The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30887 Narendra Bhati discovered that processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. CVE-2021-30890 An anonymous researcher discovered that processing maliciously crafted web content may lead to universal cross site scripting.