webkitgtk-2.46.4

[Bruce Dubbs]

New point version.

[zeckma]

Changes:

• Improve memory consumption and performance of Canvas getImageData.
• Fix preserve-3D intersection rendering.
• Fix video dimensions since GStreamer 1.24.9.
• Fix the HTTP-based remote Web Inspector not loading in Chromium.
• Fix content filters not working on about:blank iframes.
• Fix several crashes and rendering issues.

[Douglas R. Reno]

Security fixes:

    CVE-2024-44308
        Versions affected: WebKitGTK and WPE WebKit before 2.46.4.
        Credit to Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group.
        Impact: Processing maliciously crafted web content may lead to arbitrary code 
execution. Apple is aware of a report that this issue may have been actively exploited 
on Intel-based Mac systems. Description: The issue was addressed with improved checks.
        WebKit Bugzilla: 283063
    CVE-2024-44309
        Versions affected: WebKitGTK and WPE WebKit before 2.46.4.
        Credit to Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group.
        Impact: Processing maliciously crafted web content may lead to a cross site 
scripting attack. Apple is aware of a report that this issue may have been actively 
exploited on Intel-based Mac systems. Description: A cookie management issue was 
addressed with improved state management.
        WebKit Bugzilla: 283095

Both of these vulnerabilities are known to be exploited in the wild for both remote code execution and cross site scripting. The rating for CVE-2024-44308 is 8.8 high and there are still more reports of exploitation.

[Douglas R. Reno]

Fixed at 017ff9a4165414dbd0f04064acd69b9f2d0c02c1

SA-12.2-051 issued