[qutebrowser] Chromium Zero-days (CVE-2019-13720 and -13721)
Florian Bruhin
me at the-compiler.org
Fri Nov 1 20:36:50 CET 2019
Hi,
There's currently news going around of two Chromium Zero-Days, one of them
being actively exploited in the wild:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
qutebrowser likely is unaffected by the PDFium one (as it disables the PDF
viewer, even with Qt 5.13). It's likely affected by the WebAudio one though,
and I don't see a way to turn WebAudio off (other than disabling JS).
Fixes for both will land in Qt 5.12.6 and 5.14.0 (there likely isn't going to
be a 5.13.3). I've also reported this to Arch and a fix landed in qt5-webengine
5.13.1-3 (and 5.13.2-2 in [testing]).
Florian
--
https://www.qutebrowser.org | me at the-compiler.org (Mail/XMPP)
GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc
I love long mails! | https://email.is-not-s.ms/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://listi.jpberlin.de/pipermail/qutebrowser/attachments/20191101/9b50582b/attachment.asc>
More information about the qutebrowser
mailing list