Debian released two security advisories on that address serious flaws in both Chromium on Debian GNU/Linux 12 (Bookworm) and 13 (Trixie) as well as the libpng1.6 library on Debian GNU/Linux 11 (Bullseye) LTS. The update for Chromium fixes over twenty vulnerabilities which could potentially lead to arbitrary code execution or denial of service attacks depending on how they are exploited.

[DSA 6192-1] chromium security update
[DLA 4521-1] libpng1.6 security update

[SECURITY] [DSA 6192-1] chromium security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6192-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
April 02, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2026-5272 CVE-2026-5273 CVE-2026-5274 CVE-2026-5275
CVE-2026-5276 CVE-2026-5277 CVE-2026-5278 CVE-2026-5279
CVE-2026-5280 CVE-2026-5281 CVE-2026-5282 CVE-2026-5283
CVE-2026-5284 CVE-2026-5285 CVE-2026-5286 CVE-2026-5287
CVE-2026-5288 CVE-2026-5289 CVE-2026-5290 CVE-2026-5291
CVE-2026-5292

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the oldstable distribution (bookworm), these problems have been fixed
in version 146.0.7680.177-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 146.0.7680.177-1~deb13u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DLA 4521-1] libpng1.6 security update

-------------------------------------------------------------------------
Debian LTS Advisory DLA-4521-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Tobias Frost
April 02, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : libpng1.6
Version : 1.6.37-3+deb11u3
CVE ID : CVE-2026-33416 CVE-2026-33636
Debian Bug : 1132012 1132013

Two security vulnerabilities were discovered in libpng, a library
implementing an interface for reading and writing PNG (Portable Network
Graphics) files, which could result in denial of service or potentially
the execution of arbitrary code.

CVE-2026-33416

Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`,
potentially allowing arbitrary code execution

CVE-2026-33636

Out-of-bounds read/write in the palette expansion on ARM Neon, potentially
causing a crash (DoS)

For Debian 11 bullseye, these problems have been fixed in version
1.6.37-3+deb11u3.

We recommend that you upgrade your libpng1.6 packages.

For the detailed security status of libpng1.6 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libpng1.6

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS