-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 29 Oct 2025 13:44:37 -0400
Source: chromium
Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-headless-shell chromium-headless-shell-dbgsym chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym
Architecture: i386
Version: 142.0.7444.59-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Description:
 chromium   - web browser
 chromium-common - web browser - common resources used by the chromium packages
 chromium-driver - web browser - WebDriver support
 chromium-headless-shell - web browser - old headless shell
 chromium-sandbox - web browser - setuid security sandbox for chromium
 chromium-shell - web browser - minimal shell
Changes:
 chromium (142.0.7444.59-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-12428: Type Confusion in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2025-12429: Inappropriate implementation in V8.
       Reported by Aorui Zhang.
     - CVE-2025-12430: Object lifecycle issue in Media.
       Reported by round.about.
     - CVE-2025-12431: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2025-12432: Race in V8. Reported by Google Big Sleep.
     - CVE-2025-12433: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12036: Inappropriate implementation in V8.
       Reported by Google Big Sleep.
     - CVE-2025-12434: Race in Storage. Reported by Lijo A.T.
     - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh.
     - CVE-2025-12436: Policy bypass in Extensions.
       Reported by Luan Herrera (@lbherrera_).
     - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq.
     - CVE-2025-12438: Use after free in Ozone.
       Reported by Wei Yuan of MoyunSec VLab.
     - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption.
       Reported by Ari Novick.
     - CVE-2025-12440: Inappropriate implementation in Autofill.
       Reported by Khalil Zhani.
     - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep.
     - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research
     - CVE-2025-12444: Incorrect security UI in Fullscreen UI.
       Reported by syrf.
     - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner
     - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh
     - CVE-2025-12447: Incorrect security UI in Omnibox.
       Reported by Khalil Zhani.
   * d/patches:
     - disable/android.patch: drop part of patch related to md5sum tool.
     - disable/catapult.patch: refresh.
     - bookworm/clang19.patch: also drop uninit-const-pointer and
       unnecessary-virtual-specifier warnings.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - i386/support-i386.patch: refresh.
     - trixie/rust-sanitize.patch: add a workaround for older rustc.
     - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix
       from gentoo.
     - trixie/rust-no-alloc-shim.patch: add another missing symbol that's
       provided by newer versions of rust.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to
       upstream fixes
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream
       changes
Checksums-Sha1:
 fbacda2b08526fdba4b85312a4ce0003e0943b25 5137724 chromium-common-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 0b6785124a6c1207063d8ce9d26a3bfeb4e621bd 22711532 chromium-common_142.0.7444.59-1~deb13u1_i386.deb
 3034e21699b83c3b1e7e0f02502d44b59deda8d2 34096868 chromium-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 9958666a88d814958f087628ea9f606d3e366819 7438528 chromium-driver_142.0.7444.59-1~deb13u1_i386.deb
 d7b02a321d17a1f71cef19e5581c5ea2217b0d0c 28251028 chromium-headless-shell-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 ef70103ca1f0dab236b98105f2d93e8e8fb7d142 55596104 chromium-headless-shell_142.0.7444.59-1~deb13u1_i386.deb
 086ca3339cb80aa61c8e1a449ec427b8a8eb22e0 19228 chromium-sandbox-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 62e45b177df5a9f0f9f39e31fcb412bcd00fb518 105592 chromium-sandbox_142.0.7444.59-1~deb13u1_i386.deb
 1b5cc5988cc34199f657b9a6247be52193391a70 31022924 chromium-shell-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 97c2b9d6fafd9316b331752a5fe8c671634fb1d9 60744160 chromium-shell_142.0.7444.59-1~deb13u1_i386.deb
