webkit2gtk3 was updated to fix the following issues: Update to version 2.44.0 : * CVE-2024-23252: Credit to anbu1024 of SecANT. Impact: Processing web content may lead to a denial-of-service. Description: The issue was addressed with improved memory handling. * CVE-2024-23254: Credit to James Lee . Impact: A malicious website may exfiltrate audio data cross-origin. Description: The issue was addressed with improved UI handling. * CVE-2024-23263: Credit to Johan Carlsson . Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: A logic issue was addressed with improved validation. * CVE-2024-23280: Credit to An anonymous researcher. Impact: A maliciously crafted webpage may be able to fingerprint the user. Description: An injection issue was addressed with improved validation. * CVE-2024-23284: Credit to Georg Felber and Marco Squarcina. Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Description: A logic issue was addressed with improved state management. * CVE-2023-42950: Credit to Nan Wang of 360 Vulnerability Research Institute and rushikesh nandedkar. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free issue was addressed with improved memory management. * CVE-2023-42956: Credit to SungKwon Lee . Impact: Processing web content may lead to a denial-of-service. Description: The issue was addressed with improved memory handling. * CVE-2023-42843: Credit to Kacper Kwapisz . Impact: Visiting a malicious website may lead to address bar spoofing. Description: An inconsistent user interface issue was addressed with improved state management. * Make the DOM accessibility tree reachable from UI process with GTK4. * Removed the X11 and WPE renderers in favor of DMA-BUF. * Improved vblank synchronization when rendering. * Removed key event reinjection in GTK4 to make keyboard shortcuts work in web sites. * Fix gamepads detection by correctly handling focused window in GTK4. * Use WebAssembly on aarch64. It is the upstream default and no longer makes the build fail. Stop passing -DENABLE_C_LOOP=ON, -DENABLE_WEBASSEMBLY=OFF and -DENABLE_SAMPLING_PROFILER=OFF for the same reason.