=====================================================================

                                CERT-Renater

                    Note d'Information No. 2022/VULN230

_____________________________________________________________________

DATE                : 05/07/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running WebKitGTK, WPE WebKit versions
                                    prior to 2.36.4.

=====================================================================
https://webkitgtk.org/security/WSA-2022-0006.html
_____________________________________________________________________

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory                 WSA-2022-0006
------------------------------------------------------------------------

Date reported           : July 05, 2022
Advisory ID             : WSA-2022-0006
WebKitGTK Advisory URL  : https://webkitgtk.org/security/WSA-2022-0006.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2022-0006.html
CVE identifiers         : CVE-2022-22662, CVE-2022-22677,
                           CVE-2022-26710.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

CVE-2022-22662
     Versions affected: WebKitGTK and WPE WebKit before 2.36.0.
     Credit to Prakash (@1lastBr3ath) of Threat Nix.
     Impact: Processing maliciously crafted web content may disclose
     sensitive user information. Description: A cookie management
     issue
     was addressed with improved state management.

CVE-2022-22677
     Versions affected: WebKitGTK and WPE WebKit before 2.36.4.
     Credit to an anonymous researcher.
     Impact: The video in a webRTC call may be interrupted if the
     audio capture gets interrupted. Description: A logic issue in
     the handling of concurrent media was addressed with improved
     state handling.

CVE-2022-26710
     Versions affected: WebKitGTK and WPE WebKit before 2.36.4.
     Credit to Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher
     lab.
     Impact: Processing maliciously crafted web content may lead to
     arbitrary code execution. Description: A use after free issue
     was addressed with improved memory management.


We recommend updating to the latest stable versions of WebKitGTK and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about
the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

The WebKitGTK and WPE WebKit team,

July 05, 2022


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================