GNOME WebKitGTK UIProcess Subsystem Buffer Overflow Vulnerability – Apr 2019

Preface: A browser engine is a core software component of every major web browser. Apart of “browser engine”, two other terms are in common use regarding related concepts: “layout engine” and “rendering engine”

Synopsis:

A rendering engine is used by a Web browser to eender HTML pages, by mail programs that render HTML email message, as well as any other application that needs to render Web page content.
WebKitGTK is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
WebKit is the web browser engine used by Safari, Mail, App Store, and many other apps on macOS, iOS, and Linux.

Vulnerability: A vulnerability in GNOME WebKitGTK could allow an unauthenticated, remote attacker to compromise a targeted system completely. The successful exploit could cause a buffer overflow condition, allowing the attacker to compromise the system completely.

Fixed Software: https://github.com/WebKit/webkit/commit/6f9b511a115311b13c06eb58038ddc2c78da5531

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.