Debian has released two important security advisories for widely used desktop applications: Thunderbird and Chromium. Both updates should be installed as soon as possible, especially on systems used for browsing, email, administration, or daily desktop work.
Thunderbird — DSA-6229-1
The Thunderbird update fixes multiple security vulnerabilities identified under several CVE numbers, including CVE-2026-6746 through CVE-2026-6786.
According to the Debian advisory, these issues could potentially allow arbitrary code execution. This is especially serious for an email client, because Thunderbird handles complex content such as HTML email, attachments, links, and remote resources.
Fixed versions:
Debian oldstable bookworm:
1:140.10.0esr-1~deb12u1
Debian stable trixie:
1:140.10.0esr-1~deb13u1
Chromium — DSA-6230-1
Debian also released a Chromium security update fixing:
CVE-2026-6919
CVE-2026-6920
CVE-2026-6921
These vulnerabilities could result in arbitrary code execution, denial of service, or information disclosure. Since web browsers process untrusted content from the internet all the time, browser security updates should always be treated as high priority.
Fixed versions:
Debian oldstable bookworm:
147.0.7727.116-1~deb12u1
Debian stable trixie:
147.0.7727.116-1~deb13u1
Recommended action
Update your Debian system:
Code: Select all
sudo apt update
sudo apt full-upgradeCode: Select all
sudo apt install --only-upgrade thunderbird chromiumCheck installed versions
Code: Select all
apt policy thunderbird chromium