WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009

• Date Reported: September 28, 2023

• Advisory ID: WSA-2023-0009

• CVE identifiers: CVE-2023-39928, CVE-2023-35074, CVE-2023-39434, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

• CVE-2023-39928
  • Versions affected: WebKitGTK and WPE WebKit before 2.42.0.
  • Credit to Marcin ‘Icewall’ Noga of Cisco Talos.
  • A use-after-free vulnerability exists in the MediaRecorder API of the WebKit GStreamer-based ports (WebKitGTK and WPE WebKit). A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. WebKit Bugzilla: 260649.
• CVE-2023-35074
  • Versions affected: WebKitGTK and WPE WebKit before 2.40.0.
  • Credit to Abysslab Dong Jun Kim(@smlijun) and Jong Seong Kim(@nevul37).
  • Impact: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling.
• CVE-2023-39434
  • Versions affected: WebKitGTK and WPE WebKit before 2.40.5.
  • Credit to Francisco Alonso (@revskills), and Dohyun Lee (@l33d0hyun) of PK Security.
  • Impact: Processing web content may lead to arbitrary code execution. Description: A use-after-free issue was addressed with improved memory management.
• CVE-2023-40451
  • Versions affected: WebKitGTK and WPE WebKit before 2.40.5.
  • Credit to an anonymous researcher.
  • Impact: An attacker with JavaScript execution may be able to execute arbitrary code. Description: This issue was addressed with improved iframe sandbox enforcement.
• CVE-2023-41074
  • Versions affected: WebKitGTK and WPE WebKit before 2.42.0.
  • Credit to 이준성(Junsung Lee) of Cross Republic and me Li.
  • Impact: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved checks.
• CVE-2023-41993
  • Versions affected: WebKitGTK and WPE WebKit before 2.42.1.
  • Credit to Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.
  • Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved checks.

We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security/.