WebKitGTK 2.34.4 fixes "Safari leaks" vulnerability

mcatanzaro · January 21, 2022, 3:10am

Hi distributors,

WebKitGTK 2.34.4 is now available. As with most WebKitGTK releases, this release fixes numerous security issues, including an especially severe issue that allowed websites to read the names of IndexedDB databases created by other websites. This is very easy to exploit and allows any website to see sensitive private information, such as your Google account identifier. It’s also possible to determine whether the user is browsing certain websites in other tabs, depending on how those websites use IndexedDB. Needless to say, this is very bad, and you are urged to update to WebKitGTK 2.34.4 ASAP to protect your users.

The “Safari leaks” vulnerability affects WebKitGTK 2.34.0 through 2.34.3.

mcatanzaro · January 21, 2022, 3:13am

For development distros currently shipping WebKitGTK 2.35.1, use this patch. (Thank you for testing development versions of WebKitGTK!)

mcatanzaro · January 21, 2022, 3:32am

It seems webkitgtk.org is experiencing infrastructure difficulties. Bad timing.

mcatanzaro · January 21, 2022, 1:17pm

And we’re back!

(Why must this post be at least 20 characters…)

ebassi · January 21, 2022, 2:15pm

You do realise that you can edit your own posts, right? This would avoid having to deal with the minimum length.

system · February 20, 2022, 2:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.