-
Date Reported: June 02, 2026
-
Advisory ID: WSA-2026-0003
-
CVE identifiers: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea.
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 308707
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to kwak kiyong / kakaogames.
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management.
- WebKit Bugzilla: 313939
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io.
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 310207
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon).
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 309861
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Mateusz Krzywicki (iVerify.io).
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 310303
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Luka Rački.
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 309601
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang.
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 308545
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Cantina.
- Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: The issue was addressed with improved input validation.
- WebKit Bugzilla: 308675
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Milad Nasr and Nicholas Carlini with Claude, Anthropic.
- Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
- WebKit Bugzilla: 312180
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox.
- Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
- WebKit Bugzilla: 310544
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to dr3dd.
- Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management.
- WebKit Bugzilla: 310234
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Maher Azzouzi.
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 309628
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to wac and Kookhwan Lee working with TrendAI Zero Day Initiative.
- Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 310880
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Cantina.
- Impact: An app may be able to access sensitive user data. Description: This issue was addressed with improved data protection.
- WebKit Bugzilla: 311228
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Do Young Park.
- Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: The issue was addressed with improved memory handling.
- WebKit Bugzilla: 307669
-
- Versions affected: WebKitGTK and WPE WebKit before 2.52.4.
- Credit to Cantina.
- Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: A validation issue was addressed with improved logic.
- WebKit Bugzilla: 308906
We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.
Further information about WebKitGTK and WPE WebKit security advisories can be found at: webkitgtk.org/security.html or wpewebkit.org/security.