WebKitGTK and WPE WebKit UIProcess Crash

HIGH (7.5) No Patch (18 days)
cwe-190doslinux-distributionremote-inspector-serverui-process-crashwebkitgtkwpe-webkit

Threat Intelligence

Low Risk
EPSS Score: 0.06% chance of exploitation (percentile: 18%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

WebKitGTK and WPE WebKit are web browsers used by various Linux distributions. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server. If you use these browsers, you're exposed to potential crashes and security issues.

Am I affected?

You're affected if you use A flaw was found. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Red Hat Enterprise Linux / WebKitGTK

How to fix

Upgrade to WebKitGTK 5.1.3 or later.
- For immediate mitigations:
- Disable remote inspector server access (not recommended for development purposes)
- Apply a patch from the Linux distribution's security team

References