Security advisory: Recently reported Chromium "Type confusion" issue impacts Qt WebEngine
April 04, 2022 by Andy Shaw | Comments
Google has recently reported that Chromium has a security issue - Type confusion in the V8 JavaScript engine - which is reported in a bit more detail here: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html. This has been assigned the CVE id CVE-2022-1096.
This effects QtWebEngine as well since it is using Chromium to provide that functionality. Therefore as a result Qt needs to be patched as well to fix this problem. There is no workaround for this so the only solution is to apply the patch.
Solution: Apply the patch or update to Qt 5.15.9, Qt 6.2.5 or Qt 6.3.0.
Patches:
Qt 6.3: https://download.qt.io/official_releases/qt/6.3/CVE-2022-1096-qtwebengine-6.3.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2022-1096-qtwebengine-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2022-1096-qtwebengine-5.15.diff
Blog Topics:
Comments
Subscribe to our newsletter
Subscribe Newsletter
Try Qt 6.5 Now!
Download the latest release here: www.qt.io/download.
Qt 6.5 is the latest Long-Term-Support release with all you need for C++ cross-platform app development.
Explore Qt World
Check our Qt demos and case studies in the virtual Qt World
We're Hiring
Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.
Näytä tämä julkaisu Instagramissa.Henkilön Qt (@theqtcompany) jakama julkaisu