diff --git a/backport-CVE-2024-12694.patch b/backport-CVE-2024-12694.patch
new file mode 100644
index 0000000000000000000000000000000000000000..74b8e7949faca242f89c8346843034122987a6a3
--- /dev/null
+++ b/backport-CVE-2024-12694.patch
@@ -0,0 +1,53 @@
+From e79507cb9cd85a80879a7c3c5570eaa96f56b5b6 Mon Sep 17 00:00:00 2001
+From: Stefan Zager <szager@chromium.org>
+Date: Sat, 14 Dec 2024 11:06:00 -0800
+Subject: [Backport] CVE-2024-12694: Use after free in Compositing
+
+Cherry-pick of patch originally reviewed on
+https://chromium-review.googlesource.com/c/chromium/src/+/6093379:
+Prevent ImageData from being reclaimed while in use
+
+Cherry-picked from:
+  https://chromium-review.googlesource.com/c/chromium/src/+/5990752
+
+Bug: chromium:368222741
+Change-Id: If830b19287fd7c4aa07137044f23a14f8ce6912d
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6093379
+Reviewed-by: Prudhvikumar Bommana <pbommana@google.com>
+Owners-Override: Prudhvikumar Bommana <pbommana@google.com>
+Commit-Queue: Prudhvikumar Bommana <pbommana@google.com>
+Cr-Commit-Position: refs/branch-heads/6723@{#2713}
+Cr-Branched-From: 985f2961df230630f9cbd75bd6fe463009855a11-refs/heads/main@{#1356013}
+Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/615689
+Reviewed-by: Anu Aliyas <anu.aliyas@qt.io>
+---
+ chromium/cc/tiles/gpu_image_decode_cache.cc | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/3rdparty/chromium/cc/tiles/gpu_image_decode_cache.cc b/src/3rdparty/chromium/cc/tiles/gpu_image_decode_cache.cc
+index 04ea83859f0..a256a956be4 100644
+--- a/src/3rdparty/chromium/cc/tiles/gpu_image_decode_cache.cc
++++ b/src/3rdparty/chromium/cc/tiles/gpu_image_decode_cache.cc
+@@ -1904,6 +1904,10 @@ void GpuImageDecodeCache::DecodeImageIfNecessary(const DrawImage& draw_image,
+   TRACE_EVENT0("cc,benchmark", "GpuImageDecodeCache::DecodeImage");
+ 
+   image_data->decode.ResetData();
++
++  // Prevent image_data from being deleted while lock is not held.
++  scoped_refptr<ImageData> image_data_holder(image_data);
++
+   std::unique_ptr<base::DiscardableMemory> backing_memory;
+   sk_sp<SkImage> image;
+   // These are used only for decoding into YUV.
+@@ -2131,6 +2135,9 @@ void GpuImageDecodeCache::UploadImageIfNecessary(const DrawImage& draw_image,
+   GrMipMapped image_needs_mips =
+       image_data->needs_mips ? GrMipMapped::kYes : GrMipMapped::kNo;
+ 
++  // Prevent image_data from being deleted while lock is not held.
++  scoped_refptr<ImageData> image_data_holder(image_data);
++
+   if (image_data->is_yuv) {
+     DCHECK(image_data->yuv_color_space.has_value());
+     // Grab a reference to our decoded image. For the kCpu path, we will use
+-- 
+cgit v1.2.3
diff --git a/qt5-qtwebengine.spec b/qt5-qtwebengine.spec
index 9cdca8ce1c6d5b00435a9a9860c3741d9fbfbdc2..7caa497b52f47a2eaf6a4c44d8ef596a24be8da8 100644
--- a/qt5-qtwebengine.spec
+++ b/qt5-qtwebengine.spec
@@ -52,7 +52,7 @@
 Summary: Qt5 - QtWebEngine components
 Name:    qt5-qtwebengine
 Version: 5.15.10
-Release: 7
+Release: 8
 
 # See LICENSE.GPL LICENSE.LGPL LGPL_EXCEPTION.txt, for details
 # See also http://qt-project.org/doc/qt-5.0/qtdoc/licensing.html
@@ -123,6 +123,9 @@ Patch53: fix-build-tools-to-run-with-python3.11.patch
 # bit-field.h:43:29: error: integer value 7 is outside the valid range of values [0, 3] for the enumeration type 'Kind'
 Patch54: fix-qt5-qtwebengine-build-with-clang-17.patch
 
+#https://code.qt.io/cgit/qt/qtwebengine-chromium.git/commit/?h=87-based&id=e79507cb9cd85a80879a7c3c5570eaa96f56b5b6
+Patch55: backport-CVE-2024-12694.patch
+
 # riscv64 support patch from Arch Linux
 Patch1000: riscv-v8.patch
 Patch1001: riscv-qt5-qtwebengine.patch
@@ -437,6 +440,7 @@ popd
 %patch52 -p1 -b .chromium-python3
 %patch53 -p1 -b .fix-build-tools-to-run-with-python3.11
 %patch54 -p1 -b .fix-qt5-qtwebengine-build-with-clang-17
+%patch55 -p1
 
 %ifarch riscv64
 %patch1000 -p1 -b .riscv-v8
@@ -663,6 +667,9 @@ done
 
 
 %changelog
+* Tue Aug 12 2025 Jinfeng Liu <liujinfeng@cqsoftware.com.cn> - 5.15.10-8
+- Fix CVE-2024-12694
+
 * Fri Mar 07 2025 misaka00251 <liuxin@iscas.ac.cn> - 5.15.10-7
 - Fix build on riscv64