The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-0108 Luan Herrera discovered that an HTML document may be able to render iframes with sensitive user information. CVE-2022-32885 P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-27932 An anonymous researcher discovered that processing maliciously crafted web content may bypass Same Origin Policy. CVE-2023-27954 An anonymous researcher discovered that a website may be able to track sensitive user information. CVE-2023-28205 Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.