e5d16f685deee077d 749398580 chromium_145.0.7632.75.orig.tar.xz
 10a14ec1795737d23c1bc7dfb6eaee432abd937d427559b5a18c25db668dd80e 8542768 chromium_145.0.7632.75-1~deb12u1.debian.tar.xz
 d042b10d031a678c596e07196e5d3f0bdadb9a20d6889c51ea81efb1050439a7 26950 chromium_145.0.7632.75-1~deb12u1_source.buildinfo
Files:
 3cbeb6f8109d8290d5b7c5f873098b92 4075 web optional chromium_145.0.7632.75-1~deb12u1.dsc
 4dd125e5d12945ff07913c7aff1293b4 749398580 web optional chromium_145.0.7632.75.orig.tar.xz
 aaa01e52f61165aa8bb98f83c449eeab 8542768 web optional chromium_145.0.7632.75-1~deb12u1.debian.tar.xz
 b253d5543d2174b14f4a3f98970670fe 26950 web optional chromium_145.0.7632.75-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmmQN/0UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcVQg//bZj2KVGPbdWqvOCiQzxIXoeb70p9
x5/mPEFrbtUnqV4DLyIUly2TvdSrtNMiLv1uhkhutUH0luAtzaDMYRr9ZU4ofJ4t
sPfKGtsPeSmO9f7ohBwHMLgC17586Wwdp71jWHe6Nugc7c5hEEABgN+fMKTjfd+f
lfN27VeWSdTZSb+q8rg1+j0aUk6LZM1qwH1OgYXQTW7r7JwrSl5qdP1wJYIdpSA4
f24HQnefoLNXvHFFZ4lGZwfE6Rtod1ZAChZhSdE6G/qu6EfruRyVJz+sXCMMyhHu
TWb8MaR8bLnM08/SfnIWTsjIJlEoY8VrGJFo0L9nQUAuf3OU6U9GvS5EsNUwmntX
QPdw6JD0Gvd+iBFJoh9Nhuzcg7odeS6yu+gntfNLBZUogpWArlygpcaw0ay339vv
Y2XJ2jC/lkyg/FGzfXkHq7vO1NFmTTTneE698exyByfmrFgthqTgxvrgFyFZaC7w
RCZi7S/741YJvmaB3yuyU79Ty9MnJElAfpMzlCE6RLn3XqVy4Y4qh1qjnKdIFw2y
2+YE1oj+8xic8Zl/Ecnt9vNVAa1MEJnGN42BGAxICDwz+5Ras7LpvoEHogkfaNtD
lhYGXpoS4+bHWB6VhxySOBX3h1cGwlrhcFRab2KSzvtyjX+5VT0HVBREImtSycQK
HR/LxBgxDQcJeIE=
=FHkS
-----END PGP SIGNATURE-----