Skip to main content

Security advisory: Recently reported Chromium "Type confusion" issue impacts Qt WebEngine

Apr 4, 2022

by Andy Shaw
Comments

Google has recently reported that Chromium has a security issue - Type confusion in the V8 JavaScript engine - which is reported in a bit more detail here: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html. This has been assigned the CVE id CVE-2022-1096.

This effects QtWebEngine as well since it is using Chromium to provide that functionality. Therefore as a result Qt needs to be patched as well to fix this problem. There is no workaround for this so the only solution is to apply the patch.

Solution: Apply the patch or update to Qt 5.15.9, Qt 6.2.5 or Qt 6.3.0.

Patches:

Qt 6.3: https://download.qt.io/official_releases/qt/6.3/CVE-2022-1096-qtwebengine-6.3.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2022-1096-qtwebengine-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2022-1096-qtwebengine-5.15.diff

Blog Topics

Comments

Subscribe to our blog

Try Qt 6.10 Now!

Download the latest release here: www.qt.io/download

Qt 6.10 is now available, with new features and improvements for application developers and device creators.

We're Hiring

Check out all our open positions here and follow us on Instagram to see what it's like to be #QtPeople.

Related Articles

Security advisory: Recently reported dr_wav issue impacts Qt

Security advisory: Recently reported dr_wav issue impacts Qt

A recently reported issue regarding the loading of specifically crafted..

Read Article
Qt Quick Certification Tests Published

Qt Quick Certification Tests Published

In 2025, we launched the Qt Certification Testing Platform with the Qt..

Read Article
Congratulations Qt Champions 2025!

Congratulations Qt Champions 2025!

Through the Qt Project, both The Qt Group and a global community of..

Read Article