The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2023-42843

Kacper Kwapisz discovered that visiting a malicious website may
lead to address bar spoofing.

CVE-2023-42950

Nan Wang and Rushikesh Nandedkar discovered that processing
maliciously crafted web content may lead to arbitrary code
execution.

CVE-2023-42956

SungKwon Lee discovered that processing web content may lead to a
denial-of-service.

CVE-2024-23252

anbu1024 discovered that processing web content may lead to a
denial-of-service.

CVE-2024-23254

James Lee discovered that a malicious website may exfiltrate audio
data cross-origin.

CVE-2024-23263

Johan Carlsson discovered that processing maliciously crafted web
content may prevent Content Security Policy from being enforced.

CVE-2024-23280

An anonymous researcher discovered that a maliciously crafted
webpage may be able to fingerprint the user.

CVE-2024-23284

Georg Felber and Marco Squarcina discovered that processing
maliciously crafted web content may prevent Content Security
Policy from being enforced.

https://security-tracker.debian.org/tracker/DSA-5684-1

Read More

Nick Galloway discovered an integer overflow in dav1d, a fast and small
AV1 video stream decoder which could result in memory corruption.

https://security-tracker.debian.org/tracker/DSA-5686-1

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More

Post Content

Read More