Google has recently reported that Chromium has a security issue - Type confusion in the V8 JavaScript engine - which is reported in a bit more detail here: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html. This has been assigned the CVE id CVE-2022-1096.
This effects QtWebEngine as well since it is using Chromium to provide that functionality. Therefore as a result Qt needs to be patched as well to fix this problem. There is no workaround for this so the only solution is to apply the patch. Solution: Apply the patch or update to Qt 5.15.9, Qt 6.2.5 or Qt 6.3.0. Patches: Qt 6.3: https://download.qt.io/official_releases/qt/6.3/CVE-2022-1096-qtwebengine-6.3.diff Qt 6.2: https://download.qt.io/official_releases/qt/6.2/CVE-2022-1096-qtwebengine-6.2.diff Qt 5.15: https://download.qt.io/official_releases/qt/5.15/CVE-2022-1096-qtwebengine-5.15.diff Kind regards, Andy -- Andy Shaw Senior Manager Customer Support The Qt Company _______________________________________________ Announce mailing list annou...@qt-project.org https://lists.qt-project.org/listinfo/announce _______________________________________________ Development mailing list Development@qt-project.org https://lists.qt-project.org/listinfo/development
