Details
-
Bug
-
Resolution: Out of scope
-
P2: Important
-
None
-
6.4.3
-
None
Description
In Qt 6.4.3, WebEngine should be based on 102.0.5005.177 Chromium with security patches up to 110.0.5481.78 backported. However, a bunch of the CVEs prior to 110.0.5481.78 are not included. Below, I included some examples of fixes that available in Chromium prior to, but not available in WebEngine.
I have looked for the [Backport] commit messages and cross-checked with Google's numbering system. Do I need to look somewhere else for these backported security updates in WebEngine?
CVE | Note |
`CVE-2022-2157` | Fixed in `103.0.5060.53` |
`CVE-2022-2161` | Fixed in `103.0.5060.53` |
`CVE-2022-2163` | Fixed in `103.0.5060.134` |
`CVE-2022-2415` | Fixed in `103.0.5060.53` |
`CVE-2022-2603` | Fixed in `104.0.5112.79` |
`CVE-2022-2604` | Fixed in `104.0.5112.79` |
`CVE-2022-2608` | Fixed in `104.0.5112.79` |
`CVE-2022-2623` | Fixed in `104.0.5112.79` |
`CVE-2022-2742` | Fixed in `104.0.5112.79` |
`CVE-2022-2743` | Fixed in `104.0.5112.79` |
`CVE-2022-2852` | Fixed in `104.0.5112.101` |
`CVE-2022-2858` | Fixed in `104.0.5112.101` |
`CVE-2022-3043` | Fixed in `105.0.5195.52` |
`CVE-2022-3049` | Fixed in `105.0.5195.52` |
`CVE-2022-3050` | Fixed in `105.0.5195.52` |
`CVE-2022-3051` | Fixed in `105.0.5195.52` |
`CVE-2022-3052` | Fixed in `105.0.5195.52` |
`CVE-2022-3058` | Fixed in `105.0.5195.52` |
`CVE-2022-3071` | Fixed in `105.0.5195.52` |
`CVE-2022-3195` | Fixed in `105.0.5195.125` |
`CVE-2022-3305` | Fixed in `106.0.5249.61` |
`CVE-2022-3306` | Fixed in `106.0.5249.61` |
`CVE-2022-3448` | Fixed in `106.0.5249.119` |
`CVE-2022-3449` | Fixed in `106.0.5249.119` |
`CVE-2022-3655` | Fixed in `107.0.5304.68` |
`CVE-2022-3657` | Fixed in `107.0.5304.62` |
`CVE-2022-3658` | Fixed in `107.0.5304.62` |
`CVE-2022-3659` | Fixed in `107.0.5304.62` |
`CVE-2022-3886` | Fixed in `107.0.5304.110` |
`CVE-2022-4176` | Fixed in `108.0.5359.71` |
`CVE-2022-4177` | Fixed in `108.0.5359.71` |
`CVE-2022-4191` | Fixed in `108.0.5359.71` |
`CVE-2022-4192` | Fixed in `108.0.5359.71` |
`CVE-2023-0128` | Fixed in `109.0.5414.74` |
`CVE-2023-0134` | Fixed in `109.0.5414.74` |
`CVE-2023-0135` | Fixed in `109.0.5414.74` |
`CVE-2023-0136` | Fixed in `109.0.5414.74` |
`CVE-2023-0137` | Fixed in `109.0.5414.74` |
`CVE-2023-0473` | Fixed in `109.0.5414.119` |
`CVE-2023-0474` | Fixed in `109.0.5414.119` |
`CVE-2023-0696` | Fixed in `110.0.5481.77` |