On 7/10/23 02:30, Vitaly Zaitsev via devel wrote:
On 10/07/2023 02:49, Demi Marie Obenour wrote:
QtWebEngine (used by Falkon) was a month or more behind upstream Chromium last I checked.
Qt5QtWebEngine is an extremely vulnerable thing. It still uses Chromium 87.0[1].
Current Chromium version: 105.0.
In that case it should be removed from the distribution. Can KDE mail clients be built without QtWebEngine? This would disable HTML email support, but plain text mail might still work.
More generally, WebKit is the only major browser engine with upstream support for being embedded, so it is the only embedded browser engine that is supportable security-wise. Unfortunately, it is also the least secure of the major browser engines on Linux last I checked, and in particular is far behind Chromium.