WebKitGTK and WPE WebKit Security Advisory WSA-2021-0007
-
Date Reported: December 20, 2021
-
Advisory ID: WSA-2021-0007
-
CVE identifiers: CVE-2021-30809, CVE-2021-30818, CVE-2021-30823, CVE-2021-30836, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897.
Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
- CVE-2021-30809
- Versions affected: WebKitGTK and WPE WebKit before 2.32.4.
- Credit to an anonymous researcher.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management.
- CVE-2021-30818
- Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
- Credit to Amar Menezes (@amarekano) of Zon8Research.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A type confusion issue was addressed with improved state handling.
- CVE-2021-30823
- Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
- Credit to David Gullasch of Recurity Labs.
- Impact: An attacker in a privileged network position may be able to bypass HSTS. Description: A logic issue was addressed with improved restrictions.
- CVE-2021-30836
- Versions affected: WebKitGTK and WPE WebKit before 2.32.4.
- Credit to Peter Nguyen Vu Hoang of STAR Labs.
- Impact: Processing a maliciously crafted audio file may disclose restricted memory. Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-30884
- Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
- Credit to an anonymous researcher.
- Impact: Visiting a maliciously crafted website may reveal a user’s browsing history. Description: The issue was resolved with additional restrictions on CSS compositing.
- CVE-2021-30887
- Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
- Credit to Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd.
- Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. Description: A logic issue was addressed with improved restrictions.
- CVE-2021-30888
- Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
- Credit to Prakash (@1lastBr3ath).
- Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior. Description: An information leakage issue was addressed.
- CVE-2021-30889
- Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
- Credit to Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution, Description: A buffer overflow issue was addressed with improved memory handling.
- CVE-2021-30890
- Versions affected: WebKitGTK and WPE WebKit before 2.34.3.
- Credit to an anonymous researcher.
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue was addressed with improved state management.
- CVE-2021-30897
- Versions affected: WebKitGTK and WPE WebKit before 2.34.0.
- Credit to an anonymous researcher.
- Impact: A malicious website may exfiltrate data cross-origin. Description: An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented.
We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.
Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.