ALSA-2026:25918

[ALSA-2026:25918] Important: webkit2gtk3 security update

Type:

security

Severity:

important

Release date:

2026-06-15

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  

Security Fix(es):  

  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)
  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)
  * webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)
  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-jsc-devel-2.52.4-1.el8_10.aarch64.rpm	0648fbd7812540ab8110a91d6533af16bfd19ae42f8d44b25089b506497b2462
aarch64	webkit2gtk3-jsc-2.52.4-1.el8_10.aarch64.rpm	376c3628a8c828e9d2e726db25655d3360d33fea1f8538392da8c7d1f1311558
aarch64	webkit2gtk3-2.52.4-1.el8_10.aarch64.rpm	771a574e661ed09dd7631c0acf82fc70be079cf9035225f085ba9f15ac4b3da7
aarch64	webkit2gtk3-devel-2.52.4-1.el8_10.aarch64.rpm	f5e02fdb817e9916404c465a1464380a79f5074a4a9bf39fec723692840ac719
i686	webkit2gtk3-devel-2.52.4-1.el8_10.i686.rpm	49a82e71120ebcd8ddb4990130abe34ec9d4ed99c4b00953835cace50a070643
i686	webkit2gtk3-2.52.4-1.el8_10.i686.rpm	d89c2790d938e15347a200438214eebddcbfc0ef094af85e4189eed3832d4a39
i686	webkit2gtk3-jsc-2.52.4-1.el8_10.i686.rpm	dc14a67795fc49adcdd0398fa31db5db61db72bf91c5eedbbf311badbe19c026
i686	webkit2gtk3-jsc-devel-2.52.4-1.el8_10.i686.rpm	f1aab87a5e0f8cce3d1f7ce132ec3b2b91ec9fc67161dfa9a3325f1a11a26ef5
ppc64le	webkit2gtk3-devel-2.52.4-1.el8_10.ppc64le.rpm	861005cacf4bc6fc288de134be3d825f099f90e9dd8f20f2c0dd066ba58ec53a
ppc64le	webkit2gtk3-jsc-2.52.4-1.el8_10.ppc64le.rpm	86e43bce255b840a509cee75d192a2ba09a549fc3fab7545a9b60ed15e735950
ppc64le	webkit2gtk3-jsc-devel-2.52.4-1.el8_10.ppc64le.rpm	c3a6d288cd914c60de4ce7490756375fc932e22ab28b981c4e9f0dcc1165c59a
ppc64le	webkit2gtk3-2.52.4-1.el8_10.ppc64le.rpm	ffdb20943927610fb30cc02b2c7613bc094e55be7540ca9cc801343518449403
s390x	webkit2gtk3-jsc-devel-2.52.4-1.el8_10.s390x.rpm	02bb2b999c2304d37d179662b4979fed712a2a8e2dc25b9d96b54d46937257fe
s390x	webkit2gtk3-devel-2.52.4-1.el8_10.s390x.rpm	161384d163b71c22730920fde6b7ddeda2c2be10f26a423efa3578537c84518a
s390x	webkit2gtk3-2.52.4-1.el8_10.s390x.rpm	1e65b5a5aba5802938bc8deadb85f02e34ddafc393083ebfa9b8ed97847dd649
s390x	webkit2gtk3-jsc-2.52.4-1.el8_10.s390x.rpm	b4c5461ab9358439fc79ea61b9450d697f389f111fab7aa9a8775105de1a6722
x86_64	webkit2gtk3-jsc-devel-2.52.4-1.el8_10.x86_64.rpm	1c1090845288d2d713e45962b45f45fb9a0f65f42b692c4dc96f05322f0054e0
x86_64	webkit2gtk3-devel-2.52.4-1.el8_10.x86_64.rpm	529db8a8d6410f56199574c034322182c428aae794cdc408066ad89fc70f84b5
x86_64	webkit2gtk3-jsc-2.52.4-1.el8_10.x86_64.rpm	5720207b0c87fb6fe43c8a18001f5b70d37d92e0129a2a990867b448447aee3f
x86_64	webkit2gtk3-2.52.4-1.el8_10.x86_64.rpm	6d4fea53464b860c55b154b68317ca1b69485b1942eb77253d8d6685cb400ce7

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.