Alpine: multiple qt6-qtwebengine packages: security update to 6.8.2-r4

medium Tenable Cloud Security Plugin ID 427824

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer
is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the
original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can
result in arbitrary code execution. (CVE-2025-3277)

- Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker
who convinced a user to engage in specific UI gestures to bypass discretionary access control via a
crafted HTML page. (Chromium security severity: Medium) (CVE-2025-4051)

- Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker
who convinced a user to engage in specific UI gestures to bypass discretionary access control via a
crafted HTML page. (Chromium security severity: Low) (CVE-2025-4052)

- Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to
136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file.
(Chromium security severity: High) (CVE-2025-4609)

- Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote
attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
(CVE-2025-4664)

See Also

https://security.alpinelinux.org/vuln/CVE-2025-3277

https://security.alpinelinux.org/vuln/CVE-2025-4051

https://security.alpinelinux.org/vuln/CVE-2025-4052

https://security.alpinelinux.org/vuln/CVE-2025-4609

https://security.alpinelinux.org/vuln/CVE-2025-4664

Plugin Details

Severity: Medium

ID: 427824

Version: Revision 1.13

Type: Local

Published: 5/31/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: High

Score: 7

Percentile: 98.33

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-3277

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Threat Score: 5.5

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/12/2023

Reference Information

CVE: CVE-2025-3277, CVE-2025-4051, CVE-2025-4052, CVE-2025-4609, CVE-2025-4664