RLSA-2026:10702

Описание

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)

• webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)

• webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)

• webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)

• webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)

• webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)

• webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)

• webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)

• webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.