Detections
Analytics

Alpine: qt6-qtwebengine: security update to 6.10.3-r2

high Tenable Cloud Security Plugin ID 441973

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to
 potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
 (CVE-2026-6360)

 - Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute
 arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
 (CVE-2026-5871)

 - Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a
 user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page.
 (Chromium security severity: Low) (CVE-2026-5896)

 - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to
 install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
 (Chromium security severity: Low) (CVE-2026-5904)

 - Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to
 perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)
 (CVE-2026-5907)

Solution

Update the qt6-qtwebengine library and its related packages to version 6.10.3-r2 or later.

See Also

https://security.alpinelinux.org/vuln/CVE-2026-5871

https://security.alpinelinux.org/vuln/CVE-2026-5896

https://security.alpinelinux.org/vuln/CVE-2026-5904

https://security.alpinelinux.org/vuln/CVE-2026-5907

https://security.alpinelinux.org/vuln/CVE-2026-6298

https://security.alpinelinux.org/vuln/CVE-2026-6300

https://security.alpinelinux.org/vuln/CVE-2026-6301

https://security.alpinelinux.org/vuln/CVE-2026-6302

https://security.alpinelinux.org/vuln/CVE-2026-6303

https://security.alpinelinux.org/vuln/CVE-2026-6304

https://security.alpinelinux.org/vuln/CVE-2026-6305

https://security.alpinelinux.org/vuln/CVE-2026-6306

https://security.alpinelinux.org/vuln/CVE-2026-6308

https://security.alpinelinux.org/vuln/CVE-2026-6309

https://security.alpinelinux.org/vuln/CVE-2026-6311

https://security.alpinelinux.org/vuln/CVE-2026-6312

https://security.alpinelinux.org/vuln/CVE-2026-6313

https://security.alpinelinux.org/vuln/CVE-2026-6314

https://security.alpinelinux.org/vuln/CVE-2026-6316

https://security.alpinelinux.org/vuln/CVE-2026-6359

https://security.alpinelinux.org/vuln/CVE-2026-6360

https://security.alpinelinux.org/vuln/CVE-2026-6361

https://security.alpinelinux.org/vuln/CVE-2026-6362

https://security.alpinelinux.org/vuln/CVE-2026-6364

Plugin Details

Severity: High

ID: 441973

Version: Revision 1.1

Type: Local

Published: 5/15/2026

Updated: 5/15/2026

Supported Sensors: Agentless Assessment

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-6360

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/7/2026

Reference Information

CVE: CVE-2026-5871, CVE-2026-5896, CVE-2026-5904, CVE-2026-5907, CVE-2026-6298, CVE-2026-6300, CVE-2026-6301, CVE-2026-6302, CVE-2026-6303, CVE-2026-6304, CVE-2026-6305, CVE-2026-6306, CVE-2026-6308, CVE-2026-6309, CVE-2026-6311, CVE-2026-6312, CVE-2026-6313, CVE-2026-6314, CVE-2026-6316, CVE-2026-6359, CVE-2026-6360, CVE-2026-6361, CVE-2026-6362, CVE-2026-6364