ALSA-2026:9692

[ALSA-2026:9692] Important: webkit2gtk3 security update

Type:

security

Severity:

important

Release date:

2026-04-24

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  

Security Fix(es):  

  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
  * webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
  * webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
  * webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
  * webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
  * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
  * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
  * webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
  * webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-2.52.3-0.el9_7.1.aarch64.rpm	023122ea897c0ec77b4c2e154c6abf46e0e6297184b4d65d1897f1cb791a84f8
aarch64	webkit2gtk3-jsc-2.52.3-0.el9_7.1.aarch64.rpm	3ba5d20d6bdd0fb8bd78432ee253c6b385a30914631df04ba3a332c886c8f6a3
aarch64	webkit2gtk3-devel-2.52.3-0.el9_7.1.aarch64.rpm	9dd6a992dc90b6746db02e5288b13ddef6c5e467d754e809280dd75316ab74cd
aarch64	webkit2gtk3-jsc-devel-2.52.3-0.el9_7.1.aarch64.rpm	b457473afbfaaf3417495e1a0e5ae2facf66cda6c8283572541f91693aac0189
i686	webkit2gtk3-devel-2.52.3-0.el9_7.1.i686.rpm	1d82252991b31327eb0a4d9fd3b9ada1baea1c9ba1b12435b6ebd98898163259
i686	webkit2gtk3-jsc-2.52.3-0.el9_7.1.i686.rpm	6ed4de7d13c49ccb773bd5e279862b95a6fed121eb2241b17fd76472c4907556
i686	webkit2gtk3-jsc-devel-2.52.3-0.el9_7.1.i686.rpm	c5605330268710045c0a4ad4334c3ac33362047f5ee2f30017426d1a31b9e680
i686	webkit2gtk3-2.52.3-0.el9_7.1.i686.rpm	ca6bc7bb285e79597c11938e5710a6a4c3e5f74886b527d157abd1dc11b01a07
ppc64le	webkit2gtk3-jsc-2.52.3-0.el9_7.1.ppc64le.rpm	1d91174ea5a45fe644d7d98d133af1a0a1770391ba7a528cdade90233126eb8b
ppc64le	webkit2gtk3-jsc-devel-2.52.3-0.el9_7.1.ppc64le.rpm	54eb41d20697bac14308744eb6ef6251f024b1947b76b812f5374d209439f922
ppc64le	webkit2gtk3-devel-2.52.3-0.el9_7.1.ppc64le.rpm	cebbd683b87007eacf24e5aaeabbae56e221ddf081c49398bf0baf7add1a418e
ppc64le	webkit2gtk3-2.52.3-0.el9_7.1.ppc64le.rpm	eea549bb6af42fd5011f58c3c609480d100d2d7d430b849b82279a7f99884cd6
s390x	webkit2gtk3-jsc-devel-2.52.3-0.el9_7.1.s390x.rpm	15ecf9c3aa3e6c86fd66ab26e43bd6d44a52634ffa9ef5aec0692da1a1a54589
s390x	webkit2gtk3-jsc-2.52.3-0.el9_7.1.s390x.rpm	20b3e5a761e3da507d57e57f3f32b32da91d817254fb3483816ebc31d22bb049
s390x	webkit2gtk3-2.52.3-0.el9_7.1.s390x.rpm	acb008799ea3adfd55970440cee5fac33a2bb18861293e94af8e3baead4e197e
s390x	webkit2gtk3-devel-2.52.3-0.el9_7.1.s390x.rpm	f4e785122a8dc6df9d7839aae4c6eb7da4c6f2c25f1b8a99c420e5a39f57ce22
x86_64	webkit2gtk3-jsc-devel-2.52.3-0.el9_7.1.x86_64.rpm	2e78b45fa82367bfccb940f6e9206aba9088bd1533638979b540c92e989d4c1f
x86_64	webkit2gtk3-devel-2.52.3-0.el9_7.1.x86_64.rpm	7e92cad12c8ddd1d834dad2d8abb6b41ecb963f310b2fa49b2c8825173e3991a
x86_64	webkit2gtk3-2.52.3-0.el9_7.1.x86_64.rpm	d315ac5775e8e4785ebd023b910a7aa278fd1bba74161b0922d2e7b9e2c47481
x86_64	webkit2gtk3-jsc-2.52.3-0.el9_7.1.x86_64.rpm	f8b0386e50ca8d80b713ab47f71ea55490dedbe8347ee540a491500138169fa1

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.