Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
Credit to Thomas Espach.
Impact: Processing maliciously crafted web content may bypass Same Origin Policy.
Description: A cross-origin issue in the Navigation API was addressed with improved
input validation.
Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
Credit to Daniel Rhea, Söhnke Benedikt Fischedick (Tripton), Emrovsky & Switch, Yevhen
Pervushyn.
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
Credit to webb.
Impact: Processing maliciously crafted web content may prevent Content Security Policy
from being enforced. Description: This issue was addressed through improved state
management.
Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
Credit to Gongyu Ma (@Mezone0).
Impact: A maliciously crafted webpage may be able to fingerprint the user.
Description: An authorization issue was addressed with improved state management.
Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
Credit to Narcis Oliveras Fontàs, Söhnke Benedikt Fischedick (Tripton), Daniel Rhea, Nathaniel
Oh (@calysteon).
Impact: Processing maliciously crafted web content may lead to an unexpected process
crash. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
Credit to greenbynox, Arni Hardarson.
Impact: A malicious website may be able to process restricted web content outside the
sandbox. Description: The issue was addressed with improved memory handling.
Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
Credit to Hongze Wu and Shuaike Dong from Ant Group Infrastructure Security Team.
Impact: A malicious website may be able to access script message handlers intended for
other origins. Description: A logic issue was addressed with improved state
management.
Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
Credit to @hamayanhamayan.
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting
attack. Description: A logic issue was addressed with improved checks.
WebKit Bugzilla: 305859
We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the
best way to ensure that you are running safe versions of WebKit. Please check our websites
for information about the latest stable releases.