ESB-2026.3504

=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2026.3504 chromium security update 13 April 2026 =========================================================================== AUSCERT Security Bulletin Summary --------------------------------- Product: chromium Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5862 CVE-2026-5863 CVE-2026-5864 CVE-2026-5865 CVE-2026-5866 CVE-2026-5867 CVE-2026-5868 CVE-2026-5869 CVE-2026-5870 CVE-2026-5871 CVE-2026-5872 CVE-2026-5873 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5877 CVE-2026-5878 CVE-2026-5879 CVE-2026-5880 CVE-2026-5881 CVE-2026-5882 CVE-2026-5883 CVE-2026-5884 CVE-2026-5885 CVE-2026-5886 CVE-2026-5887 CVE-2026-5888 CVE-2026-5889 CVE-2026-5890 CVE-2026-5891 CVE-2026-5892 CVE-2026-5893 CVE-2026-5894 CVE-2026-5895 CVE-2026-5896 CVE-2026-5897 CVE-2026-5898 CVE-2026-5899 CVE-2026-5900 CVE-2026-5901 CVE-2026-5902 CVE-2026-5903 CVE-2026-5904 CVE-2026-5905 CVE-2026-5906 CVE-2026-5907 CVE-2026-5908 CVE-2026-5909 CVE-2026-5910 CVE-2026-5911 CVE-2026-5912 CVE-2026-5913 CVE-2026-5914 CVE-2026-5915 CVE-2026-5918 CVE-2026-5919 Original Bulletin: https://lists.debian.org/debian-security-announce/2026/msg00115.html Comment: CVSS (Max): 9.6 CVE-2026-5893 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) CVSS Source: CISA-ADP, [Red Hat] Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H EPSS (Max): 0.1% (23rd) CVE-2026-5866 2026-04-12 - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian Security Advisory DSA-6205-1 security@debian.org https://www.debian.org/security/ Andres Salomon April 10, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium CVE ID : CVE-2026-5858 CVE-2026-5859 CVE-2026-5860 CVE-2026-5861 CVE-2026-5862 CVE-2026-5863 CVE-2026-5864 CVE-2026-5865 CVE-2026-5866 CVE-2026-5867 CVE-2026-5868 CVE-2026-5869 CVE-2026-5870 CVE-2026-5871 CVE-2026-5872 CVE-2026-5873 CVE-2026-5874 CVE-2026-5875 CVE-2026-5876 CVE-2026-5877 CVE-2026-5878 CVE-2026-5879 CVE-2026-5880 CVE-2026-5881 CVE-2026-5882 CVE-2026-5883 CVE-2026-5884 CVE-2026-5885 CVE-2026-5886 CVE-2026-5887 CVE-2026-5888 CVE-2026-5889 CVE-2026-5890 CVE-2026-5891 CVE-2026-5892 CVE-2026-5893 CVE-2026-5894 CVE-2026-5895 CVE-2026-5896 CVE-2026-5897 CVE-2026-5898 CVE-2026-5899 CVE-2026-5900 CVE-2026-5901 CVE-2026-5902 CVE-2026-5903 CVE-2026-5904 CVE-2026-5905 CVE-2026-5906 CVE-2026-5907 CVE-2026-5908 CVE-2026-5909 CVE-2026-5910 CVE-2026-5911 CVE-2026-5912 CVE-2026-5913 CVE-2026-5914 CVE-2026-5915 CVE-2026-5918 CVE-2026-5919 Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 147.0.7727.55-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 147.0.7727.55-1~deb13u1. We recommend that you upgrade your chromium packages. For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AUSCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AUSCERT's members. As AUSCERT did not write the document quoted above, AUSCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AUSCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://portal.auscert.org.au/bulletins/ =========================================================================== AUSCERT The University of Queensland, Brisbane QLD 4072 Australia e: auscert@auscert.org.au t: +61 (0)7 3365 4417 Allies in Cyber Security ===========================================================================