Discover Security Vulnerabilities News

WebKitGTK Arbitrary Code Execution, Info Disclosure Bugs Fixed - Update Now

191 Brittany
Brittany Day
1 - 2 min read May 11, 2023
4.Lock AbstractDigital Esm W900

Several high-severity vulnerabilities have been found in the WebKitGTK web engine, including a use after free issue that may have been actively exploited (CVE-2023-28205).

These bugs could result in the exposure of sensitive information and the execution of arbitrary code.

The following vulnerabilities have been discovered in WebKitGTK:

  • CVE-2022-0108: Luan Herrera discovered that an HTML document may be able to render iframes with sensitive user information.
  • CVE-2022-32885: P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution.
  • CVE-2023-27932: An anonymous researcher discovered that processing maliciously crafted web content may bypass Same Origin Policy.
  • CVE-2023-27954: An anonymous researcher discovered that a website may be able to track sensitive user information.
  • CVE-2023-28205: Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. 

With a low attack complexity, no privileges required to exploit, and a high confidentiality, integrity and availability impact, we strongly recommend that all impacted users apply the WebKitGTK updates issued but their distro(s) now to protect against attacks leading to downtime and the compromise of confidential information.

To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).



 

Related Articles

11.Locks IsometricPattern Esm W300
1 - 0 min read
Feb 22, 2024
Joomla XSS Bug Puts Millions of Websites at Risk of RCE
2.Motherboard Esm W300
1 - 0 min read
Feb 17, 2024
Bootloader Bug Threatens Linux Distros Supporting Secure Boot
24.Key Code Esm W300
1 - 0 min read
Jan 09, 2024
Debian and Ubuntu Fix More OpenSSH Vulnerabilities
13.Lock StylizedMotherboard Esm W300
1 - 0 min read
Dec 07, 2023
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover
32.Lock Code Circular Esm W300
1 - 0 min read
Nov 25, 2023
LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
32.Lock Code Circular Esm W300
1 - 0 min read
Dec 14, 2023
Severe Chromium Bug Threatens Sensitive Data, System Availability
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved