ALSA-2026:19206

[ALSA-2026:19206] Important: webkit2gtk3 security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  

Security Fix(es):  

  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
  * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
  * webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
  * webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
  * webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
  * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
  * webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
  * webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-devel-2.52.3-1.el9_8.aarch64.rpm	1a4b71aef9f0e62f7faa7d2c3a9476c4e7cfd10c164e9b9ebe8b7b1629217095
aarch64	webkit2gtk3-2.52.3-1.el9_8.aarch64.rpm	588941689a71f999f94e4720f7396a77767473e70dd485cf10e069c7aa08d7b0
aarch64	webkit2gtk3-jsc-devel-2.52.3-1.el9_8.aarch64.rpm	78e2d39b5fa46c5a75fd5b8bdba2b103543035cfa07c642fb5ddfb28eda6d600
aarch64	webkit2gtk3-jsc-2.52.3-1.el9_8.aarch64.rpm	ebcc0c7104bd244da50176c649e6680140e4e5ae81f1c3a7f37f4df861b006ff
i686	webkit2gtk3-jsc-devel-2.52.3-1.el9_8.i686.rpm	1783dd00f5b2a0be44e2910c73309b94421db187f29c23102323eae70ac182ef
i686	webkit2gtk3-devel-2.52.3-1.el9_8.i686.rpm	484160192437be5798143226effec65c4864d824a871a6c73dae6b000cbe6972
i686	webkit2gtk3-2.52.3-1.el9_8.i686.rpm	6b0429d7cef13ef373884b9427b54c66f141b10039c57c227745cef170b75bb2
i686	webkit2gtk3-jsc-2.52.3-1.el9_8.i686.rpm	72fd1f4c178c73c208520d8ca8c54d9bebf165cf3db1c24e6d5d70bdaf06e198
ppc64le	webkit2gtk3-2.52.3-1.el9_8.ppc64le.rpm	02bd4ad36ca61e96b8c5fb4865f44499e7c7a74de525e1e60d1e969df0adc90c
ppc64le	webkit2gtk3-jsc-2.52.3-1.el9_8.ppc64le.rpm	067aeedaec72b22bace31950aad88bc14d1317a17dd610f491ba2173eb8aae87
ppc64le	webkit2gtk3-devel-2.52.3-1.el9_8.ppc64le.rpm	cb25e866fcd39683826ddedc9a44da4597ef36ca5ad2315fd62272c609edcd6d
ppc64le	webkit2gtk3-jsc-devel-2.52.3-1.el9_8.ppc64le.rpm	fbfb35a525f7247ace0c48f3927eeacba92bbe53922e8cbe9d11962337747978
s390x	webkit2gtk3-devel-2.52.3-1.el9_8.s390x.rpm	8f5db4111c6e2dda11bfd2ead6af740c30dd3374a3c520fd579264aa1eb7f7c6
s390x	webkit2gtk3-2.52.3-1.el9_8.s390x.rpm	9915542be821f8d05ca3c49201b5e190f4e3153bbc89354bce61c5bd4b768d02
s390x	webkit2gtk3-jsc-devel-2.52.3-1.el9_8.s390x.rpm	e0df4d6ada7f4dd92614f437db40e111e8335ff3ea9247e39cd76fde7e483f61
s390x	webkit2gtk3-jsc-2.52.3-1.el9_8.s390x.rpm	e8ebc616b883c5f6e93a5e68c27646760f0b5a69478a23dd1b70197ca5729cc3
x86_64	webkit2gtk3-devel-2.52.3-1.el9_8.x86_64.rpm	04526a1f4c91dcddbb265f1e8a79d3358ca494d5dc58b44791be2ec51be2fdf9
x86_64	webkit2gtk3-jsc-devel-2.52.3-1.el9_8.x86_64.rpm	261546d81d7645eaffdf4974be72a2ef471aeaf1bb3a21facf7f53a87417ffa6
x86_64	webkit2gtk3-jsc-2.52.3-1.el9_8.x86_64.rpm	8bd2be1802c088c7ac0771fc517b2893dcf481ad9fea621b24642f89c4dbee16
x86_64	webkit2gtk3-2.52.3-1.el9_8.x86_64.rpm	988e8c7e6a5304bd6c0d0f07fe605dd17ff92fa1eca0ef1aaac93ab317a51fe8

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.