Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.12.2, 5.13.0, 5.14.0 Alpha
Affects Version/s: 5.12.2
Component/s: WebEngine
Labels:
None

Commits:
92b078a534390dba64a0dcebcffdab4ce24581b6 (qt/qtwebengine/5.12.2)

Description

According to the Chromium releases blog (and this article in German with some details), an RCE got fixed in Chromium 72.0.3626.121.

Note that it seems to be exploited already: "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.".

Seeing that it's being actively exploited, this should probably block 5.12.2? See the upstream fix.

Taking the freedom to also mail security@qt-project.org to make them aware of this - still made a public bug report as the vulnerability in Chromium is public as well.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-74254
#	Subject	Branch	Project	Status	CR	V
255162,2	[Backport] CVE-2019-5786	69-based	qt/qtwebengine-chromium	Status: MERGED	+2	0
255187,2	Update Chromium	5.12.2	qt/qtwebengine	Status: MERGED	+2	0
257344,2	[Backport] CVE-2019-5786	56-based	qt/qtwebengine-chromium	Status: MERGED	+2	0

Activity

People

Assignee:: Michal Klocek

Reporter:: Florian Bruhin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06 Mar '19 18:27

Updated:: 22 Apr '22 09:55

Resolved:: 07 Mar '19 15:56

Gerrit Reviews

There are no open Gerrit changes

Show There are 3 closed Gerrit changes

Hide There are 3 closed Gerrit changes

[Backport] CVE-2019-5786: Gerrit Review:

Update Chromium: Gerrit Review:

[Backport] CVE-2019-5786: Gerrit Review: