Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian WebKitGTK Critical CVE-2025-46299 App Disclosure March 2026

debian
Calendar Grey April 28, 2026
Debian Logo
WebKitGTK faces critical issues allowing disclosure of internal states and XSS attacks; update recommended for Debian.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-46299 Google Big Sleep discovered that processing maliciously crafted web content may discl...

Summary

CVE-2025-46299

Google Big Sleep discovered that processing maliciously crafted
web content may disclose internal states of the app.

CVE-2026-20643

Thomas Espach discovered that processing maliciously crafted web
content may bypass Same Origin Policy.

CVE-2026-20664

Daniel Rhea, Soehnke Benedikt Fischedick, Emrovsky & Switch, and
Yevhen Pervushyn discovered that processing maliciously crafted
web content may lead to an unexpected process crash

CVE-2026-20665

webb discovered that processing maliciously crafted web content
may prevent Content Security Policy from being enforced.

CVE-2026-20691

Gongyu Ma discovered that a maliciously crafted webpage may be
able to fingerprint the user.

CVE-2026-28857

Narcis Oliveras Fontas, Soehnke Benedikt Fischedick, Daniel Rhea,
and Nathaniel Oh discovered that processing maliciously crafted
web content may lead to an unexpected process crash.

CVE-2026-28859

greenbynox and Arni Hardarson discovered that a malici...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: webkit2gtk
CVE ID: CVE-2025-46299 CVE-2026-20643 CVE-2026-20664 CVE-2026-20665

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here