RHSA-2026:16695

Details:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)

• webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)

• webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)

• webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)

• webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)

• webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)

• webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)

• webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)

• webkitgtk: A malicious website may be able to process restricted web content outside the sandbox...