 9978b4cb28c6f45ca840a140165f87b15549cf02 30006 chromium_142.0.7444.59-1~deb13u1_i386-buildd.buildinfo
 1e96ae818c27a418c99d8864eb6146e32c64b57a 72379192 chromium_142.0.7444.59-1~deb13u1_i386.deb
Checksums-Sha256:
 7c7e3e7d8ebf471f0550e559acf4fc5f472c0de5023555ca6baa94cd9bd1851e 5137724 chromium-common-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 9139ac5e91038189d7fc724940289a82edaccb0d8d7f7d3a74d6d9f7d0ffee8a 22711532 chromium-common_142.0.7444.59-1~deb13u1_i386.deb
 2eb8b65671382cd293b1deff4c2d918ce9cb23e5f7a3460dfdfff44ba82d845f 34096868 chromium-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 cf6f35436ee1d1904ffd13ff67f16602e2c9364323b0d46ccffafcf45d175a18 7438528 chromium-driver_142.0.7444.59-1~deb13u1_i386.deb
 1b19ae90a604d5d5631407c16dbe6a10d4cffea2e38057dfa074358db5693bc5 28251028 chromium-headless-shell-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 cd54b8cff0f08162b6853d68f2deac041b76ff4231d9363f45c3341e250bf49a 55596104 chromium-headless-shell_142.0.7444.59-1~deb13u1_i386.deb
 dbd49d75181d2081e6ef6504745c3ca8e89b24eb88b70d54ba578601afb25d38 19228 chromium-sandbox-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 0bc9cb39608b320178595f4b5439700dd6a5f22f894fa9c97aa07d84588411c9 105592 chromium-sandbox_142.0.7444.59-1~deb13u1_i386.deb
 38a49b6ef980a85142e395db741bcd6f8b83952593d1214f1bfbb44a723d6163 31022924 chromium-shell-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 7e302d33a7adf6c0d2c3b2e097774804cd4bf8ab9cd8f98f47c5e8ac4daf13eb 60744160 chromium-shell_142.0.7444.59-1~deb13u1_i386.deb
 202dfa70aedd21f2653fcacb841040d5f8a2e2b874800b5d8e285be5c414a326 30006 chromium_142.0.7444.59-1~deb13u1_i386-buildd.buildinfo
 bff31e86a1347f8b2853f9a9f2307e0323f91e38f0167269d7b3f8ac14ae2e85 72379192 chromium_142.0.7444.59-1~deb13u1_i386.deb
Files:
 92ff80f1095841d0840ae58c2b149faf 5137724 debug optional chromium-common-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 2e16a59ae777d466be50bf416a9b686b 22711532 web optional chromium-common_142.0.7444.59-1~deb13u1_i386.deb
 60e3441bf65e67ef8b52219ad8c8986e 34096868 debug optional chromium-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 a8435398e2db56b62768aedf94390b20 7438528 web optional chromium-driver_142.0.7444.59-1~deb13u1_i386.deb
 48a746b2ebcc1c34691d5c0f9072764e 28251028 debug optional chromium-headless-shell-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 49e1fe6e0f012f3b5a0c2d9dc26e8fa2 55596104 web optional chromium-headless-shell_142.0.7444.59-1~deb13u1_i386.deb
 0cd6c56899eb15790a3bfe4c529e7a0d 19228 debug optional chromium-sandbox-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 9602f2f9bac3e37b0e2e77dba5eea6b3 105592 web optional chromium-sandbox_142.0.7444.59-1~deb13u1_i386.deb
 dc6bf12ba2e05c3c6df80669b8afb03a 31022924 debug optional chromium-shell-dbgsym_142.0.7444.59-1~deb13u1_i386.deb
 823fb8a0d2b02644d989d43771b42fb7 60744160 web optional chromium-shell_142.0.7444.59-1~deb13u1_i386.deb
 a818fc1e1211d7a1ee82340cd1d60dab 30006 web optional chromium_142.0.7444.59-1~deb13u1_i386-buildd.buildinfo
 56c7abc42ef0c8c372b63138b8a1e39e 72379192 web optional chromium_142.0.7444.59-1~deb13u1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv2qEY4xQXyY/2dWIvGw9w6VrLCcFAmkDgOEACgkQvGw9w6Vr
LCcJvA//YG40Bq78HeKEa4qBmbiDxSGHMBRYjqe6VCFbv/Brl6gEkBr5DoGJ6ESP
3nPgWb+SVAYk564lk9OLEzMzkXgFBo5jrgrcin61oKlKlAh3Mg2YSu6wNy3A8cZ+
eU4lWroDENrsHBhE5Xz5Qh5jxH0DpoISl/QxX7LY+d/6e/SJvX0nwnLaydZ4b7aA
1k/D/9hEnx/JGUQObo5akvah263e0zGfGEOAlgX93wBGHaLUXi1H/t6mvLVdp8dX
97mHCu30cgiM/iDa4SDGDxXy4MvGOHyu5zvY6BMeH5ClSJMMlHzriWbsWZsEvBbi
ahTbMfwjaOeCrATIGbIxRvqFCgmTVSpYIAbyeqksz/WjYg2EDHEw2JKRyfhsCG08
x186NS7QK+19pI1r/b5AMUSfsRzMqJqevvHDRnFZD5M/e3efGF7IF4BKuotKobQQ
RtbgXxrl5M/Z1+T50SuKc4IykZUUDkaTOkBsTp/MtwJ0jinmBt6TYY5GuzNHXjni
CSnl52SErRaupgobkeHGzAsv9HiFn0SLKQCoOpoBM2dIRaZs6fPCIThEFbr+/5ga
pK7G5yBNVDakISLB18iUkxgdP0RaDucj1iwtz91Hi7WtrtOO4YG5NIrhGnx0JY6v
Ky67RAB3qJ6/ATCHZoHTMYufwDPDgNlw8PIMmxPGTER+bvP272k=
=LQcD
-----END PGP SIGNATURE-----