-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Oct 2025 13:44:37 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: arm64
Version: 142.0.7444.59-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-03) <buildd_arm64-arm-ubc-03@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (142.0.7444.59-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-12428: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2025-12429: Inappropriate implementation in V8.
       Reported by Aorui Zhang.
     - CVE-2025-12430: Object lifecycle issue in Media.
       Reported by round.about.
     - CVE-2025-12431: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2025-12432: Race in V8. Reported by Google Big Sleep.
     - CVE-2025-12433: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12434: Race in Storage. Reported by Lijo A.T.
     - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh.
     - CVE-2025-12436: Policy bypass in Extensions.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq.
     - CVE-2025-12438: Use after free in Ozone.
       Reported by Wei Yuan of MoyunSec VLab.
     - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption.
       Reported by Ari Novick.
     - CVE-2025-12440: Inappropriate implementation in Autofill.
       Reported by Khalil Zhani.
     - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep.
     - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research
     - CVE-2025-12444: Incorrect security UI in Fullscreen UI.
       Reported by syrf.
     - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner
     - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh
     - CVE-2025-12447: Incorrect security UI in Omnibox.
       Reported by Khalil Zhani.
   * d/patches:
     - disable/android.patch: drop part of patch related to md5sum tool.
     - disable/catapult.patch: refresh.
     - bookworm/clang19.patch: also drop uninit-const-pointer and
       unnecessary-virtual-specifier warnings.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - i386/support-i386.patch: refresh.
     - trixie/rust-sanitize.patch: add a workaround for older rustc.
     - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix
       from gentoo.
     - trixie/rust-no-alloc-shim.patch: add another missing symbol that's
       provided by newer versions of rust.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to
       upstream fixes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
Checksums-Sha1:
 66ac65f2c99ee340892cb22ef4514cb657cd0c18 5951220 chromium-common-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 4ec17933b87eaccbeb9fc321e2b1dea701282972 27461176 chromium-common_142.0.7444.59-1~deb13u1_arm64.deb
 58ee83e735ff47143f471b6b41b84b516d43dc56 31957456 chromium-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 f8a836ff96262f1cec07776a41b8599e8ce1f7e6 6302172 chromium-driver_142.0.7444.59-1~deb13u1_arm64.deb
 1608ab0b2c03a2db4bbc1ce90396ded15db4e068 26656368 chromium-headless-shell-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 5284fb8c9f8b79ee611a12d8c20dc4b29150bc4a 51774836 chromium-headless-shell_142.0.7444.59-1~deb13u1_arm64.deb
 59bee07722fa96b7946032c2871ce7674ed4fe38 21164 chromium-sandbox-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 209596531473dbde58092c80534578240c699578 106528 chromium-sandbox_142.0.7444.59-1~deb13u1_arm64.deb
 88fbdf1b0fad080fb9ed296ed4594ea5ff9cf099 28089636 chromium-shell-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 54dfe729d04aeb453ed21e64b591286849b75f48 51427712 chromium-shell_142.0.7444.59-1~deb13u1_arm64.deb
 c6a5eecda58bdafb8b3f1e49b4a53cc5e41c196b 30061 chromium_142.0.7444.59-1~deb13u1_arm64-buildd.buildinfo
 f39db5faf60d4fc18ea87fc9f2cf67e192157eaa 69059632 chromium_142.0.7444.59-1~deb13u1_arm64.deb
Checksums-Sha256:
