CVE-2024-40857 Versions affected: WebKitGTK and WPE WebKit before 2.46.0. Credit to Ron Masas. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: This issue was addressed through improved state management. WebKit Bugzilla: 268724 CVE-2024-40866 Versions affected: WebKitGTK and WPE WebKit before 2.46.0. Credit to Hafiizh and YoKo Kho (@yokoacc) of HakTrak. Impact: Visiting a malicious website may lead to address bar spoofing. Description: The issue was addressed with improved UI. WebKit Bugzilla: 279451 CVE-2024-44187 Versions affected: WebKitGTK and WPE WebKit before 2.46.0. Credit to Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India). Impact: A malicious website may exfiltrate data cross-origin. Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. WebKit Bugzilla: 279452
https://webkitgtk.org/security/WSA-2024-0006.html * CVE-2024-44185 Versions affected: WebKitGTK and WPE WebKit before 2.46.0. Credit to Gary Kwong. Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved checks. WebKit Bugzilla: 276097 * CVE-2024-44244 Versions affected: WebKitGTK and WPE WebKit before 2.46.3. Credit to an anonymous researcher, Q1IQ (@q1iqF) and P1umer (@p1umer). Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 279780 * CVE-2024-44296 Versions affected: WebKitGTK and WPE WebKit before 2.46.3. Credit to Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India). Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: The issue was addressed with improved checks. WebKit Bugzilla: 278765
