Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-74254

CVE-2019-5786: RCE in Chromium

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.12.2
    • Fix Version/s: 5.12.2, 5.14.0 Alpha
    • Component/s: WebEngine
    • Labels:
      None

      Description

      According to the Chromium releases blog (and this article in German with some details), an RCE got fixed in Chromium 72.0.3626.121.

      Note that it seems to be exploited already: "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.".

      Seeing that it's being actively exploited, this should probably block 5.12.2? See the upstream fix.

      Taking the freedom to also mail security@qt-project.org to make them aware of this - still made a public bug report as the vulnerability in Chromium is public as well.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            michal Michal Klocek
            Reporter:
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes