惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

大猫的无限游戏
大猫的无限游戏
K
Kaspersky official blog
Apple Machine Learning Research
Apple Machine Learning Research
B
Blog
aimingoo的专栏
aimingoo的专栏
M
MIT News - Artificial intelligence
小众软件
小众软件
云风的 BLOG
云风的 BLOG
腾讯CDC
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Hugging Face - Blog
Hugging Face - Blog
S
SegmentFault 最新的问题
Stack Overflow Blog
Stack Overflow Blog
量子位
S
Secure Thoughts
G
GRAHAM CLULEY
C
CXSECURITY Database RSS Feed - CXSecurity.com
人人都是产品经理
人人都是产品经理
雷峰网
雷峰网
T
Threat Research - Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cisco Talos Blog
Cisco Talos Blog
G
Google Developers Blog
爱范儿
爱范儿
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
有赞技术团队
有赞技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Martin Fowler
Martin Fowler
The GitHub Blog
The GitHub Blog
Google DeepMind News
Google DeepMind News
C
Cisco Blogs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 聂微东
宝玉的分享
宝玉的分享
H
Hackread – Cybersecurity News, Data Breaches, AI and More
N
Netflix TechBlog - Medium
Forbes - Security
Forbes - Security
Engineering at Meta
Engineering at Meta
S
Security Affairs
Help Net Security
Help Net Security
博客园 - 三生石上(FineUI控件)
AWS News Blog
AWS News Blog
博客园 - 叶小钗
Recent Commits to openclaw:main
Recent Commits to openclaw:main
V2EX - 技术
V2EX - 技术
Hacker News: Ask HN
Hacker News: Ask HN
Project Zero
Project Zero
H
Heimdal Security Blog
W
WeLiveSecurity
C
Check Point Blog

WPEwebkit.org

WebKitGTK and WPE WebKit Security Advisory WSA-2026-0003 WPE WebKit 2.52.4 released WPE WebKit 2.53.3 released WPE WebKit 2.53.2 released WPE WebKit 2.53.1 released WPE WebKit 2.52.3 released WPE WebKit 2.52.2 released WPE WebKit 2.52.1 released WebKitGTK and WPE WebKit Security Advisory WSA-2026-0001
WebKitGTK and WPE WebKit Security Advisory WSA-2026-0002
2026-03-28 · via WPEwebkit.org
  • Date Reported: March 28, 2026

  • Advisory ID: WSA-2026-0002

  • CVE identifiers: CVE-2026-20643, CVE-2026-20664, CVE-2026-20665, CVE-2026-20691, CVE-2026-28857, CVE-2026-28859, CVE-2026-28861, CVE-2026-28871

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

  • CVE-2026-20643

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Thomas Espach.
    • Impact: Processing maliciously crafted web content may bypass Same Origin Policy. Description: A cross-origin issue in the Navigation API was addressed with improved input validation.
    • WebKit Bugzilla: 306050
  • CVE-2026-20664

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Daniel Rhea, Söhnke Benedikt Fischedick (Tripton), Emrovsky & Switch, Yevhen Pervushyn.
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 306136
  • CVE-2026-20665

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to webb.
    • Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: This issue was addressed through improved state management.
    • WebKit Bugzilla: 304951
  • CVE-2026-20691

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Gongyu Ma (@Mezone0).
    • Impact: A maliciously crafted webpage may be able to fingerprint the user. Description: An authorization issue was addressed with improved state management.
    • WebKit Bugzilla: 306827
  • CVE-2026-28857

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Narcis Oliveras Fontàs, Söhnke Benedikt Fischedick (Tripton), Daniel Rhea, Nathaniel Oh (@calysteon).
    • Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 307723
  • CVE-2026-28859

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to greenbynox, Arni Hardarson.
    • Impact: A malicious website may be able to process restricted web content outside the sandbox. Description: The issue was addressed with improved memory handling.
    • WebKit Bugzilla: 308248
  • CVE-2026-28861

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to Hongze Wu and Shuaike Dong from Ant Group Infrastructure Security Team.
    • Impact: A malicious website may be able to access script message handlers intended for other origins. Description: A logic issue was addressed with improved state management.
    • WebKit Bugzilla: 307014
  • CVE-2026-28871

    • Versions affected: WebKitGTK and WPE WebKit before 2.52.1.
    • Credit to @hamayanhamayan.
    • Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack. Description: A logic issue was addressed with improved checks.
    • WebKit Bugzilla: 305859

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey. Your input will help us make WPE WebKit better for you!

If you’re using WPE WebKit, or are considering doing so, please take our brief user survey! Your input will help us make WPE WebKit better for you.