惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Spread Privacy
Spread Privacy
V
Visual Studio Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recorded Future
Recorded Future
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
I
InfoQ
Apple Machine Learning Research
Apple Machine Learning Research
MyScale Blog
MyScale Blog
M
MIT News - Artificial intelligence
WordPress大学
WordPress大学
Recent Announcements
Recent Announcements
V
V2EX
The GitHub Blog
The GitHub Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Jina AI
Jina AI
小众软件
小众软件
aimingoo的专栏
aimingoo的专栏
V
Vulnerabilities – Threatpost
C
Check Point Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
AI
AI
宝玉的分享
宝玉的分享
P
Proofpoint News Feed
量子位
Attack and Defense Labs
Attack and Defense Labs
H
Hackread – Cybersecurity News, Data Breaches, AI and More
P
Privacy International News Feed
Google DeepMind News
Google DeepMind News
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
CERT Recently Published Vulnerability Notes
腾讯CDC
Latest news
Latest news
Google DeepMind News
Google DeepMind News
The Register - Security
The Register - Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
G
GRAHAM CLULEY
Blog — PlanetScale
Blog — PlanetScale
博客园_首页
美团技术团队
The Cloudflare Blog
T
Tenable Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
J
Java Code Geeks
SecWiki News
SecWiki News
Webroot Blog
Webroot Blog
N
News | PayPal Newsroom
博客园 - 叶小钗
博客园 - Franky

WPEwebkit.org

WebKitGTK and WPE WebKit Security Advisory WSA-2026-0003 WPE WebKit 2.52.4 released WPE WebKit 2.53.3 released WPE WebKit 2.53.2 released WPE WebKit 2.53.1 released WPE WebKit 2.52.3 released WPE WebKit 2.52.2 released WPE WebKit 2.52.1 released WebKitGTK and WPE WebKit Security Advisory WSA-2026-0001
WebKitGTK and WPE WebKit Security Advisory WSA-2026-0002
2026-03-28 · via WPEwebkit.org
  • Date Reported: March 28, 2026

  • Advisory ID: WSA-2026-0002

  • CVE identifiers: CVE-2026-20643, CVE-2026-20664, CVE-2026-20665, CVE-2026-20691, CVE-2026-28857, CVE-2026-28859, CVE-2026-28861, CVE-2026-28871

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2026-20643

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Thomas Espach.
    • Impact: Processing maliciously crafted web content may bypass Same Origin Policy. Description: A cross-origin issue in the Navigation API was addressed with improved input validation.
    • WebKit Bugzilla: 306050
  • CVE-2026-20664

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Daniel Rhea, Söhnke Benedikt Fischedick (Tripton), Emrovsky & Switch, Yevhen Pervushyn.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 306136
  • CVE-2026-20665

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to webb.
    • Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: This issue was addressed through improved state management.
    • WebKit Bugzilla: 304951
  • CVE-2026-20691

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Gongyu Ma (@Mezone0).
    • Impact: A maliciously crafted webpage may be able to fingerprint the user. Description: An authorization issue was addressed with improved state management.
    • WebKit Bugzilla: 306827
  • CVE-2026-28857

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Narcis Oliveras Fontàs, Söhnke Benedikt Fischedick (Tripton), Daniel Rhea, Nathaniel Oh (@calysteon).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 307723
  • CVE-2026-28859

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to greenbynox, Arni Hardarson.
    • Impact: A malicious website may be able to process restricted web content outside the sandbox. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 308248
  • CVE-2026-28861

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Hongze Wu and Shuaike Dong from Ant Group Infrastructure Security Team.
    • Impact: A malicious website may be able to access script message handlers intended for other origins. Description: A logic issue was addressed with improved state management.
    • WebKit Bugzilla: 307014
  • CVE-2026-28871

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to @hamayanhamayan.
    • Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack. Description: A logic issue was addressed with improved checks.
    • WebKit Bugzilla: 305859

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey. Your input will help us make WPE WebKit better for you!

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey! Your input will help us make WPE WebKit better for you.