[Announce] Security advisory: Recently reported Chromium "Type confusion" issue impacts Qt WebEngine
List for announcements regarding Qt releases and development
announce at qt-project.org
Tue Apr 5 08:47:08 CEST 2022
Google has recently reported that Chromium has a security issue - Type confusion in the V8 JavaScript engine - which is reported in a bit more detail here: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html. This has been assigned the CVE id CVE-2022-1096.
This effects QtWebEngine as well since it is using Chromium to provide that functionality. Therefore as a result Qt needs to be patched as well to fix this problem. There is no workaround for this so the only solution is to apply the patch.
Solution: Apply the patch or update to Qt 5.15.9, Qt 6.2.5 or Qt 6.3.0.
Patches:
Qt 6.3: https://download.qt.io/official_releases/qt/6.3/CVE-2022-1096-qtwebengine-6.3.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2022-1096-qtwebengine-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2022-1096-qtwebengine-5.15.diff
Kind regards,
Andy
--
Andy Shaw
Senior Manager Customer Support
The Qt Company
More information about the Announce
mailing list