[SECURITY] [DSA 5963-1] chromium security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5963-1] chromium security update
From: Andres Salomon <dilinger@debian.org>
Date: Thu, 17 Jul 2025 06:19:30 +0000
Message-id: <[🔎] E1ucHxq-008ukP-1e@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5963-1                   security@debian.org
https://www.debian.org/security/                           Andres Salomon
July 17, 2025                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium
CVE ID         : CVE-2025-6558 CVE-2025-7656 CVE-2025-7657

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure. Google is aware that an exploit for CVE-2025-6558 exists
in the wild.

For the stable distribution (bookworm), these problems have been fixed in
version 138.0.7204.157-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmh4kkoACgkQZF0CR8Nu
djdRkA/8CEeCZ26WU5QBRziBB4HC61RDtGU2xc001+8Jb5awBKbMAcRxaYTLZa0h
02qJ4q1ftGgzAefUzLI8na5R+y2OFcKhWOKmlCheXXKQHS1/OsVYmY/mD68YVWut
IzXQnHvwQ1eWvIE/Ms2Jfa3nAK0AgHJjLKUgGGgP4GbBFyfqN/iMuuw/BOlLN6gd
4pook5S0XibIhxgPO3MDAWRButxhhgLGWGcYRQvaIdD6FuEzFR3h6j1p/qcgZLCl
aGQGqtwCUmiDtCufvdXWqF/aKiPcOd/7lZWJIExF1rA+iG2ybnq+pduU7w2l66W4
kmzRq2CnzzLnkd9gvMpQjeAoW6OwQAvTBOeloKeMqa71kZW7DIKsL+7KSkDVfn7E
W+fExQObJpD0GKTHYGyane0oZg/m5tF1QdhtnHhnQc/UG6CsuCN4dzINONpydg7Y
SbIcd2Hv2L7UmtDHe0zjNk34wtvWs2s22cCyjI4pICsqgXLFN5TCVq5mgWaIPDn1
6bfQ40q+z15SVHmuNNfiy32h96RrBp42O36I0+YAC/1Z2N5mGgegr+pQwBfVo0CV
2ZQo3NGzlnyBczr2+yzh0XTmeg0Euma57cEPnxx4rBKvnj5z04blozk/v7LCawVz
3gHZ3Pj93w1EfmJfkDui1bt/4clMMi+pzUWDtVr33I2WKZKe2q0=
=r1A8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5962-1] gnutls28 security update
Next by Date: [SECURITY] [DSA 5964-1] firefox-esr security update
Previous by thread: [SECURITY] [DSA 5962-1] gnutls28 security update
Next by thread: [SECURITY] [DSA 5964-1] firefox-esr security update
Index(es):
- Date
- Thread