[qutebrowser] Chromium Zero-days (CVE-2019-13720 and -13721)

Florian Bruhin me at the-compiler.org
Fri Nov 1 20:36:50 CET 2019


Hi,

There's currently news going around of two Chromium Zero-Days, one of them
being actively exploited in the wild:

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html

qutebrowser likely is unaffected by the PDFium one (as it disables the PDF
viewer, even with Qt 5.13). It's likely affected by the WebAudio one though,
and I don't see a way to turn WebAudio off (other than disabling JS).

Fixes for both will land in Qt 5.12.6 and 5.14.0 (there likely isn't going to
be a 5.13.3). I've also reported this to Arch and a fix landed in qt5-webengine
5.13.1-3 (and 5.13.2-2 in [testing]).

Florian

-- 
https://www.qutebrowser.org | me at the-compiler.org (Mail/XMPP)
   GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc
         I love long mails! | https://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.schokokeks.org/pipermail/qutebrowser/attachments/20191101/9b50582b/attachment-0001.asc>


More information about the qutebrowser mailing list