CVE-2021-41146: Arbitrary command execution in qutebrowser on Windows via URL handler

I'm happy to announce that I just released qutebrowser v2.4.0!

This release fixes a high-severity arbitrary command execution on Windows via URL handlers, see the security advisory and commit message for details.

Windows users are urged to update as soon as possible. For everyone else, this is a rather quiet release, with the most interesting improvement perhaps being slightly improved Greasemonkey support.

The full changelog is available on the release page, also see the Reddit post for discussion.

All posts

  1. CVE-2018-10895: Remote code execution due to CSRF in qutebrowser
  2. qutebrowser v1.3.3 released (security update!)
  3. qutebrowser v1.2.0 released!
  4. qutebrowser v1.0.0 released!
  5. qutebrowser v0.10.0 released
  6. qutebrowser v0.8.0 released
  7. qutebrowser v0.7.0 released