ALSA-2026:25927

[ALSA-2026:25927] Important: webkit2gtk3 security update

Type:

security

Severity:

important

Release date:

2026-06-16

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  

Security Fix(es):  

  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)
  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)
  * webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)
  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-2.52.4-1.el9_8.aarch64.rpm	3412bd242083b324a99d559af08576c4a5ddaf07c3b661b6eaa0c1316de6eaf4
aarch64	webkit2gtk3-jsc-devel-2.52.4-1.el9_8.aarch64.rpm	544897b41b518abbac827aec71c08cf7b2ea8f08f6d924fc367630c20b5478de
aarch64	webkit2gtk3-devel-2.52.4-1.el9_8.aarch64.rpm	81604dbba84ec6cbb67ada7bd169db8736b92849dbe408edb8089d0f44c4f97a
aarch64	webkit2gtk3-jsc-2.52.4-1.el9_8.aarch64.rpm	f583e10afc4ed14f013cf11328562e68534fc14f15d0445d749883445d7fda07
i686	webkit2gtk3-devel-2.52.4-1.el9_8.i686.rpm	06c5a08954934595a0c6fe7d463ac8ea8e6583e300b6727bf6c2f414b945413a
i686	webkit2gtk3-2.52.4-1.el9_8.i686.rpm	117e14ff8ed2ab5d86c4b20813199ddf5acd4a06a9c6c586a44c0a6ac1542da4
i686	webkit2gtk3-jsc-devel-2.52.4-1.el9_8.i686.rpm	2783fa54b1c01884726fe418467b1a73d396abd4b897db425f990a1839579db9
i686	webkit2gtk3-jsc-2.52.4-1.el9_8.i686.rpm	6e695b37c4dbca64c0be0831e427b463c5dc05421d95e20574dfb9e24e874027
ppc64le	webkit2gtk3-jsc-devel-2.52.4-1.el9_8.ppc64le.rpm	46e67e30a35ee5ebed7e227ab4d3a168a606cdbbc0e97429f70b10fa56dac745
ppc64le	webkit2gtk3-jsc-2.52.4-1.el9_8.ppc64le.rpm	48107d26270432c689f30fb7045c7502c22a4e3cf4f6142a656e8d3379d839ab
ppc64le	webkit2gtk3-devel-2.52.4-1.el9_8.ppc64le.rpm	67e7b1d117769c4c953cdf282c0f309b91c17f8787ab99f783cbc425a8e340fe
ppc64le	webkit2gtk3-2.52.4-1.el9_8.ppc64le.rpm	bdea6652aa46388b2a31b0de2e98af1630b703471fb0038b8b14c01bdc8e6652
s390x	webkit2gtk3-2.52.4-1.el9_8.s390x.rpm	21d7cf1f0dd59b1cd5f0bd6207bb93317e87150bd21406bd3cab7207a9c6ab4e
s390x	webkit2gtk3-jsc-devel-2.52.4-1.el9_8.s390x.rpm	490c503b1bcdbc996bea2411e354e17f65e7a07611db6f6ed6bb3d63b15270e2
s390x	webkit2gtk3-devel-2.52.4-1.el9_8.s390x.rpm	57353d5d180e5bc2eaeed94664e0ac2f260f31870f524084bca3fd7e763ba505
s390x	webkit2gtk3-jsc-2.52.4-1.el9_8.s390x.rpm	67515de3fb6a2704bf8145f6aeec7404d797ade103ad5829a596cabb567629d7
x86_64	webkit2gtk3-2.52.4-1.el9_8.x86_64.rpm	2e4d688d3fd1f5ab77c3b67edc42586fd8c5b784285dfe04d014278b0e942a3f
x86_64	webkit2gtk3-jsc-2.52.4-1.el9_8.x86_64.rpm	53ab049e93b01e23545016b05b03a8ac0c86a915bae53bad44c7adcfc60f8648
x86_64	webkit2gtk3-devel-2.52.4-1.el9_8.x86_64.rpm	722bd9b5ad1ad83e3b37f7f97e9060e86cd6f3fe517c7b5f905bee16f548c5ed
x86_64	webkit2gtk3-jsc-devel-2.52.4-1.el9_8.x86_64.rpm	f827a543e6545b87556da41c809372e3b05a786f06a9cd996254102713a176c9

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.