The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-42843 Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. CVE-2023-42950 Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2023-42956 SungKwon Lee discovered that processing web content may lead to a denial-of-service. CVE-2024-23252 anbu1024 discovered that processing web content may lead to a denial-of-service. CVE-2024-23254 James Lee discovered that a malicious website may exfiltrate audio data cross-origin. CVE-2024-23263 Johan Carlsson discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced. CVE-2024-23280 An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. CVE-2024-23284 Georg Felber and Marco Squarcina discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.