 b1a37230947b289998463b7a768412f0dd8c6412388c9fba6786ac2b95ff7602 5951220 chromium-common-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 892281f10f3bf43e97637b61c3e5e8d69f5ecbdc0ba299433b3b10645bf22ce9 27461176 chromium-common_142.0.7444.59-1~deb13u1_arm64.deb
 3c4c8a4442e3182e8f19031ab106c8280144ebbcf43d80622a9ac64266a225cb 31957456 chromium-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 a70d99be93471ab187eaff3c0b4b625a2209e64fc6f2ae1d6d023014e1a68198 6302172 chromium-driver_142.0.7444.59-1~deb13u1_arm64.deb
 3fdfe89cc8962d23cc38b1b8353799339adb19a0192a55c9d06147675123daed 26656368 chromium-headless-shell-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 c9d4778018a7f6e00fe1c6f426404ac655bf87af59a45baf9efb60177f4aac76 51774836 chromium-headless-shell_142.0.7444.59-1~deb13u1_arm64.deb
 1fce0d681e6ec8c8e4a3721e3eacfbcaa6e5bbbf574c24a394177a8172b27b44 21164 chromium-sandbox-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 f05c4bd445095c0a2f3722d5776c380e0951fb90f29d99607277130d58da2803 106528 chromium-sandbox_142.0.7444.59-1~deb13u1_arm64.deb
 24ebf9452858cc8574017f011a398e7c63ae526ef6e5c699dab6e253bbd25908 28089636 chromium-shell-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 ae05fa048d619c0a2a3541d2f8029ca341b5a7963928767dcb4cdff6f9c7ea43 51427712 chromium-shell_142.0.7444.59-1~deb13u1_arm64.deb
 55f5559bb0560fa4a0aa90c2437331f76e442df06faac3fdf9688f9da2e81a7a 30061 chromium_142.0.7444.59-1~deb13u1_arm64-buildd.buildinfo
 2901d8ea487eeef1f2ea0bfad3da9b4ab8aa6e6011bab2c3007cfa6277f816d1 69059632 chromium_142.0.7444.59-1~deb13u1_arm64.deb
Files:
 66de135917940729f65661cba9aba7a9 5951220 debug optional chromium-common-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 5836c79009fcdf6d30eb36b5c9b4f28c 27461176 web optional chromium-common_142.0.7444.59-1~deb13u1_arm64.deb
 a044be68c805f8ecefe77a4e35fef050 31957456 debug optional chromium-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 06ddb77696b5f497901edd01e67b9cba 6302172 web optional chromium-driver_142.0.7444.59-1~deb13u1_arm64.deb
 e32246a19c9efaffc0280397e7846bfe 26656368 debug optional chromium-headless-shell-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 758814559da419379f25dfa058cb9cfa 51774836 web optional chromium-headless-shell_142.0.7444.59-1~deb13u1_arm64.deb
 23a1ddac28c6c77d008bf8fc9d78a031 21164 debug optional chromium-sandbox-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 20c07ff89080b6a3fff6e98ab00f4fe5 106528 web optional chromium-sandbox_142.0.7444.59-1~deb13u1_arm64.deb
 be713d05b78eff6aef6c6ea6db3c7d38 28089636 debug optional chromium-shell-dbgsym_142.0.7444.59-1~deb13u1_arm64.deb
 eaae39be3e2e1e4616dc93ba26e4ea51 51427712 web optional chromium-shell_142.0.7444.59-1~deb13u1_arm64.deb
 abcacd5cd655af706bba685b1f0de079 30061 web optional chromium_142.0.7444.59-1~deb13u1_arm64-buildd.buildinfo
 d59a22a7e23a9b88481f0c351f739563 69059632 web optional chromium_142.0.7444.59-1~deb13u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENsdrABvTD8MQ0UffVza3l394K2AFAmkDhToACgkQVza3l394
K2DoyRAAhEGRm46FZcl74hrM0WBTHjElqpT0R8kmEe61pdjeIwHO3pd6vVoXg284
Kw/g+BrRCw1hAmMMpke79tApEdfpotGPDQ012TnALwmFL4Gyn86HN/BV9fTcNGzU
n0fmi7FPd6sv5cgHXJ7jTuwIgoSarnfV8B0Hd+siPeYpIwZXZws3WkQk7JmMpkvl
3r7duLyolTt0XZZ1beb9bGfX4KhSsTGFUXdJqWbsmIgBLZb9Gd1yisEo56sFrDjS
7F0bjFRYfwXSMTrTC4FfsOffuVj/k1HeRlPwotYymlN01Qu5MKDfMlwD9FwYVQxS
ihOIGxkedGWXDp5KV9PUoeXglQIx4rjQWjIgF814Mqoiv2xXwNRAgXtXJNk8d4SW
2Rgh6ROBjH363OfvnID8AEtG8BTXLGke6d7eXVrmzg5Jlu0ZgXaZKZ+7/J78i1mJ
KUYmVW8J8b+1P0lthhsFG5Q3KtjB/HV6FKZNYBz/XsFOdrkpr8kKnrWwwQWhVjkV
LrirjVMmCdjmqEXcHxod21zH4PXUyyJ7sQ7ZhTHC1CWB+FrSn39/3RZBltFAwfjV
zStAxzksHgy6WRoL9EFuDVKdG3AJTDuf1b0pSMHwlK+b1auC4uD06q83Zs+ufNsZ
1CO0M1QS/h17wSn79j9HGboNrDHB9fjNu6gNXCVMl/UTTWtfBdY=
=GMDC
-----END PGP SIGNATURE-----