惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
博客园 - 叶小钗
T
The Blog of Author Tim Ferriss
Recent Announcements
Recent Announcements
D
DataBreaches.Net
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
罗磊的独立博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
Netflix TechBlog - Medium
Microsoft Azure Blog
Microsoft Azure Blog
Microsoft Security Blog
Microsoft Security Blog
B
Blog
U
Unit 42
有赞技术团队
有赞技术团队
博客园 - 聂微东
GbyAI
GbyAI
宝玉的分享
宝玉的分享
F
Full Disclosure
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
MyScale Blog
MyScale Blog
Jina AI
Jina AI
Martin Fowler
Martin Fowler
IT之家
IT之家
酷 壳 – CoolShell
酷 壳 – CoolShell
D
Docker
P
Proofpoint News Feed
A
About on SuperTechFans
I
InfoQ
博客园 - 【当耐特】
C
Check Point Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy & Cybersecurity Law Blog
T
Threat Research - Cisco Blogs
Y
Y Combinator Blog
Project Zero
Project Zero
WordPress大学
WordPress大学
小众软件
小众软件
AWS News Blog
AWS News Blog
博客园 - 司徒正美
T
The Exploit Database - CXSecurity.com
L
LINUX DO - 热门话题
I
Intezer
Engineering at Meta
Engineering at Meta
C
CXSECURITY Database RSS Feed - CXSecurity.com
J
Java Code Geeks
T
Tenable Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Last Week in AI
Last Week in AI
C
CERT Recently Published Vulnerability Notes

WPEwebkit.org

WebKitGTK and WPE WebKit Security Advisory WSA-2026-0003 WPE WebKit 2.52.4 released WPE WebKit 2.53.3 released WPE WebKit 2.53.2 released WPE WebKit 2.53.1 released WPE WebKit 2.52.3 released WPE WebKit 2.52.2 released WebKitGTK and WPE WebKit Security Advisory WSA-2026-0002 WPE WebKit 2.52.1 released
WebKitGTK and WPE WebKit Security Advisory WSA-2026-0001
2026-03-18 · via WPEwebkit.org
  • Date Reported: March 18, 2026

  • Advisory ID: WSA-2026-0001

  • CVE identifiers: CVE-2023-43010, CVE-2025-31223, CVE-2025-31277, CVE-2025-43213, CVE-2025-43214, CVE-2025-43433, CVE-2025-43438, CVE-2025-43441, CVE-2025-43457, CVE-2025-43511, CVE-2025-46299, CVE-2026-20608, CVE-2026-20635, CVE-2026-20636, CVE-2026-20644, CVE-2026-20652, CVE-2026-20676

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2023-43010

    • Versions affected: WebKitGTK and WPE WebKit before 2.44.0.
    • Credit to Apple.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. This fix associated with the Coruna exploit was shipped in iOS 17.2 on December 11th, 2023. This update brings that fix to devices that cannot update to the latest iOS version. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 260913
  • CVE-2025-31223

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.0.
    • Credit to Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved checks.
    • WebKit Bugzilla: 289387
  • CVE-2025-31277

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.0.
    • Credit to Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 291745
  • CVE-2025-43213

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.5.
    • Credit to Google V8 Security Team.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 292621
  • CVE-2025-43214

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.5.
    • Credit to shandikri working with Trend Micro Zero Day Initiative, Google V8 Security Team.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 292599
  • CVE-2025-43433

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to Google Big Sleep.
    • Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 298093
  • CVE-2025-43438

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to rheza (@ginggilBesel), shandikri working with Trend Micro Zero Day Initiative.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 297662
  • CVE-2025-43441

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.2.
    • Credit to rheza (@ginggilBesel).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 298496
  • CVE-2025-43457

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to Gary Kwong, Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative.
    • Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 298606
  • CVE-2025-43511

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.5.
    • Credit to 이동하 (Lee Dong Ha of BoB 14th).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management.
    • WebKit Bugzilla: 300926
  • CVE-2025-46299

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.0.
    • Credit to Google Big Sleep.
    • Impact: Processing maliciously crafted web content may disclose internal states of the app. Description: A memory initialization issue was addressed with improved memory handling.
    • WebKit Bugzilla: 299518
  • CVE-2026-20608

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to HanQing from TSDubhe and Nan Wang (@eternalsakura13).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management.
    • WebKit Bugzilla: 303357
  • CVE-2026-20635

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to EntryHi.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 304661
  • CVE-2026-20636

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to EntryHi.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 304657
  • CVE-2026-20644

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to HanQing from TSDubhe and Nan Wang (@eternalsakura13).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 303444
  • CVE-2026-20652

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to Nathaniel Oh (@calysteon).
    • Impact: A remote attacker may be able to cause a denial-of-service. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 303959
  • CVE-2026-20676

    • Versions affected: WebKitGTK and WPE WebKit before 2.50.6.
    • Credit to Tom Van Goethem.
    • Impact: A website may be able to track users through Safari web extensions. Description: This issue was addressed through improved state management.
    • WebKit Bugzilla: 305020

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey. Your input will help us make WPE WebKit better for you!

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey! Your input will help us make WPE WebKit better for you.