Red Hat Product Errata RHSA-2026:10702 - Security Advisory Issued: 2026-04-27 Updated: 2026-04-27 RHSA-2026:10702 - Security Advisory Overview Updated Packages Synopsis Important: webkit2gtk3 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213) webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214) webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511) webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644) webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652) webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676) webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664) webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665) webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691) webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857) webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859) webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2448781 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash BZ - 2448782 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash BZ - 2448786 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash BZ - 2448787 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448788 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app BZ - 2448789 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448790 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448791 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448792 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2448793 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service BZ - 2448794 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions BZ - 2453000 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy BZ - 2453001 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2453002 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced BZ - 2453003 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user BZ - 2453004 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash BZ - 2453006 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox BZ - 2453008 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack CVEs CVE-2025-43213 CVE-2025-43214 CVE-2025-43457 CVE-2025-43511 CVE-2025-46299 CVE-2026-20608 CVE-2026-20635 CVE-2026-20636 CVE-2026-20643 CVE-2026-20644 CVE-2026-20652 CVE-2026-20664 CVE-2026-20665 CVE-2026-20676 CVE-2026-20691 CVE-2026-28857 CVE-2026-28859 CVE-2026-28871 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM webkit2gtk3-2.52.3-1.el8_10.src.rpm SHA-256: 70edec2fcc7acbe3d8e9204c73b8852287121b904208b5b9fef4a154f2bc535f x86_64 webkit2gtk3-2.52.3-1.el8_10.i686.rpm SHA-256: 14add2ac76f261702a9cebfbd2921f4aa8c0c2516205a054f347b0c5da6ab44d webkit2gtk3-2.52.3-1.el8_10.x86_64.rpm SHA-256: 5360ecea44ec02959af53d0e606f5edab9a6c1985b9bd1226228118736168ddb webkit2gtk3-debuginfo-2.52.3-1.el8_10.i686.rpm SHA-256: 62492e4cba79b55a2db172ee1ab3ef9188b0f7257bf9f3d89bebfaa04ead540e webkit2gtk3-debuginfo-2.52.3-1.el8_10.x86_64.rpm SHA-256: 567a46c96529608dc766503ddfdb822c71bfdbd413b8cf7788945a57436bdc4a webkit2gtk3-debugsource-2.52.3-1.el8_10.i686.rpm SHA-256: b905d5836738df649a2047bb89dc96886234bfcda6b8b61e307bc6114eb9a9c0 webkit2gtk3-debugsource-2.52.3-1.el8_10.x86_64.rpm SHA-256: 83b1d2bbc84a09a9e964abb27f14a05b8e9f241f54a4a5e2a09a8552be37bad8 webkit2gtk3-devel-2.52.3-1.el8_10.i686.rpm SHA-256: 70324954aaef710f2620bf6415878b2d650880bbfc7bd1ffc7d198c661fa77f4 webkit2gtk3-devel-2.52.3-1.el8_10.x86_64.rpm SHA-256: 2fd7c8682d5017f214f47acacce5d0b2b17f96c1fcffb9fda499e89a0eb32e9c webkit2gtk3-devel-debuginfo-2.52.3-1.el8_10.i686.rpm SHA-256: ae54fd554d4b313baa62692f34be8389cae5d89e9abbb5acfea4e7436a0363d5 webkit2gtk3-devel-debuginfo-2.52.3-1.el8_10.x86_64.rpm SHA-256: 919736693a6a7cda8a7e16587a49a446a00e25270bcbec5566b4804173ba6a7f webkit2gtk3-jsc-2.52.3-1.el8_10.i686.rpm SHA-256: c72987a4135e020e6fbd6e29ab6318eb57d076eb0b99c3c63b23aab4e9824849 webkit2gtk3-jsc-2.52.3-1.el8_10.x86_64.rpm SHA-256: a1167ccab8e81c499b9a32ac0b52c52346fa4dbf81e8245c8d589240b90246b8 webkit2gtk3-jsc-debuginfo-2.52.3-1.el8_10.i686.rpm SHA-256: 5986b3286578a4712de95f186204fb91e8898ecbbd42ff43244a2a16a9f60a15 webkit2gtk3-jsc-debuginfo-2.52.3-1.el8_10.x86_64.rpm SHA-256: 00ed8299de705b225bbecd5802a1f15b99edc5cc2ee51b2ef163443521676896 webkit2gtk3-jsc-devel-2.52.3-1.el8_10.i686.rpm SHA-256: 708330308c1b96435521d855ecb179721004d7bd46e9fd2caa2cf51f414b4539 webkit2gtk3-jsc-devel-2.52.3-1.el8_10.x86_64.rpm SHA-256: 64c0fae3e7f7896df6d7f35eaccd0d5e382e6449bbaa7e1c01bb129275de30c2 webkit2gtk3-jsc-devel-debuginfo-2.52.3-1.el8_10.i686.rpm SHA-256: 2d2f0adf12034d61ab6ae8fc8806e234f87226598e055f1461b3a6f8f69aa269 webkit2gtk3-jsc-devel-debuginfo-2.52.3-1.el8_10.x86_64.rpm SHA-256: b870a1f3a578701d918dd6aa8ac2865f7f84f9ccba11c0fce4e7680bf2c50c4f Red Hat Enterprise Linux for IBM z Systems 8 SRPM webkit2gtk3-2.52.3-1.el8_10.src.rpm SHA-256: 70edec2fcc7acbe3d8e9204c73b8852287121b904208b5b9fef4a154f2bc535f s390x webkit2gtk3-2.52.3-1.el8_10.s390x.rpm SHA-256: ca4d530d33491346dcbf431abd851d2ce6a899a64bf5bebce3198b8b74c1ae7a webkit2gtk3-debuginfo-2.52.3-1.el8_10.s390x.rpm SHA-256: a5a10ee6d6cf47ce1a26c57e55253f63a45eee4051701e23a01fac13dd0efe91 webkit2gtk3-debugsource-2.52.3-1.el8_10.s390x.rpm SHA-256: e568bdae167772d97b9b35be955681ec27c76b143d65126ee6fe032f89d9d3cb webkit2gtk3-devel-2.52.3-1.el8_10.s390x.rpm SHA-256: c83c45f6e5fde1adfb5447fbedcee4f81fa0852f7cf2397f1a6b704a01198c6d webkit2gtk3-devel-debuginfo-2.52.3-1.el8_10.s390x.rpm SHA-256: 5cc33611e466cb8eff790339a1f42934b8a61097eb3bb3b4fc4388b4784c66d9 webkit2gtk3-jsc-2.52.3-1.el8_10.s390x.rpm SHA-256: 09991e5c0467b1796a1cc41b33d1922e92a1a49db745dbd96f2e27c77131ee50 webkit2gtk3-jsc-debuginfo-2.52.3-1.el8_10.s390x.rpm SHA-256: 743d90315689a0a5189b844c6e46c1ee4d311a006308d86aee0c5b26b15feb4f webkit2gtk3-jsc-devel-2.52.3-1.el8_10.s390x.rpm SHA-256: f3ccd585e8019411aab93c225e8457f2c57c8c7506f308f5e42d5ddd1eaea3c9 webkit2gtk3-jsc-devel-debuginfo-2.52.3-1.el8_10.s390x.rpm SHA-256: 54c5cf8bc156fd7f27a5872d8bab50bb681929b7bfc4b571e4edcba478cd0ec0 Red Hat Enterprise Linux for Power, little endian 8 SRPM webkit2gtk3-2.52.3-1.el8_10.sr