Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-74254

CVE-2019-5786: RCE in Chromium

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P1: Critical
    • Resolution: Done
    • Affects Version/s: 5.12.2
    • Fix Version/s: 5.12.2, 5.14.0 Alpha
    • Component/s: WebEngine
    • Labels:
      None
    • Commits:
      92b078a534390dba64a0dcebcffdab4ce24581b6 (qt/qtwebengine/5.12.2)

      Description

      According to the Chromium releases blog (and this article in German with some details), an RCE got fixed in Chromium 72.0.3626.121.

      Note that it seems to be exploited already: "Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.".

      Seeing that it's being actively exploited, this should probably block 5.12.2? See the upstream fix.

      Taking the freedom to also mail security@qt-project.org to make them aware of this - still made a public bug report as the vulnerability in Chromium is public as well.

        Attachments

        For Gerrit Dashboard: QTBUG-74254
        # Subject Branch Project Status CR V

          Activity

            People

            Assignee:
            michal Michal Klocek
            Reporter:
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes