This Debian security advisory addresses two high-severity vulnerabilities (CVE-2026-3909 and CVE-2026-3910, CVSS 8.8) in Chromium that could lead to arbitrary code execution, denial of service, or information disclosure, with Google confirming active exploits in the wild. The affected versions are Google Chrome prior to 146.0.7680.75. Users must upgrade their Debian `chromium` packages to version 146.0.7680.80-1~deb12u1 for Bookworm or 146.0.7680.80-1~deb13u1 for Trixie.
[SECURITY] [DSA 6165-1] chromium security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6165-1] chromium security update From : Andres Salomon < dilinger@debian.org > Date : Mon, 16 Mar 2026 04:39:02 +0000 Message-id : < [🔎] E1w1zjK-004u2s-2U@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6165-1 security@debian.org https://www.debian.org/security/ Andres Salomon March 16, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2026-3909 CVE-2026-3910 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that exploits for both CVEs exist in the wild. For the oldstable distribution (bookworm), these problems have been fixed in version 146.0.7680.80-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 146.0.7680.80-1~deb13u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmm3h3gACgkQZF0CR8Nu dje1KRAAonl07o2FyCy0iwTr4xNvPHW1fHOnDw/1BFZ0vmkN8sZ/8zaThhcBr5+3 mLBdRBWfzGYWLLz5b9WWrNbEonRsazt80oHU09xqqUwBvV8FZ8JC0yg++aFIhXKz KMHbucMfiLafKpk8Yd65SZ6xQlQYp5viMcpfAf8mynI33Jb4wX06qt8EGvyuIHeS xx0xACmSD84yShAVvI9ndPzkbsuDp/gMY7qPWGds9ljjIaDKG0s3qVpwhtwdouhN jrofG7LvjM0KDppIL4f5hn3M7Zkh77/exZhAxn1Q5BINaufPbNbpA2axHIO01hD0 H0qPNIT+eIvIvHjDNwEA9Wz0FPBTk+SaUQe5sIBSAT78oDWazgaAppx5/hiX+LJM Lzr7G8715DDNoWFrWX3Y+JiarHyMric1QOdvxYtFjCEG9NhzSOO9tIoIUOSyg3Qk eFF/uq7X8qttXHZzkjjrVqzmEk3DRj4QQJf5KyeiftjLzi04aaZgkE/8EElLtCpT J7DFEt9qBGkqdjzjTI15BxzZMoCUEtVSiYnCDbl6vswG10O/9MbBGmyAUnXwFX53 AgXi8FJDyukcw/cjDem0C3kUnuyCHAI5mxURv+g2brRJ7TarHRWyeUT3tG7O6SJ6 CCN1IcLzpzjeJTE/btJjgUevy6lbKl7BJ1usRccFSw4zfmsASBs= =hON/ -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Andres Salomon (on-list) Andres Salomon (off-list) Prev by Date: [SECURITY] [DSA 6164-1] chromium security update Previous by thread: [SECURITY] [DSA 6164-1] chromium security update Index(es): Date Thread