Bug 2271437 (CVE-2022-32919)

Summary: CVE-2022-32919 webkitgtk: Visiting a website that frames malicious content may lead to UI spoofing.
Product: [Other] Security Response Reporter: Marco Benatto <mbenatto>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in WebKitGTK and WPE WebKit that allows a remote attacker to conduct spoofing attacks by exploiting improper UI handling. This flaw enables attackers to create specially crafted websites that can display misleading information to users. By exploiting this vulnerability, an attacker can trick users into believing they are interacting with a legitimate website, potentially leading to a UI spoofing attack.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2271438    
Bug Blocks: 2271436    

Description Marco Benatto 2024-03-25 16:53:46 UTC 
Visiting a website that frames malicious content may lead to UI spoofing. The issue was addressed with improved UI handling.
Comment 1 Marco Benatto 2024-03-25 16:54:20 UTC 
Created webkitgtk tracking bugs for this issue:

Affects: fedora-all [bug 2271438]
Comment 6 errata-xmlrpc 2025-02-25 11:28:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7055 https://access.redhat.com/errata/RHSA-2023:7055
Comment 7 errata-xmlrpc 2025-02-25 13:24:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:6535 https://access.redhat.com/errata/RHSA-2023:6535