23 matches found
CVE-2023-42843
CVE-2023-42843 is described as an inconsistent UI issue leading to address bar spoofing. Connected advisories confirm affected WebKitGTK/WebKitGTK4 components across Debian (webkit2gtk), AlmaLinux (webkitgtk4), Fedora (webkit2gtk4.0), and Amazon Linux 2 (webkitgtk4) with fixes in package update...
CVE-2022-2294
CVE-2022-2294 is a heap-buffer-overflow in WebRTC code within Google Chrome (Chromium-based) prior to 103.0.5060.114. Reported as enabling remote heap corruption via a crafted HTML page, potentially leading to code execution. Affected component: WebRTC in Chrome/Chromium. Remediation: upgrade to ...
CVE-2019-8720
CVE-2019-8720 is a WebKit-based memory-corruption vulnerability affecting WebKitGTK/WebKit2GTK components. Public sources in the Connected Documents identify arbitrary-code-execution potential when processing malicious web content (WebKitGTK/WebKit2GTK). Debian’s security advisory lists CVE-2019-...
CVE-2022-32893
CVE-2022-32893 is an out-of-bounds write vulnerability in WebKit/WebKitGTK that could allow arbitrary code execution when processing malicious web content. The CVE is fixed in Apple products by updates: iOS 15.6.1 / iPadOS 15.6.1, macOS Monterey 12.5.1, and Safari 15.6.1. Connected advisories not...
CVE-2020-11793
WebKitGTK/WebKit (WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1) are affected by CVE-2020-11793 due to a use-after-free in processing crafted web content, leading to arbitrary code execution or memory corruption and potential Denial of Service. Connected advisories indicate fixes in WebKit...
CVE-2020-10018
The CVE-2020-10018 entry concerns WebKitGTK and WPE WebKit memory corruption (use-after-free) in versions up to 2.26.4, with fix implemented in 2.28.0. Affected products/components: WebKitGTK and WPE WebKit before 2.28.0; root cause: use-after-free leading to arbitrary code execution on processin...
CVE-2025-6558
CVE-2025-6558 involves insufficient validation of untrusted input in ANGLE and GPU within Google Chrome, enabling a remote attacker to potentially escape the sandbox via a crafted HTML page. Connected sources specify Chrome components ANGLE and GPU as affected, with the patch previously shipped i...
CVE-2019-11070
WebKitGTK/WebKitGTK4 (webkitgtk4) is affected by CVE-2019-11070. The issue arises from WebKitGTK and WPE WebKit prior to 2.24.1 failing to apply configured HTTP proxy settings when downloading livestream video (HLS/DASH/Smooth Streaming), leading to potential deanonymization. Remediation in the c...
CVE-2019-6251
CVE-2019-6251 affects WebKitGTK and WPE WebKit prior to 2.24.1. The issue is address bar spoofing via certain JavaScript redirections that could cause malicious content to appear as if it were from a trusted URI. Publicly documented references in Debian/Ubuntu/RHEL ecosystems confirm the vulnerab...
CVE-2020-13753
The CVE-2020-13753 entry concerns the bubblewrap sandbox used by WebKitGTK and WPE WebKit. Connected sources (e.g., Debian DSA-4724-1) confirm that before version 2.28.3 the bubblewrap sandbox failed to block CLONE_NEWUSER and the TIOCSTI ioctl, enabling sandbox escape: CLONE_NEWUSER could allow ...
CVE-2021-30952
CVE-2021-30952 is an Apple WebKit/WebKitGTK-affected integer overflow in processing malicious web content that can lead to arbitrary code execution. The issue is addressed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, iPadOS 15.2, and watchOS 8.3, with fixes via input validation impro...
CVE-2023-40397
CVE-2023-40397 is a documented WebKit/WebKitGTK+ related vulnerability. The connected documents indicate a remote attacker could cause arbitrary JavaScript code execution, with fixes implemented in macOS Ventura 13.5. The primary entry notes the issue was addressed with improved checks and is fix...
CVE-2023-28198
CVE-2023-28198: A use-after-free in WebKit processing web content was fixed. Affected: Apple platforms (iOS/iPadOS/macOS) as per the description. Impact stated: arbitrary code execution if exploited via processing web content. Root cause: memory management/use-after-free vulnerability. Remediatio...
CVE-2021-42762
CVE-2021-42762 affects WebKitGTK and WPE WebKit up to version 2.34.0 (fixed in 2.34.1). BubblewrapLauncher.cpp can enable a limited sandbox bypass, allowing a sandboxed process to trick host processes into thinking it is not confined by the sandbox by abusing VFS syscalls that manipulate the file...
CVE-2024-27834
CVE-2024-27834 is a WebKit-related vulnerability where an attacker with arbitrary read/write capability may bypass Pointer Authentication. The issue is identified across WebKitGTK/WebKit2GTK deployments and is addressed by updates across multiple ecosystems: Apple platforms: fixed in iOS 17.5/iPa...
CVE-2023-32370
CVE-2023-32370 is a logic issue in WebKitGTK/WebKit CSP handling where the Content Security Policy may fail to block domains with wildcards. The vulnerability is documented as fixed in macOS Ventura 13.3 (CSP wildcard blocking), with related advisories referencing WebKitGTK/WebKit’s CSP logic. Af...
CVE-2024-23284
CVE-2024-23284 concerns a logic issue in WebKitGTK/WebKit rendering where processing maliciously crafted web content may prevent Content Security Policy (CSP) from being enforced. The connected sources show the same vulnerability across multiple distributions (e.g., Debian webkit2gtk advisories a...
CVE-2024-23263
CVE-2024-23263 is a WebKitGTK/WebKitGTK4 vulnerability observed in multiple Linux package advisories (webkit2gtk, webkitgtk4) and Debian Fedora Amazon Linux updates. The issue arises from processing maliciously crafted web content that may prevent Content Security Policy from being enforced. Conn...
CVE-2024-23280
The CVE-2024-23280 entry concerns an injection issue in WebKitGTK/WebKit2GTK where maliciously crafted web content could fingerprint a user. The core detail from connected sources shows the vulnerability affects WebKitGTK/WebKit2GTK components used in Linux/macOS ecosystems, with the underlying c...
CVE-2024-23254
CVE-2024-23254 concerns WebKit/WebKitGTK components where a malicious website could exfiltrate audio data cross-origin. The initial entry notes the issue is fixed in Apple platforms: tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, and Safari 17.4. Public disclosur...
CVE-2018-12293
CVE-2018-12293 affects WebKitGTK+ and WPE WebKit: getImageData in ImageBufferCairo.cpp can overflow a heap due to integer overflow when computing image data size. Affected versions: WebKitGTK+ < 2.20.3 and WPE WebKit
CVE-2025-43343
CVE-2025-43343 involves a memory-handling issue in WebKitGTK/WebKit2GTK where processing malicious web content may crash the process. The initial advisory states the flaw is fixed in Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26; Debian/AlmaLinux advisories confirm WebK...
CVE-2025-43342
CVE-2025-43342 affects WebKitGTK/webkitgtk4 (WebKitGTK engine). The description and connected advisories indicate a correctness issue where processing maliciously crafted web content may cause an unexpected process crash. The vulnerability is tracked with a high severity (CVSSv3.1: 9.8, CRITICAL;...