Red Hat Product Errata RHSA-2026:9692 - Security Advisory Issued: 2026-04-22 Updated: 2026-04-22 RHSA-2026:9692 - Security Advisory Overview Updated Packages Synopsis Important: webkit2gtk3 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213) webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214) webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511) webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644) webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652) webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676) webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664) webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665) webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857) webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859) webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Fixes BZ - 2448781 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash BZ - 2448782 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash BZ - 2448786 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash BZ - 2448787 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448788 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app BZ - 2448789 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448790 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448791 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448792 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448793 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service BZ - 2448794 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions BZ - 2453000 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy BZ - 2453001 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2453002 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced BZ - 2453003 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user BZ - 2453004 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2453006 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox BZ - 2453008 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack CVEs CVE-2025-43213 CVE-2025-43214 CVE-2025-43457 CVE-2025-43511 CVE-2025-46299 CVE-2026-20608 CVE-2026-20635 CVE-2026-20636 CVE-2026-20643 CVE-2026-20644 CVE-2026-20652 CVE-2026-20664 CVE-2026-20665 CVE-2026-20676 CVE-2026-20691 CVE-2026-28857 CVE-2026-28859 CVE-2026-28871 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM webkit2gtk3-2.52.3-0.el9_7.1.src.rpm SHA-256: 21fdbc16df177ae479b7b5873aa5704e3133b6f7986b44ddc5debc27f1d0308b x86_64 webkit2gtk3-2.52.3-0.el9_7.1.i686.rpm SHA-256: 48dca43d9de395502ad74949ace1df0f7da4ef5e2b97fa096aed72dfa359a356 webkit2gtk3-2.52.3-0.el9_7.1.x86_64.rpm SHA-256: 7b77d27097a143ef15b64e6db9bb4c41e71351e78dcabea75e492e198f6feb6b webkit2gtk3-debuginfo-2.52.3-0.el9_7.1.i686.rpm SHA-256: b7dc9d27ddbfa2af9bbb151a5aad446d2dc87586cca26a073640cb3bd124c520 webkit2gtk3-debuginfo-2.52.3-0.el9_7.1.x86_64.rpm SHA-256: 0111b64a34b1c7c5d54ed5c418969c30b8821dbf39fb5998c228ca8202f48941 webkit2gtk3-debugsource-2.52.3-0.el9_7.1.i686.rpm SHA-256: 1bd72f83f68ade7bd6691e5962303e7bdefc0862eb97968ceda30f96b9dd16ea webkit2gtk3-debugsource-2.52.3-0.el9_7.1.x86_64.rpm SHA-256: