Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel
Rhea.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to kwak kiyong / kakaogames.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: A use-after-free issue was addressed with improved memory
management.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor
Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon).
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Mateusz Krzywicki (iVerify.io).
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Luka Rački.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Cantina.
Impact: Processing maliciously crafted web content may prevent Content Security Policy
from being enforced. Description: The issue was addressed with improved input
validation.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Milad Nasr and Nicholas Carlini with Claude, Anthropic.
Impact: Processing maliciously crafted web content may lead to an unexpected Safari
crash. Description: A use-after-free issue was addressed with improved memory
management.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox.
Impact: Processing maliciously crafted web content may lead to an unexpected Safari
crash. Description: A use-after-free issue was addressed with improved memory
management.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to dr3dd.
Impact: Processing maliciously crafted web content may lead to an unexpected Safari
crash. Description: A use-after-free issue was addressed with improved memory
management.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Maher Azzouzi.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to wac and Kookhwan Lee working with TrendAI Zero Day Initiative.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Do Young Park.
Impact: Processing maliciously crafted web content may lead to an unexpected Safari
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
Credit to Cantina.
Impact: Processing maliciously crafted web content may prevent Content Security Policy
from being enforced. Description: A validation issue was addressed with improved
logic.
WebKit Bugzilla: 308906
We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the
best way to ensure that you are running safe versions of WebKit. Please check our websites
for information about the latest stable releases.