Alpine: multiple qt6-qtwebengine packages: security update to 6.7.2-r6

critical Tenable Self-Hosted Container Security Plugin ID 427445

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a
remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a
crafted HTML page. (Chromium security severity: Low) (CVE-2024-9965)

- Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to
potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
(CVE-2024-9120)

- Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of
bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2024-9122)

- Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an
out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2024-9123)

- Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who
had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
(Chromium security severity: High) (CVE-2024-9369)

See Also

https://security.alpinelinux.org/vuln/CVE-2024-10229

https://security.alpinelinux.org/vuln/CVE-2024-10230

https://security.alpinelinux.org/vuln/CVE-2024-10231

https://security.alpinelinux.org/vuln/CVE-2024-10487

https://security.alpinelinux.org/vuln/CVE-2024-10827

https://security.alpinelinux.org/vuln/CVE-2024-45490

https://security.alpinelinux.org/vuln/CVE-2024-45491

https://security.alpinelinux.org/vuln/CVE-2024-45492

https://security.alpinelinux.org/vuln/CVE-2024-9120

https://security.alpinelinux.org/vuln/CVE-2024-9122

https://security.alpinelinux.org/vuln/CVE-2024-9123

https://security.alpinelinux.org/vuln/CVE-2024-9369

https://security.alpinelinux.org/vuln/CVE-2024-9602

https://security.alpinelinux.org/vuln/CVE-2024-9603

https://security.alpinelinux.org/vuln/CVE-2024-9965

https://security.alpinelinux.org/vuln/CVE-2024-9966

Plugin Details

Severity: Critical

ID: 427445

Version: Revision 1.15

Type: Local

Published: 5/16/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 96.98

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-9965

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2024-45492

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/30/2024

Reference Information

CVE: CVE-2024-10229, CVE-2024-10230, CVE-2024-10231, CVE-2024-10487, CVE-2024-10827, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-9120, CVE-2024-9122, CVE-2024-9123, CVE-2024-9369, CVE-2024-9602, CVE-2024-9603, CVE-2024-9965, CVE-2024-9966