[QTBUG-74254] CVE-2019-5786: RCE in Chromium - Qt Bug Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P1: Critical
Resolution: Done
Affects Version/s: 5.12.2
Fix Version/s: 5.12.2, 5.13.0, 5.14.0 Alpha
Component/s: WebEngine
Labels:
None

Commits:
92b078a534390dba64a0dcebcffdab4ce24581b6 (qt/qtwebengine/5.12.2)

Description

According to the Chromium releases blog (and this article in German with some details), an RCE got fixed in Chromium 72.0.3626.121.

Note that it seems to be exploited already: "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.".

Seeing that it's being actively exploited, this should probably block 5.12.2? See the upstream fix.

Taking the freedom to also mail security@qt-project.org to make them aware of this - still made a public bug report as the vulnerability in Chromium is public as well.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Michal Klocek

Reporter:: Florian Bruhin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06 Mar '19 18:27

Updated:: 22 Apr '22 09:55

Resolved:: 07 Mar '19 15:56

Gerrit Reviews

There are no open Gerrit changes

Show There are 3 closed Gerrit changes

Hide There are 3 closed Gerrit changes

[Backport] CVE-2019-5786: Gerrit Review:

Update Chromium: Gerrit Review:

[Backport] CVE-2019-5786: Gerrit Review: