QID 198312

Date Published: 2021-04-06

QID 198312: Ubuntu Security Notification for Webkit2gtk Vulnerabilities (USN-4894-1)

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines.

If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as High - 7.5 severity.
  • Solution
    Refer to Ubuntu advisory USN-4894-1 for affected packages and patching details, or update with your package manager.
    Vendor References
    Software Advisories
    Advisory ID Software Component Link
    USN-4894-1 18.04 (bionic) on src libjavascriptcoregtk-4.0-18 URL Logo launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.18.04.1
    USN-4894-1 18.04 (bionic) on src libwebkit2gtk-4.0-37 URL Logo launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.18.04.1
    USN-4894-1 20.04 (focal) on src libjavascriptcoregtk-4.0-18 URL Logo launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.04.1
    USN-4894-1 20.04 (focal) on src libwebkit2gtk-4.0-37 URL Logo launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.04.1
    USN-4894-1 20.10 (groovy) on src libjavascriptcoregtk-4.0-18 URL Logo launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.10.1
    USN-4894-1 20.10 (groovy) on src libwebkit2gtk-4.0-37 URL Logo launchpad.net/ubuntu/+source/webkit2gtk/2.30.6-0ubuntu0.20.10.1