-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 03 Dec 2025 01:54:50 -0500
Source: chromium
Architecture: source
Version: 143.0.7499.40-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (143.0.7499.40-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream stable release.
     - CVE-2025-13630: Type Confusion in V8.
       Reported by Shreyas Penkar (@streypaws).
     - CVE-2025-13631: Inappropriate implementation in Google Updater.
       Reported by Jota Domingos.
     - CVE-2025-13632: Inappropriate implementation in DevTools.
       Reported by Leandro Teles.
     - CVE-2025-13633: Use after free in Digital Credentials.
       Reported by Chrome.
     - CVE-2025-13634: Inappropriate implementation in Downloads.
       Reported by Eric Lawrence of Microsoft.
     - CVE-2025-13720: Bad cast in Loader. Reported by Chrome.
     - CVE-2025-13721: Race in v8. Reported by Chrome.
     - CVE-2025-13635: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13636: Inappropriate implementation in Split View.
       Reported by Khalil Zhani.
     - CVE-2025-13637: Inappropriate implementation in Downloads.
       Reported by Hafiizh.
     - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito.
     - CVE-2025-13639: Inappropriate implementation in WebRTC.
       Reported by Philipp Hancke.
     - CVE-2025-13640: Inappropriate implementation in Passwords.
       Reported by Anonymous.
   * d/patches:
     - fixes/headless-gn.patch: refresh.
     - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream.
     - disable/tests.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: sync from upstream.
     - fixes/libpng-testonly.patch: add a workaround for a missing build target
       that upstream forgot to include.
     - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as
       unsafe to make rustc happy.
     - trixie/cookie-string-view.patch: add a workaround for missing clang-19
       feature.
 .
   [ Daniel Richard G. ]
   * d/patches:
     - debianization/cross-build.patch: Avoid "Assignment had no effect"
       error from GN when running outside of d/rules.
     - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here.
     - disable/license-headless-shell.patch: Don't generate the (unused)
       LICENSE.headless_shell file, as the rule tends to break easily.
     - fixes/headless-gn.patch: No longer needed, thanks to previous patch.
     - trixie/rust-is-multiple-of.patch: add more workarounds for missing
       rustc features.
     - bookworm/constexpr.patch: Refresh (source file moved).
     - bookworm/gn-absl.patch: Refresh.
     - bookworm/gn-path-exists2.patch: Refresh.
     - bookworm/rust-unsafe-extern.patch: add workaround for older rust code
       convention generated by bookworm's version of rust-bindgen.
     - bookworm/node-esm-dirname.patch: add workaround for older node 18.
   * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from
       upstream sources
     - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes
Checksums-Sha1:
 8be5ed5e319e635ac623f04217e0152d7b498552 4059 chromium_143.0.7499.40-1~deb12u1.dsc
 5afd149cc2ac44be0a3c3761dcd2dd21ee4d37be 1016232376 chromium_143.0.7499.40.orig.tar.xz
 9b2474b03691c1a457d19882c5b08a1c87d19cfb 8528028 chromium_143.0.7499.40-1~deb12u1.debian.tar.xz
 adacae2f9f974c29f160d2db7a0e2169f21eb0ff 26768 chromium_143.0.7499.40-1~deb12u1_source.buildinfo
Checksums-Sha256:
 3afbdaea1ba4c1a25f334341f208b2faf17aa3f5c6849028d9b667eaa1e24578 4059 chromium_143.0.7499.40-1~deb12u1.dsc
 8aeca2164ee3ad54e36c7e5b4349883d7d6fc4ff2a7b578e0b294bd4bf6c2729 1016232376 chromium_143.0.7499.40.orig.tar.xz
 7a22a4758cd73efca9943c4df89777376fef96f09e174d80805e5f68db6f8d0b 8528028 chromium_143.0.7499.40-1~deb12u1.debian.tar.xz
 709ad56d11c17687daa4ba91a04e848052272383259119a527bffe6af4a0d5e2 26768 chromium_143.0.7499.40-1~deb12u1_source.buildinfo
Files:
 b2e27d439adca5eb66e3c507e375047f 4059 web optional chromium_143.0.7499.40-1~deb12u1.dsc
 5baa25f96ba17d43bc048969d26c1867 1016232376 web optional chromium_143.0.7499.40.orig.tar.xz
 73e3874e4025de8a3e24b125f111dbe9 8528028 web optional chromium_143.0.7499.40-1~deb12u1.debian.tar.xz
 580a4cd61e1ad45b5a53a30f8d781a6d 26768 web optional chromium_143.0.7499.40-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmkwkdAUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjc/jg/7BOdZbtVuzaVlgBxWLm/DvEdbiq4p
QmbH9Ku8VcB+/lzNISG3+rOXfnWMfUwpocGlyO9v7Op50PdgA82lxZxrOzCALpB6
RM2U2utFtTqiuESdbftAGoSNtzJLVSS/A7KsBITNIGFsK0p9pgfTEdM3nADoCIP6
MEj/hJtNu/sq/5ZtEnAAG0GvA66QPguwGZjYsPaXfwjU+al6Fsqr9YNkPXKylM4Y
Et0nLJ1j541KoCzU1phFMP7sfDYmlpUOS0H7/tspKveDMOlr7tN2Or9AuwvDhegl
i2mkwgNZaMo/AqEqyKh+CKUd+kEy/i5k5f8t76Rxb6f7QHssJhSSizMC4EpiAtH1
+HWIsTfsVTtq4LzHcUF8p1S+3+Mvg2S1jNUDd34Tdx7XVRZ5r4Ml+h7KyizLRN1Z
51TRCkPuMKfGlsCpUP/PHYAMY61ubUx975IuXaF2IudiYs1lBpWxIS9opy2bKK3P
gXNsfmEGCX5h2VUx2xyrhfD2sKphxYZZsEYQoL44xeYZoShsBOfNe328Ix0hb/NH
vaJIwTzvSDur0b5aCRc00yL1Cwx6HnZv5KQP6dgfW7H+LBmxkEl9GczLiSloaXFN
cCg1yXKtlDrzRUQEnS5UJDae3gQfUjSxDfXNJTlKMyyjGnAoWiNkYjFToMGrB9Cs
KpsbWLzKCAfSh3U=
=Tbhh
-----END PGP SIGNATURE-----