Alpine: multiple qt6-qtwebengine packages: security update to 6.10.1-r14

high Tenable Self-Hosted Container Security Plugin ID 440140

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to
perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
(CVE-2026-5282)

- Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute
arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2026-5272)

- Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform
arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2026-5274)

- Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to
execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2026-5275)

- Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote
attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
(Chromium security severity: High) (CVE-2026-5276)

Solution

Update the qt6-qtwebengine library and its related packages to version 6.10.1-r14 or later.

See Also

https://security.alpinelinux.org/vuln/CVE-2026-5272

https://security.alpinelinux.org/vuln/CVE-2026-5274

https://security.alpinelinux.org/vuln/CVE-2026-5275

https://security.alpinelinux.org/vuln/CVE-2026-5276

https://security.alpinelinux.org/vuln/CVE-2026-5277

https://security.alpinelinux.org/vuln/CVE-2026-5279

https://security.alpinelinux.org/vuln/CVE-2026-5280

https://security.alpinelinux.org/vuln/CVE-2026-5281

https://security.alpinelinux.org/vuln/CVE-2026-5282

https://security.alpinelinux.org/vuln/CVE-2026-5283

https://security.alpinelinux.org/vuln/CVE-2026-5284

https://security.alpinelinux.org/vuln/CVE-2026-5285

https://security.alpinelinux.org/vuln/CVE-2026-5287

https://security.alpinelinux.org/vuln/CVE-2026-5289

https://security.alpinelinux.org/vuln/CVE-2026-5290

https://security.alpinelinux.org/vuln/CVE-2026-5291

https://security.alpinelinux.org/vuln/CVE-2026-5292

Plugin Details

Severity: High

ID: 440140

Version: Revision 1.7

Type: Local

Published: 4/10/2026

Updated: 7/10/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

Percentile: 99.76

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C

CVSS Score Source: CVE-2026-5282

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/31/2026

CISA Known Exploited Vulnerability Due Dates: 4/15/2026

Reference Information

CVE: CVE-2026-5272, CVE-2026-5274, CVE-2026-5275, CVE-2026-5276, CVE-2026-5277, CVE-2026-5279, CVE-2026-5280, CVE-2026-5281, CVE-2026-5282, CVE-2026-5283, CVE-2026-5284, CVE-2026-5285, CVE-2026-5287, CVE-2026-5289, CVE-2026-5290, CVE-2026-5291, CVE-2026-5292