-
Type:
Bug
-
Status: Closed
-
Priority:
P1: Critical
-
Resolution: Done
-
Affects Version/s: 5.12.2
-
Fix Version/s: 5.12.2, 5.14.0 Alpha
-
Component/s: WebEngine
-
Labels:None
-
Commits:92b078a534390dba64a0dcebcffdab4ce24581b6 (qt/qtwebengine/5.12.2)
According to the Chromium releases blog (and this article in German with some details), an RCE got fixed in Chromium 72.0.3626.121.
Note that it seems to be exploited already: "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.".
Seeing that it's being actively exploited, this should probably block 5.12.2? See the upstream fix.
Taking the freedom to also mail security@qt-project.org to make them aware of this - still made a public bug report as the vulnerability in Chromium is public as well.