-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Oct 2025 13:44:37 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: armhf
Version: 142.0.7444.59-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-04) <buildd_arm64-arm-ubc-04@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (142.0.7444.59-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-12428: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2025-12429: Inappropriate implementation in V8.
       Reported by Aorui Zhang.
     - CVE-2025-12430: Object lifecycle issue in Media.
       Reported by round.about.
     - CVE-2025-12431: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2025-12432: Race in V8. Reported by Google Big Sleep.
     - CVE-2025-12433: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12434: Race in Storage. Reported by Lijo A.T.
     - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh.
     - CVE-2025-12436: Policy bypass in Extensions.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq.
     - CVE-2025-12438: Use after free in Ozone.
       Reported by Wei Yuan of MoyunSec VLab.
     - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption.
       Reported by Ari Novick.
     - CVE-2025-12440: Inappropriate implementation in Autofill.
       Reported by Khalil Zhani.
     - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep.
     - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research
     - CVE-2025-12444: Incorrect security UI in Fullscreen UI.
       Reported by syrf.
     - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner
     - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh
     - CVE-2025-12447: Incorrect security UI in Omnibox.
       Reported by Khalil Zhani.
   * d/patches:
     - disable/android.patch: drop part of patch related to md5sum tool.
     - disable/catapult.patch: refresh.
     - bookworm/clang19.patch: also drop uninit-const-pointer and
       unnecessary-virtual-specifier warnings.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - i386/support-i386.patch: refresh.
     - trixie/rust-sanitize.patch: add a workaround for older rustc.
     - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix
       from gentoo.
     - trixie/rust-no-alloc-shim.patch: add another missing symbol that's
       provided by newer versions of rust.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to
       upstream fixes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
Checksums-Sha1:
 52ffcb428e3bca8e8d03390908893dbf0bce989f 5525440 chromium-common-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 e73d90b7ef37c4c4babcd84e482dda5020d9ed9e 22486656 chromium-common_142.0.7444.59-1~deb13u1_armhf.deb
 4a05fcc083fca9843e50542c179d9e79becc977d 33577652 chromium-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 45796fed687f5c74f0ed1afb99de51aa2c33d202 6802948 chromium-driver_142.0.7444.59-1~deb13u1_armhf.deb
 be7899f8cb778f892d7f7ed0cf1431fc95684655 26343588 chromium-headless-shell-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 0774fc2f4a765f6baed1c540c3550c33a64a982a 51235236 chromium-headless-shell_142.0.7444.59-1~deb13u1_armhf.deb
 15f790efffbdca553b0fe97551b8e7b794e0472c 19344 chromium-sandbox-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 a08652bd68875cfd0d6923c9b97dece440773719 105348 chromium-sandbox_142.0.7444.59-1~deb13u1_armhf.deb
 80810f48f372c0b607ef14476e4676cfdde3600d 28642188 chromium-shell-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 c7bda1e9d64fdc7d30831aac84cff41faab00d30 56016552 chromium-shell_142.0.7444.59-1~deb13u1_armhf.deb
 035ca2344375e5873515f5a28d27b2809c627c79 29967 chromium_142.0.7444.59-1~deb13u1_armhf-buildd.buildinfo
 bb1a7645fbc81fb66f9d76b95ce3a41bd69cfc41 66850108 chromium_142.0.7444.59-1~deb13u1_armhf.deb
Checksums-Sha256:
