chromium - Debian Package Tracker

general

source: chromium (main)
version: 143.0.7499.109-1
maintainer: Debian Chromium Team (DMD)
uploaders: Andres Salomon [DMD] – Timothy Pearson [DMD] – Daniel Richard G. [DMD]
arch: all amd64 arm64 armhf i386 ppc64el
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 120.0.6099.224-1~deb11u1
o-o-sec: 120.0.6099.224-1~deb11u1
oldstable: 139.0.7258.154-1~deb12u1
old-sec: 143.0.7499.40-1~deb12u1
old-p-u: 142.0.7444.175-1~deb12u1
stable: 142.0.7444.134-1~deb13u1
stable-sec: 143.0.7499.40-1~deb13u1
stable-p-u: 143.0.7499.40-1~deb13u1
testing: 142.0.7444.175-1
unstable: 143.0.7499.109-1

versioned links

120.0.6099.224-1~deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
139.0.7258.154-1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
142.0.7444.134-1~deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
142.0.7444.175-1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
142.0.7444.175-1~deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
142.0.7444.175-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
143.0.7499.40-1~deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
143.0.7499.40-1~deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
143.0.7499.40-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
143.0.7499.109-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

chromium (70 bugs: 1, 39, 30, 0)
chromium-common
chromium-driver
chromium-headless-shell
chromium-l10n
chromium-sandbox
chromium-shell

action needed

15 security issues in forky high

There are 15 open security issues in forky.

15 important issues:

CVE-2025-13630: Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-13631: Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High)
CVE-2025-13632: Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2025-13633: Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-13634: Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-13635: Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-13636: Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)
CVE-2025-13637: Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-13638: Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-13639: Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-13640: Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)
CVE-2025-13720: Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-13721: Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-14372:
CVE-2025-14373:

Created: 2025-12-03 Last update: 2025-12-11 15:01

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2025-14372:
CVE-2025-14373:

Created: 2025-12-11 Last update: 2025-12-11 15:01

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2025-14372:
CVE-2025-14373:

Created: 2025-12-11 Last update: 2025-12-11 15:01

4 bugs tagged help in the BTS normal

The BTS contains 4 bugs tagged help, please consider helping the maintainer in dealing with them.

Created: 2019-03-21 Last update: 2025-12-11 19:30

8 bugs tagged patch in the BTS normal

The BTS contains patches fixing 8 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-12-11 19:30

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-08-26 Last update: 2025-12-11 17:00

7 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 08cb429911ed5d11e571b3cd8575e7e8dabebec5
Author: Andres Salomon <dilinger@queued.net>
Date:   Wed Dec 10 22:18:30 2025 -0500

    add missing changelog entry and release 143.0.7499.109-1

commit 733220757731ccd1f715f6125b969e200288f2ce
Merge: 96dc430 cae3e65
Author: Timothy Pearson <tpearson@raptorengineering.com>
Date:   Sat Dec 6 00:56:12 2025 +0000

    Merge branch 'fix-ppc64le-linux-stat' into 'master'
    
    d/patches: ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: fix struct kernel_stat
    
    See merge request chromium-team/chromium!30

commit cae3e65d1a2948f84dce2bd3a27ef53815a153e5
Author: Jianfeng Liu <liujianfeng1994@gmail.com>
Date:   Fri Dec 5 09:37:01 2025 +0800

    d/patches: ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: fix struct kernel_stat

commit 96dc4303c9dbaa86f514494c16401443e36a9e1f
Merge: 98efecc f375aa3
Author: Andres Salomon <dilinger@debian.org>
Date:   Thu Dec 4 09:44:22 2025 +0000

    Merge branch 'v4l2-av1' into 'master'
    
    Enable V4L2 AV1 hardware decoder
    
    See merge request chromium-team/chromium!29

commit f375aa37c03e20334a75045f9718701bfe2cce83
Author: Jianfeng Liu <liujianfeng1994@gmail.com>
Date:   Thu Dec 4 17:38:34 2025 +0800

    add changelog for V4L2 AV1 support

commit 810c67b3b969513d23aa563dc3a76a22e2d0dd68
Author: Jianfeng Liu <liujianfeng1994@gmail.com>
Date:   Thu Dec 4 09:28:49 2025 +0800

    d/patches: upstream/fix-rk3588-v4l2-av1-decoder.patch: Fixes upstream issue #464638992

commit eb43aa659efeebcaea88932895c1b5ea75f8912d
Author: Jianfeng Liu <liujianfeng1994@gmail.com>
Date:   Thu Dec 4 17:36:07 2025 +0800

    set use_av1_hw_decoder=true for arm64 and add build dep linux-libc-dev (>= 6.5)

Created: 2025-12-04 Last update: 2025-12-11 09:03

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-09-18 Last update: 2025-12-04 12:03

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #1016047 for more information.

