AVG-2792 log

Package webkit2gtk-5.0
Status Fixed
Severity Critical
Type multiple issues
Affected 2.36.4-2
Fixed 2.36.5-1
Current 2.38.2-1 [extra]
Ticket None
Created Thu Jul 28 21:20:57 2022
Issue Severity Remote Type Description
CVE-2022-32816 High Yes Content spoofing
Visiting a website that frames malicious content may lead to UI spoofing.
CVE-2022-32792 Critical Yes Arbitrary code execution
Processing maliciously crafted web content may lead to arbitrary code execution.
References
https://webkitgtk.org/security/WSA-2022-0007.html
Notes
Our WebKit2GTK and WPE WebKit versions are not affected by the 'CVE-2022-2294' vulnerability because our packages are not built using the 'USE_LIBWEBRTC' CMake option.