惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V
Visual Studio Blog
F
Full Disclosure
B
Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
Lohrmann on Cybersecurity
月光博客
月光博客
I
Intezer
博客园 - 三生石上(FineUI控件)
Hacker News - Newest:
Hacker News - Newest: "LLM"
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园_首页
P
Proofpoint News Feed
C
Check Point Blog
N
News | PayPal Newsroom
H
Heimdal Security Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
G
GRAHAM CLULEY
WordPress大学
WordPress大学
C
CERT Recently Published Vulnerability Notes
Y
Y Combinator Blog
Recorded Future
Recorded Future
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tailwind CSS Blog
W
WeLiveSecurity
L
LINUX DO - 热门话题
Microsoft Azure Blog
Microsoft Azure Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Schneier on Security
Schneier on Security
爱范儿
爱范儿
Martin Fowler
Martin Fowler
U
Unit 42
T
Troy Hunt's Blog
S
Securelist
V
V2EX
V2EX - 技术
V2EX - 技术
MongoDB | Blog
MongoDB | Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
M
MIT News - Artificial intelligence
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
罗磊的独立博客
小众软件
小众软件
阮一峰的网络日志
阮一峰的网络日志
Vercel News
Vercel News

WPEwebkit.org

WPE WebKit 2.52.4 released WPE WebKit 2.53.3 released WPE WebKit 2.53.2 released WPE WebKit 2.53.1 released WPE WebKit 2.52.3 released WPE WebKit 2.52.2 released WebKitGTK and WPE WebKit Security Advisory WSA-2026-0002 WPE WebKit 2.52.1 released WebKitGTK and WPE WebKit Security Advisory WSA-2026-0001
WebKitGTK and WPE WebKit Security Advisory WSA-2026-0003
2026-06-02 · via WPEwebkit.org
  • Date Reported: June 02, 2026

  • Advisory ID: WSA-2026-0003

  • CVE identifiers: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2026-28847

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 308707
  • CVE-2026-28883

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to kwak kiyong / kakaogames.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 313939
  • CVE-2026-28901

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 310207
  • CVE-2026-28902

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 309861
  • CVE-2026-28903

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Mateusz Krzywicki (iVerify.io).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 310303
  • CVE-2026-28904

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Luka Rački.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 309601
  • CVE-2026-28905

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 308545
  • CVE-2026-28907

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Cantina.
    • Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: The issue was addressed with improved input validation.
    • WebKit Bugzilla: 308675
  • CVE-2026-28942

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Milad Nasr and Nicholas Carlini with Claude, Anthropic.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 312180
  • CVE-2026-28946

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 310544
  • CVE-2026-28947

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to dr3dd.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 310234
  • CVE-2026-28953

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Maher Azzouzi.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 309628
  • CVE-2026-28955

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to wac and Kookhwan Lee working with TrendAI Zero Day Initiative.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 310880
  • CVE-2026-28958

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Cantina.
    • Impact: An app may be able to access sensitive user data. Description: This issue was addressed with improved data protection.
    • WebKit Bugzilla: 311228
  • CVE-2026-43658

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Do Young Park.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 307669
  • CVE-2026-43660

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Cantina.
    • Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: A validation issue was addressed with improved logic.
    • WebKit Bugzilla: 308906

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey. Your input will help us make WPE WebKit better for you!

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey! Your input will help us make WPE WebKit better for you.