 5f717b5617450f2f2cd64cc1ebf86e0222e8f5fd8aac9c64705f3d5372f313c8 5525440 chromium-common-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 619e4cf635be7f529e16f6bdaacc8227fc54b33a01c31a1b9cc5b065fdf519bb 22486656 chromium-common_142.0.7444.59-1~deb13u1_armhf.deb
 8d34633a45fa0538917d972a34b7c7d283a8cfa99ac0a41cb84e50af16f10f23 33577652 chromium-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 563d0db60e6fddb455c642090cbd00025ecd44741a8631cffd89fc932fbb00bf 6802948 chromium-driver_142.0.7444.59-1~deb13u1_armhf.deb
 0982cd02ceefa27c4e805a3768b93e670671891f4c7b7d2b6af8e8ec6e537aad 26343588 chromium-headless-shell-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 713ad38e17b8f39172ead4876893327e8bc4346f63f63f5c4561a3bf91a50c4d 51235236 chromium-headless-shell_142.0.7444.59-1~deb13u1_armhf.deb
 87048701f39b5f48261959a39c5f1476c113d40539be0005e9196ae9d8758bd7 19344 chromium-sandbox-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 bebfcbf17f1fdda57d334e527c9b4a6b46bddfb78eb7b0f8147db58459ca12cb 105348 chromium-sandbox_142.0.7444.59-1~deb13u1_armhf.deb
 fafa640dcc8995cecddfcd2b64f1ae8504761656474d76d618b07b77ce0f6b72 28642188 chromium-shell-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 8deccb907586712e6a54f12ba051ba320feeb184af817fcaf00d0b707a955b4e 56016552 chromium-shell_142.0.7444.59-1~deb13u1_armhf.deb
 e3646f63a4cefb5b710ffd7330cdbbd192900c22d4e6ed3c5a7a3f710a7fee88 29967 chromium_142.0.7444.59-1~deb13u1_armhf-buildd.buildinfo
 353088b54ded8b6c969b9f2005dd69c2a6d01a08489ba4932f163c1cf06b29b4 66850108 chromium_142.0.7444.59-1~deb13u1_armhf.deb
Files:
 915ed084ee2bfd59e428170b6479c9c6 5525440 debug optional chromium-common-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 9c465783c005e61ef705d631dbc225c3 22486656 web optional chromium-common_142.0.7444.59-1~deb13u1_armhf.deb
 141e6532d9d364859c1468d61c4133b5 33577652 debug optional chromium-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 0f5421807bf72c31bf10d38aa5c6415f 6802948 web optional chromium-driver_142.0.7444.59-1~deb13u1_armhf.deb
 470b30ac9d0f7f0afa994a3de7a68688 26343588 debug optional chromium-headless-shell-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 b372fa8e1209a545d2293035a188d409 51235236 web optional chromium-headless-shell_142.0.7444.59-1~deb13u1_armhf.deb
 9309dbf9bb810ea785b14c7bfb85bb75 19344 debug optional chromium-sandbox-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 2aa82483dde109f17c7eb63ec6ce4582 105348 web optional chromium-sandbox_142.0.7444.59-1~deb13u1_armhf.deb
 c8a30245e0696f51f40028b05f4c44dd 28642188 debug optional chromium-shell-dbgsym_142.0.7444.59-1~deb13u1_armhf.deb
 9903d07ebe7ba7c689ac32563b8f5e55 56016552 web optional chromium-shell_142.0.7444.59-1~deb13u1_armhf.deb
 61fa223ea56cc4f0c9647b90b9590948 29967 web optional chromium_142.0.7444.59-1~deb13u1_armhf-buildd.buildinfo
 1c9ee5e2745e1f5b48260377162152e4 66850108 web optional chromium_142.0.7444.59-1~deb13u1_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUPFH3FhY8nQZGtLwVLd4YzMSDKEFAmkDht8ACgkQVLd4YzMS
DKFHGg//eRETRqjBJsnKzejmBSxtgrfZGf/ccsiq3DtaZ5zmR8rOwJQRsRVjzXVo
hM38nhadyTx4epDTvy1TmtEMy3wtRo+JqjdfFSI+sOFZYQy2LnrMVhv0EhTJ8CI5
ewgBs2yGYBLJAmnSo89YgWucqYgXWJg+9jpkFEs8gqzfB9NQXl7kOZiplz3uClcQ
kCjNTMG2Ga4kcGbHVYClqfLmXCaAlwr+iE6PeM5BA/eKnGlW0uAyBbZ4JyJo7U6g
HC12pqs7TphiODNM6y+4ywmGEzvsI7SSTiecYI7rJJe3Fmq3iyja6UzGSS1pVCay
DXvHhvpTRHJdytray36yKNZNabO8B4Pj2odipKWlD3GSE95xvfnTfMmnB7XUaGsk
iA1sLjo2qw9wwxgsQkUPDBGPsBxLC2MvWLnkgALUNVDTUFNB/C8ElUEt/gp/jLXX
XIBlqInNRjpH1rKWOTCE+AEDclv5q3uF2s3H6ENuOsrZFwX3EXEijgGRkowRgdaH
LaCzFLowQlCSiMcP7dBMbGY/xTX65FGMUT1lpUB0j/LU+uTQibo0E8sXYD50F+pu
24jaMxC+uF73X8OE4Ost/CVhUL2Vb2ekxQD70hln4p1xRKLyrYMhi1JY2+LfqaEe
5VDkyw0PGGSR9aSAsuBTRljpH5b7ZkahPw6CdR+8R/ml1gNcOv8=
=5AZb
-----END PGP SIGNATURE-----