Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

ArchLinux: 201911-2 Critical: qt5-webengine Arbitrary Code Execution

Archlinux Large Esm H446
The package qt5-webengine before version 5.13.2-2 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201911-2
========================================
Severity: Critical
Date    : 2019-11-02
CVE-ID  : CVE-2019-13720
Package : qt5-webengine
Type    : arbitrary code execution
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1059

Summary
======
The package qt5-webengine before version 5.13.2-2 is vulnerable to
arbitrary code execution.

Resolution
=========
Upgrade to 5.13.2-2.

# pacman -Syu "qt5-webengine>=5.13.2-2"

The problem has been fixed upstream but no release is available yet.

Workaround
=========
None.

Description
==========
A use-after-free vulnerability has been found in the audio component of
the chromium browser before 78.0.3904.87. Google is aware of reports
that an exploit for this vulnerability exists in the wild.

Impact
=====
A remote attacker can execute arbitrary code on the affected host.

References
=========
https://bugs.archlinux.org/task/64347
https://code.qt.io/cgit/qt/qtwebengine-chromium.git/patch/?id=d6e5fc10e417efdf8665d9fba57c269f0534072f
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
https://security.archlinux.org/CVE-2019-13720
Your message here