[QTBUG-74254] CVE-2019-5786: RCE in Chromium - Qt Bug Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: P1: Critical
Resolution: Done
Affects Version/s: 5.12.2
Fix Version/s: 5.12.2, 5.14.0 Alpha
Component/s: WebEngine
Labels:
None

Description

According to the Chromium releases blog (and this article in German with some details), an RCE got fixed in Chromium 72.0.3626.121.

Note that it seems to be exploited already: "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.".

Seeing that it's being actively exploited, this should probably block 5.12.2? See the upstream fix.

Taking the freedom to also mail security@qt-project.org to make them aware of this - still made a public bug report as the vulnerability in Chromium is public as well.

Attachments

Options
- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

Gerrit Reviews

No reviews matched the request. Check your Options in the drop-down menu of this sections header.

Activity

People

Assignee:: Michal Klocek

Reporter:: Florian Bruhin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06 Mar '19 18:27

Updated:: 22 Mar '19 14:56

Resolved:: 07 Mar '19 15:56

Gerrit Reviews

There are no open Gerrit changes

Show There are 3 closed Gerrit changes

Hide There are 3 closed Gerrit changes

[Backport] CVE-2019-5786: Gerrit Review:

Update Chromium: Gerrit Review:

[Backport] CVE-2019-5786: Gerrit Review: