The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-22589 Heige and Bo Qu discovered that processing a maliciously crafted mail message may lead to running arbitrary javascript. CVE-2022-22590 Toan Pham discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-22592 Prakash discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2022-22620 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.