Created: 2022-07-26 Last update: 2022-07-26 03:32

AppStream hints: 1 warning normal

AppStream found metadata issues for packages:

chromium: 1 warning

You should get rid of them to provide more metadata about this software.

Created: 2020-06-01 Last update: 2020-06-01 01:12

debian/patches: 112 patches to forward upstream low

Among the 115 debian patches available in version 143.0.7499.109-1 of the package, we noticed the following issues:

112 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-12-11 15:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.5.0).

Created: 2020-11-17 Last update: 2025-12-11 12:31

testing migrations

excuses:
- Migration status for chromium (142.0.7444.175-1 to 143.0.7499.109-1): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Lintian crashed and produced no output, please contact debian-release for a hint - info
- ∙ ∙ Missing build on amd64
- ∙ ∙ Missing build on arm64
- ∙ ∙ Missing build on armhf
- ∙ ∙ Missing build on i386
- ∙ ∙ Missing build on ppc64el
- ∙ ∙ Missing build on all
- ∙ ∙ Autopkgtest deferred: missing arch:all build
- ∙ ∙ Too young, only 0 of 2 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/c/chromium.html
- ∙ ∙ Waiting for reproducibility test results on amd64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on arm64 - info ♻
- Not considered

news

[rss feed]

[2025-12-11] Accepted chromium 143.0.7499.109-1 (source) into unstable (Andres Salomon)
[2025-12-05] Accepted chromium 143.0.7499.40-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-12-04] Accepted chromium 143.0.7499.40-1~deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-12-04] Accepted chromium 143.0.7499.40-1~deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-12-03] Accepted chromium 143.0.7499.40-1 (source) into unstable (Andres Salomon)
[2025-11-22] Accepted chromium 142.0.7444.175-1~deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-22] Accepted chromium 142.0.7444.162-1~deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-22] Accepted chromium 142.0.7444.175-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-21] chromium 142.0.7444.175-1 MIGRATED to testing (Debian testing watch)
[2025-11-19] Accepted chromium 142.0.7444.134-1~deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-19] Accepted chromium 142.0.7444.59-1~deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-19] Accepted chromium 141.0.7390.122-1~deb12u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-19] Accepted chromium 142.0.7444.162-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-19] Accepted chromium 142.0.7444.175-1~deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-19] Accepted chromium 142.0.7444.175-1~deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-18] Accepted chromium 142.0.7444.175-1 (source) into unstable (Andres Salomon)
[2025-11-15] chromium 142.0.7444.162-1 MIGRATED to testing (Debian testing watch)
[2025-11-13] Accepted chromium 142.0.7444.162-1~deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-13] Accepted chromium 142.0.7444.162-1~deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-12] Accepted chromium 142.0.7444.162-1 (source) into unstable (Andres Salomon)
[2025-11-08] chromium 142.0.7444.134-1 MIGRATED to testing (Debian testing watch)
[2025-11-07] Accepted chromium 142.0.7444.134-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-07] Accepted chromium 142.0.7444.134-1~deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-07] Accepted chromium 142.0.7444.134-1~deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-06] Accepted chromium 142.0.7444.134-1 (source) into unstable (Andres Salomon)
[2025-11-01] Accepted chromium 142.0.7444.59-1~deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Andres Salomon)
[2025-11-01] chromium 142.0.7444.59-1 MIGRATED to testing (Debian testing watch)
[2025-10-30] Accepted chromium 142.0.7444.59-1~deb12u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-10-30] Accepted chromium 142.0.7444.59-1~deb13u1 (source) into stable-security (Debian FTP Masters) (signed by: Andres Salomon)
[2025-10-29] Accepted chromium 142.0.7444.59-1 (source) into unstable (Andres Salomon)

bugs [bug history graph]

all: 79 85
RC: 1
I&N: 40 42
M&W: 38 42
F&P: 0
patch: 8
help: 4

links

homepage
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches