A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bug(s): https://code.google.com/p/chromium/issues/detail?id=1216437 External References: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
This vulnerability is under active exploitation: https://thehackernews.com/2021/06/new-chrome-0-day-bug-under-active.html I assume that dev-qt/qtwebengine is also affected, as it is a library version of chromium. It be worthwhile to review the potential for exploitation of this vulnerability in the electron software in the tree. Off the top of my head, that includes: net-im/discord-bin net-im/signal-desktop-bin There are probably others. Embedded chromium is in many places. I had mistakenly posted about this in bug #789420.
Package list is empty or all packages have requested keywords.