WebKitGTK Crash Due to Malicious Web Content

HIGH (8.8) No Patch (9 days)
cwe-120chromiumcrashdenial-of-servicegtkremote-code-executionwebkitwebkit-enginewebkitgtk

Threat Intelligence

Low Risk
EPSS Score: 0.05% chance of exploitation (percentile: 16%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

WebKitGTK is a webkit-based browser engine used in various desktop applications. This vulnerability allows attackers to cause an unexpected process crash by processing malicious web content, which can lead to a denial-of-service (DoS) attack.

Am I affected?

You're affected if you use A flaw was found. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

Affected Products

Red Hat / WebKitGTK

How to fix

  1. Update to WebKitGTK 2.30.2 or later from the official Red Hat repositories.
  2. For RHEL 8 and later: sudo dnf install --enablerepo=RedHat-Enterprise-Linux-8 webkit2gtk
  3. For CentOS 8 and later: sudo yum install --enablerepo=RedHat-Enterprise-Linux-8 webkit2gtk
  4. If an update isn't possible immediately, consider applying immediate mitigations:
  5. Restrict network access to your application (firewall it from the public internet)
  6. Monitor for suspicious activity

References