RLSA-2026:9692

Security

Mirrored from RHSA-2026:9692

Issued at: 2026-04-24

Updated at: 2026-04-24

Synopsis

Important: webkit2gtk3 security update

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)

* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)

* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)

* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)

* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)

* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)

* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)

* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)

* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64

Rocky Linux 9 ppc64le

Rocky Linux 9 s390x

Rocky Linux 9 x86_64

Fixes

2448781

2448782

2448786

2448787

2448788

2448789

2448790

2448791

2448792

2448793

2448794

2453000

2453001

2453002

2453003

2453004

2453006

2453008

CVEs

CVE-2025-43213

CVE-2025-43214

CVE-2025-43457

CVE-2025-43511

CVE-2025-46299

CVE-2026-20608

CVE-2026-20635

CVE-2026-20636

CVE-2026-20643

CVE-2026-20644

CVE-2026-20652

CVE-2026-20664

CVE-2026-20665

CVE-2026-20676

CVE-2026-20691

CVE-2026-28857

CVE-2026-28859

CVE-2026-28871

Affected packages

Rocky Linux 9 x86_64 - AppStream

webkit2gtk3-0:2.52.3-0.el9_7.1.src.rpm

webkit2gtk3-0:2.52.3-0.el9_7.1.x86_64.rpm

webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.i686.rpm

webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.x86_64.rpm

webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.i686.rpm

webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.x86_64.rpm

webkit2gtk3-devel-0:2.52.3-0.el9_7.1.i686.rpm

webkit2gtk3-devel-0:2.52.3-0.el9_7.1.x86_64.rpm

webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.i686.rpm

webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.x86_64.rpm

webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.i686.rpm

webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.x86_64.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.i686.rpm

webkit2gtk3-0:2.52.3-0.el9_7.1.i686.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.x86_64.rpm

webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.i686.rpm

webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.x86_64.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.i686.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.x86_64.rpm

Rocky Linux 9 aarch64 - AppStream

webkit2gtk3-0:2.52.3-0.el9_7.1.src.rpm

webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.aarch64.rpm

webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.aarch64.rpm

webkit2gtk3-devel-0:2.52.3-0.el9_7.1.aarch64.rpm

webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.aarch64.rpm

webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.aarch64.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.aarch64.rpm

webkit2gtk3-0:2.52.3-0.el9_7.1.aarch64.rpm

webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.aarch64.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.aarch64.rpm

Rocky Linux 9 s390x - AppStream

webkit2gtk3-0:2.52.3-0.el9_7.1.src.rpm

webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.s390x.rpm

webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.s390x.rpm

webkit2gtk3-devel-0:2.52.3-0.el9_7.1.s390x.rpm

webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.s390x.rpm

webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.s390x.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.s390x.rpm

webkit2gtk3-0:2.52.3-0.el9_7.1.s390x.rpm

webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.s390x.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.s390x.rpm

Rocky Linux 9 ppc64le - AppStream

webkit2gtk3-0:2.52.3-0.el9_7.1.src.rpm

webkit2gtk3-debuginfo-0:2.52.3-0.el9_7.1.ppc64le.rpm

webkit2gtk3-debugsource-0:2.52.3-0.el9_7.1.ppc64le.rpm

webkit2gtk3-devel-0:2.52.3-0.el9_7.1.ppc64le.rpm

webkit2gtk3-devel-debuginfo-0:2.52.3-0.el9_7.1.ppc64le.rpm

webkit2gtk3-jsc-0:2.52.3-0.el9_7.1.ppc64le.rpm

webkit2gtk3-jsc-debuginfo-0:2.52.3-0.el9_7.1.ppc64le.rpm

webkit2gtk3-0:2.52.3-0.el9_7.1.ppc64le.rpm

webkit2gtk3-jsc-devel-0:2.52.3-0.el9_7.1.ppc64le.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-0.el9_7.1.ppc64le.rpm