Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-74254

CVE-2019-5786: RCE in Chromium

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • P1: Critical
    • Resolution: Done
    • 5.12.2
    • 5.12.2, 5.13.0, 5.14.0 Alpha
    • WebEngine
    • None
    • 92b078a534390dba64a0dcebcffdab4ce24581b6 (qt/qtwebengine/5.12.2)

    Description

      According to the Chromium releases blog (and this article in German with some details), an RCE got fixed in Chromium 72.0.3626.121.

      Note that it seems to be exploited already: "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.".

      Seeing that it's being actively exploited, this should probably block 5.12.2? See the upstream fix.

      Taking the freedom to also mail security@qt-project.org to make them aware of this - still made a public bug report as the vulnerability in Chromium is public as well.

      Attachments

        For Gerrit Dashboard: QTBUG-74254
        # Subject Branch Project Status CR V

        Activity

          People

            michal Michal Klocek
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes