Debian Wpewebkit vulnerabilities

CVE-2026-20652 [HIGH] CVE-2026-20652: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fixed in 2.50.6-1) sid: resolved

CVE-2026-28857 [MEDIUM] CVE-2026-28857: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.1-1) trixie: open

CVE-2026-20635 [MEDIUM] CVE-2026-20635: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open

CVE-2026-20665 [MEDIUM] CVE-2026-20665: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ... This issue was addressed through improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Scope: local bookworm: open bullseye: open forky: ope

CVE-2026-28859 [MEDIUM] CVE-2026-28859: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may be able to process restricted web content outside the sandbox. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.1-1) trixie: open

CVE-2026-20643 [MEDIUM] CVE-2026-20643: webkit2gtk - A cross-origin issue in the Navigation API was addressed with improved input val... A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may bypass Same Origin Policy. Scope: local b

CVE-2026-28871 [MEDIUM] CVE-2026-28871: webkit2gtk - A logic issue was addressed with improved checks. This issue is fixed in Safari ... A logic issue was addressed with improved checks. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4. Visiting a maliciously crafted website may lead to a cross-site scripting attack. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.1-1) trixie: open

CVE-2026-20691 [MEDIUM] CVE-2026-20691: webkit2gtk - An authorization issue was addressed with improved state management. This issue ... An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.1-1) trixie: open

CVE-2026-20636 [MEDIUM] CVE-2026-20636: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fixed in 2.50.6-1) sid: resolved (fix

CVE-2026-28861 [MEDIUM] CVE-2026-28861: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. A malicious website may be able to access script message handlers intended for other origins. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.

CVE-2026-20676 [MEDIUM] CVE-2026-20676: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ... This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fixed in 2.50.6-1) sid: resolved (fixed in 2.50.

CVE-2026-20608 [MEDIUM] CVE-2026-20608: webkit2gtk - This issue was addressed through improved state management. This issue is fixed ... This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fi

CVE-2026-20644 [MEDIUM] CVE-2026-20644: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.6-1~deb12u1) bullseye: open forky: resolved (fixed i

CVE-2026-20664 [MEDIUM] CVE-2026-20664: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 2.52.1-1) trixie: open

CVE-2025-24264 [CRITICAL] CVE-2025-24264: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. Scope: local bookworm: resolved (fixed in 2.48.1-2~deb12u1) bullseye: resolved (fixed i

CVE-2025-43342 [CRITICAL] CVE-2025-43342: webkit2gtk - A correctness issue was addressed with improved checks. This issue is fixed in S... A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in

CVE-2025-43343 [CRITICAL] CVE-2025-43343: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.50.1-1~deb12u1) bullseye: resolved (fixed in 2.50.1-1~deb11u1) forky: re

CVE-2025-24201 [CRITICAL] CVE-2025-24201: chromium - An out-of-bounds write issue was addressed with improved checks to prevent unaut... An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Conte

CVE-2025-43431 [HIGH] CVE-2025-43431: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.50.2-1~deb12u1) bullseye: resolved (fixed

CVE-2025-24223 [HIGH] CVE-2025-24223: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption. Scope: local bookworm: resolved (fixed in 2.48.3-1~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky: r