Security Updates: Thunderbird and Chromium
Posted: Sat Apr 25, 2026 4:14 am
Debian fixes multiple CVEs
Debian has released two important security advisories for widely used desktop applications: Thunderbird and Chromium. Both updates should be installed as soon as possible, especially on systems used for browsing, email, administration, or daily desktop work.
Thunderbird — DSA-6229-1
The Thunderbird update fixes multiple security vulnerabilities identified under several CVE numbers, including CVE-2026-6746 through CVE-2026-6786.
According to the Debian advisory, these issues could potentially allow arbitrary code execution. This is especially serious for an email client, because Thunderbird handles complex content such as HTML email, attachments, links, and remote resources.
Fixed versions:
Debian oldstable bookworm:
1:140.10.0esr-1~deb12u1
Debian stable trixie:
1:140.10.0esr-1~deb13u1
Chromium — DSA-6230-1
Debian also released a Chromium security update fixing:
CVE-2026-6919
CVE-2026-6920
CVE-2026-6921
These vulnerabilities could result in arbitrary code execution, denial of service, or information disclosure. Since web browsers process untrusted content from the internet all the time, browser security updates should always be treated as high priority.
Fixed versions:
Debian oldstable bookworm:
147.0.7727.116-1~deb12u1
Debian stable trixie:
147.0.7727.116-1~deb13u1
Recommended action
Update your Debian system:
Or update only the affected packages:
After the update, restart Thunderbird and Chromium completely. For shared workstations or desktop environments, a full logout/login or reboot is also a good idea.
Check installed versions
Keeping browsers and email clients updated is one of the most important security basics, because these applications are often the first contact point with malicious websites, phishing emails, infected attachments, and exploit attempts.
Debian has released two important security advisories for widely used desktop applications: Thunderbird and Chromium. Both updates should be installed as soon as possible, especially on systems used for browsing, email, administration, or daily desktop work.
Thunderbird — DSA-6229-1
The Thunderbird update fixes multiple security vulnerabilities identified under several CVE numbers, including CVE-2026-6746 through CVE-2026-6786.
According to the Debian advisory, these issues could potentially allow arbitrary code execution. This is especially serious for an email client, because Thunderbird handles complex content such as HTML email, attachments, links, and remote resources.
Fixed versions:
Debian oldstable bookworm:
1:140.10.0esr-1~deb12u1
Debian stable trixie:
1:140.10.0esr-1~deb13u1
Chromium — DSA-6230-1
Debian also released a Chromium security update fixing:
CVE-2026-6919
CVE-2026-6920
CVE-2026-6921
These vulnerabilities could result in arbitrary code execution, denial of service, or information disclosure. Since web browsers process untrusted content from the internet all the time, browser security updates should always be treated as high priority.
Fixed versions:
Debian oldstable bookworm:
147.0.7727.116-1~deb12u1
Debian stable trixie:
147.0.7727.116-1~deb13u1
Recommended action
Update your Debian system:
Code: Select all
sudo apt update
sudo apt full-upgradeCode: Select all
sudo apt install --only-upgrade thunderbird chromiumCheck installed versions
Code: Select all
apt policy thunderbird chromium