惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
小众软件
小众软件
Engineering at Meta
Engineering at Meta
博客园 - 三生石上(FineUI控件)
WordPress大学
WordPress大学
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
V2EX
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
酷 壳 – CoolShell
酷 壳 – CoolShell
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
H
Help Net Security
Martin Fowler
Martin Fowler
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - Franky
V
Vulnerabilities – Threatpost
云风的 BLOG
云风的 BLOG
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
Stack Overflow Blog
Stack Overflow Blog
Recent Announcements
Recent Announcements
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
I
Intezer
Scott Helme
Scott Helme
A
About on SuperTechFans
博客园 - 司徒正美
Hacker News: Ask HN
Hacker News: Ask HN
The GitHub Blog
The GitHub Blog
Forbes - Security
Forbes - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Spread Privacy
Spread Privacy
T
Tailwind CSS Blog
S
Security Affairs
宝玉的分享
宝玉的分享

WPEwebkit.org

WebKitGTK and WPE WebKit Security Advisory WSA-2026-0003 WPE WebKit 2.52.4 released WPE WebKit 2.53.3 released WPE WebKit 2.53.2 released WPE WebKit 2.53.1 released WPE WebKit 2.52.3 released WPE WebKit 2.52.2 released WebKitGTK and WPE WebKit Security Advisory WSA-2026-0002 WPE WebKit 2.52.1 released
WebKitGTK and WPE WebKit Security Advisory WSA-2026-0001
2026-03-18 · via WPEwebkit.org
  • Date Reported: March 18, 2026

  • Advisory ID: WSA-2026-0001

  • CVE identifiers: CVE-2023-43010, CVE-2025-31223, CVE-2025-31277, CVE-2025-43213, CVE-2025-43214, CVE-2025-43433, CVE-2025-43438, CVE-2025-43441, CVE-2025-43457, CVE-2025-43511, CVE-2025-46299, CVE-2026-20608, CVE-2026-20635, CVE-2026-20636, CVE-2026-20644, CVE-2026-20652, CVE-2026-20676

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2023-43010

    • Versions affected: WebKitGTK and WPE WebKit before 2.44.0.
    • Credit to Apple.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 260913
  • CVE-2025-31223

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.0.
    • Credit to Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved checks.
    • WebKit Bugzilla: 289387
  • CVE-2025-31277

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.0.
    • Credit to Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 291745
  • CVE-2025-43213

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.5.
    • Credit to Google V8 Security Team.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 292621
  • CVE-2025-43214

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.5.
    • Credit to shandikri working with Trend Micro Zero Day Initiative, Google V8 Security Team.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 292599
  • CVE-2025-43433

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Google Big Sleep.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 298093
  • CVE-2025-43438

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to rheza (@ginggilBesel), shandikri working with Trend Micro Zero Day Initiative.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 297662
  • CVE-2025-43441

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to rheza (@ginggilBesel).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 298496
  • CVE-2025-43457

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to Gary Kwong, Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 298606
  • CVE-2025-43511

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.5.
    • Credit to 이동하 (Lee Dong Ha of BoB 14th).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 300926
  • CVE-2025-46299

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.0.
    • Credit to Google Big Sleep.
    • Impact: Processing maliciously crafted web content may disclose internal states of the app. Description: A memory initialization issue was addressed with improved memory handling.
    • WebKit Bugzilla: 299518
  • CVE-2026-20608

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to HanQing from TSDubhe and Nan Wang (@eternalsakura13).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management.
    • WebKit Bugzilla: 303357
  • CVE-2026-20635

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to EntryHi.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 304661
  • CVE-2026-20636

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to EntryHi.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 304657
  • CVE-2026-20644

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to HanQing from TSDubhe and Nan Wang (@eternalsakura13).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 303444
  • CVE-2026-20652

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to Nathaniel Oh (@calysteon).
    • Impact: A remote attacker may be able to cause a denial-of-service. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 303959
  • CVE-2026-20676

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to Tom Van Goethem.
    • Impact: A website may be able to track users through Safari web extensions. Description: This issue was addressed through improved state management.
    • WebKit Bugzilla: 305020

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey. Your input will help us make WPE WebKit better for you!

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey! Your input will help us make WPE WebKit better for you.