Security advisory: Recently reported Chromium "Type confusion" issue impacts Qt WebEngine

Google has recently reported that Chromium has a security issue - Type confusion in the V8 JavaScript engine - which is reported in a bit more detail here: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html. This has been assigned the CVE id CVE-2022-1096.

This effects QtWebEngine as well since it is using Chromium to provide that functionality. Therefore as a result Qt needs to be patched as well to fix this problem. There is no workaround for this so the only solution is to apply the patch.

Solution: Apply the patch or update to Qt 5.15.9, Qt 6.2.5 or Qt 6.3.0.

Patches:

Qt 6.3: https://download.qt.io/official_releases/qt/6.3/CVE-2022-1096-qtwebengine-6.3.diff
Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2022-1096-qtwebengine-6.2.diff
Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2022-1096-qtwebengine-5.15.diff


Blog Topics:

Comments