惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Check Point Blog
AI
AI
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
U
Unit 42
Vercel News
Vercel News
Stack Overflow Blog
Stack Overflow Blog
P
Proofpoint News Feed
Microsoft Security Blog
Microsoft Security Blog
The GitHub Blog
The GitHub Blog
WordPress大学
WordPress大学
Martin Fowler
Martin Fowler
博客园 - 【当耐特】
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Apple Machine Learning Research
Apple Machine Learning Research
博客园_首页
F
Full Disclosure
Google DeepMind News
Google DeepMind News
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
H
Help Net Security
Recorded Future
Recorded Future
N
News and Events Feed by Topic
雷峰网
雷峰网
V
Vulnerabilities – Threatpost
Schneier on Security
Schneier on Security
aimingoo的专栏
aimingoo的专栏
S
Schneier on Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
O
OpenAI News
Project Zero
Project Zero
罗磊的独立博客
G
GRAHAM CLULEY
腾讯CDC
P
Privacy International News Feed
V
V2EX
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hugging Face - Blog
Hugging Face - Blog
爱范儿
爱范儿
H
Heimdal Security Blog
L
LINUX DO - 热门话题
Forbes - Security
Forbes - Security
美团技术团队
MongoDB | Blog
MongoDB | Blog
Security Latest
Security Latest
M
MIT News - Artificial intelligence
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
宝玉的分享
宝玉的分享
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog

WPEwebkit.org

WPE WebKit 2.52.4 released WPE WebKit 2.53.3 released WPE WebKit 2.53.2 released WPE WebKit 2.53.1 released WPE WebKit 2.52.3 released WPE WebKit 2.52.2 released WebKitGTK and WPE WebKit Security Advisory WSA-2026-0002 WPE WebKit 2.52.1 released WebKitGTK and WPE WebKit Security Advisory WSA-2026-0001
WebKitGTK and WPE WebKit Security Advisory WSA-2026-0003
2026-06-02 · via WPEwebkit.org
  • Date Reported: June 02, 2026

  • Advisory ID: WSA-2026-0003

  • CVE identifiers: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2026-28847

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 308707
  • CVE-2026-28883

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to kwak kiyong / kakaogames.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 313939
  • CVE-2026-28901

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 310207
  • CVE-2026-28902

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 309861
  • CVE-2026-28903

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Mateusz Krzywicki (iVerify.io).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 310303
  • CVE-2026-28904

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Luka Rački.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 309601
  • CVE-2026-28905

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 308545
  • CVE-2026-28907

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Cantina.
    • Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: The issue was addressed with improved input validation.
    • WebKit Bugzilla: 308675
  • CVE-2026-28942

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Milad Nasr and Nicholas Carlini with Claude, Anthropic.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 312180
  • CVE-2026-28946

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 310544
  • CVE-2026-28947

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to dr3dd.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 310234
  • CVE-2026-28953

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Maher Azzouzi.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 309628
  • CVE-2026-28955

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to wac and Kookhwan Lee working with TrendAI Zero Day Initiative.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 310880
  • CVE-2026-28958

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Cantina.
    • Impact: An app may be able to access sensitive user data. Description: This issue was addressed with improved data protection.
    • WebKit Bugzilla: 311228
  • CVE-2026-43658

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Do Young Park.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 307669
  • CVE-2026-43660

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
    • Credit to Cantina.
    • Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: A validation issue was addressed with improved logic.
    • WebKit Bugzilla: 308906

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey. Your input will help us make WPE WebKit better for you!

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey! Your input will help us make WPE WebKit better for you.