ALSA-2026:10702

[ALSA-2026:10702] Important: webkit2gtk3 security update

Type:

security

Severity:

important

Release date:

2026-04-28

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  

Security Fix(es):  

  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
  * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
  * webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
  * webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
  * webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
  * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
  * webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
  * webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-devel-2.52.3-1.el8_10.aarch64.rpm	1eefe7084778abd1d20121c00a57a8361461ef255799304c5ccb87635ff2559e
aarch64	webkit2gtk3-jsc-devel-2.52.3-1.el8_10.aarch64.rpm	8558325cca32160b96c2fa252cbef1af90c5f7faa6251f30126a86c3083d7b59
aarch64	webkit2gtk3-jsc-2.52.3-1.el8_10.aarch64.rpm	9be543f3745f9daf0282af5f1b8c87a642b7c67e39370c54d12eb0e34a970ab2
aarch64	webkit2gtk3-2.52.3-1.el8_10.aarch64.rpm	ac6447018820ca61954087c48a7567591f34efc738bd9f9fc0fa88efa594f6fb
i686	webkit2gtk3-jsc-devel-2.52.3-1.el8_10.i686.rpm	36e6ed9b998d6ccaa8481059461b95f63554accffda4f219267e039cc65e3a29
i686	webkit2gtk3-devel-2.52.3-1.el8_10.i686.rpm	7e1f156e14ebbf6ce567173c4558c211b8701b5038d2e84fdf4c158f9f8e8831
i686	webkit2gtk3-2.52.3-1.el8_10.i686.rpm	8201be83567cdfac28580e7e6705b87450be094356324d89b63fbf06e816ffdf
i686	webkit2gtk3-jsc-2.52.3-1.el8_10.i686.rpm	cf2012683fcf661a0a82d37195eb3461b61632a61f48eb0baa8bd19c98c9d01a
ppc64le	webkit2gtk3-jsc-2.52.3-1.el8_10.ppc64le.rpm	2e8058c11ffec9144d4639fd8ffde7e72139cfdb38d7f4468fcdd89a44f9f0f5
ppc64le	webkit2gtk3-jsc-devel-2.52.3-1.el8_10.ppc64le.rpm	3172a8b60bc490b84f87a8d9bcb35cd354969e6ca0c0da59a938144cfa6d88dd
ppc64le	webkit2gtk3-devel-2.52.3-1.el8_10.ppc64le.rpm	44102d3371b7738475a8972bbaa92dacd181aa0c5ca126c4d644019a4e65bf19
ppc64le	webkit2gtk3-2.52.3-1.el8_10.ppc64le.rpm	95b0676bbe06bd33c6b291ef2912217004d6325903a214890c49059c645bdf07
s390x	webkit2gtk3-devel-2.52.3-1.el8_10.s390x.rpm	035c0f30e48cee61ffa37ef4b6c7a8e643e8a156db85762ea5f31bbb35fa4952
s390x	webkit2gtk3-2.52.3-1.el8_10.s390x.rpm	4b266dd64202e844477c91c14ddb1622660cb8471850657605cd36a83956a1cc
s390x	webkit2gtk3-jsc-2.52.3-1.el8_10.s390x.rpm	557016c96a2f9d6b7a999c20cb35c369f1db6735633eefd8a2bf6bb4e7cb229f
s390x	webkit2gtk3-jsc-devel-2.52.3-1.el8_10.s390x.rpm	a6765db5e194fcc334f8d62f2aa0fa6ef7eee80dccf8e6cb621b750b972c845b
x86_64	webkit2gtk3-jsc-devel-2.52.3-1.el8_10.x86_64.rpm	2d3b7990c356c62ee3fb3bb31c5b63b0a4f5dd6debafe9e0911b9cbf42546bb0
x86_64	webkit2gtk3-jsc-2.52.3-1.el8_10.x86_64.rpm	39f22817f2ebe0244afccd092a78d83a6ca63fab299a0d722617e8c4924baa5f
x86_64	webkit2gtk3-devel-2.52.3-1.el8_10.x86_64.rpm	46b48a309d2add1dbb25a02263641ca2c36ccc195590d4eed2335b57b8ec9c58
x86_64	webkit2gtk3-2.52.3-1.el8_10.x86_64.rpm	73ce41247353c88d27cb2730450b3647badbdbf406090e410eefe0989e03650c

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.