ab42950940ec808a8eb1353318ca9abee89a6b305b90b6e05d8e3b9427e95046 webkit2gtk3-devel-2.52.3-0.el9_7.1.i686.rpm SHA-256: b4c048173150d8745e2cd1c4612baaff4408820ff756f6095b414e7b03f78fe8 webkit2gtk3-devel-2.52.3-0.el9_7.1.x86_64.rpm SHA-256: 8b5fe124ad4ca1167f0cbdbb9bbdea25895ab6953b6dcb8115f2f3c5d0129c43 webkit2gtk3-devel-debuginfo-2.52.3-0.el9_7.1.i686.rpm SHA-256: bcd6f5ca4a1343440ac2bf7df99f6c72c6f3f45e6837a243a35b1abaf9ace093 webkit2gtk3-devel-debuginfo-2.52.3-0.el9_7.1.x86_64.rpm SHA-256: e9d64a35e18e94f5c0285d58decce1490934212b89a5a6f104dc2feac1ce1f74 webkit2gtk3-jsc-2.52.3-0.el9_7.1.i686.rpm SHA-256: ddf8a7d9040f48350272b3e682fe5baf3861cc8ca6588965490a6cd576ff9cb5 webkit2gtk3-jsc-2.52.3-0.el9_7.1.x86_64.rpm SHA-256: 9206b4d3d6e951bf280b79eb70c578324ce8689e016e5e0984509800e2fe2570 webkit2gtk3-jsc-debuginfo-2.52.3-0.el9_7.1.i686.rpm SHA-256: 7f46f457ef7160a0ced3d809658c9f228773259e20fb077e98ef6f7583b368c0 webkit2gtk3-jsc-debuginfo-2.52.3-0.el9_7.1.x86_64.rpm SHA-256: c2574d2ff818f25411460c1914620be93e86d923b72f2b71dff40afc2481ebcd webkit2gtk3-jsc-devel-2.52.3-0.el9_7.1.i686.rpm SHA-256: b37e9d08f559c13d0d44eb5c4bdf311a6e4854520eee714d3087f5e84e905455 webkit2gtk3-jsc-devel-2.52.3-0.el9_7.1.x86_64.rpm SHA-256: 095895bddd8de646fb0c4ed573ec21cf2bc0da12ec6429fd1cee5994c2227234 webkit2gtk3-jsc-devel-debuginfo-2.52.3-0.el9_7.1.i686.rpm SHA-256: d939269dcc85299c45fb8f6e6b10e4c3dc2a7c56d85d4103d7bc07fbef2239e9 webkit2gtk3-jsc-devel-debuginfo-2.52.3-0.el9_7.1.x86_64.rpm SHA-256: 1c043ebce6739ac2bf2fda9292ded1701e9eba6cc4e4d9133f085cd20c3b8172 Red Hat Enterprise Linux for IBM z Systems 9 SRPM webkit2gtk3-2.52.3-0.el9_7.1.src.rpm SHA-256: 21fdbc16df177ae479b7b5873aa5704e3133b6f7986b44ddc5debc27f1d0308b s390x webkit2gtk3-2.52.3-0.el9_7.1.s390x.rpm SHA-256: 809c0e1c570dde1d6183fbc52bdc526da8892ed3d524a6d3b4c6c812118043cc webkit2gtk3-debuginfo-2.52.3-0.el9_7.1.s390x.rpm SHA-256: b0494bcb711dc0f87cdb67187355a26a654516e328a24fc9b70c70647ce77c0f webkit2gtk3-debugsource-2.52.3-0.el9_7.1.s390x.rpm SHA-256: 6ffd417555d5b41ea0cf02fb3e05dd2a670a955adeb9be7561d3341ecae17932 webkit2gtk3-devel-2.52.3-0.el9_7.1.s390x.rpm SHA-256: 21b2856f7d03464f3dacf3401b8908b66b5c3a5d42dd4f4fdb5eb5b2891abc7f webkit2gtk3-devel-debuginfo-2.52.3-0.el9_7.1.s390x.rpm SHA-256: 63f52a343905deb881fc22379db2024314604afd1f8e98fdbfe55308332e73d1 webkit2gtk3-jsc-2.52.3-0.el9_7.1.s390x.rpm SHA-256: 8c340542e8ada93334f62ceb7b19e74edabd40baae713db8c979dc887b2958e6 webkit2gtk3-jsc-debuginfo-2.52.3-0.el9_7.1.s390x.rpm SHA-256: d292708402d02720d1191cab0a3c1d5409ea6b4009e5413d6dc7986c5ce975dc webkit2gtk3-jsc-devel-2.52.3-0.el9_7.1.s390x.rpm SHA-256: 5851be46caa3cbe09812174a03c0cfd6365f0f56a71e76fcddb9eac9a508a6e1 webkit2gtk3-jsc-devel-debuginfo-2.52.3-0.el9_7.1.s390x.rpm SHA-256: 82de6eb3bec88af399893264f59805867ac5f02774630e49381626d8ef520be6 Red Hat Enterprise Linux for Power, little endian 9 SRPM webkit2gtk3-2.52.3-0.el9_7.1.src.rpm SHA-256: 21fdbc16df177ae479b7b5873aa5704e3133b6f7986b44ddc5debc27f1d0308b ppc64le webkit2gtk3-2.52.3-0.el9_7.1.ppc64le.rpm SHA-256: c6284eb31845f785dc2d9adac4bedb6749b6ad6ed9bc12de2cbdac2653e27606 webkit2gtk3-debuginfo-2.52.3-0.el9_7.1.ppc64le.rpm SHA-256: 94231e3c179