Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-74254

CVE-2019-5786: RCE in Chromium

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.12.2
    • Fix Version/s: 5.12.2, 5.14.0 Alpha
    • Component/s: WebEngine
    • Labels:
      None
    • Commits:
      92b078a534390dba64a0dcebcffdab4ce24581b6 (qt/qtwebengine/5.12.2)

      Description

      According to the Chromium releases blog (and this article in German with some details), an RCE got fixed in Chromium 72.0.3626.121.

      Note that it seems to be exploited already: "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.".

      Seeing that it's being actively exploited, this should probably block 5.12.2? See the upstream fix.

      Taking the freedom to also mail security@qt-project.org to make them aware of this - still made a public bug report as the vulnerability in Chromium is public as well.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            • Assignee:
              michal Michal Klocek
              Reporter:
              the compiler Florian Bruhin
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes