Versions affected: WebKitGTK and WPE WebKit before 2.36.5. Credit to @real_as3617, an anonymous researcher. Impact: Visiting a website that frames malicious content may lead to UI spoofing. Description: The issue was addressed with improved UI handling. https://webkitgtk.org/security/WSA-2022-0009.html
Created webkit2gtk3 tracking bugs for this issue: Affects: fedora-all [bug 2128649]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-32891
This CVE was fixed by https://errata.devel.redhat.com/advisory/93857 and https://errata.devel.redhat.com/advisory/94598. Looks like we forgot to create RHEL bugs and attach the CVE identifier to the errata by mistake. The upstream fix is https://github.com/WebKit/WebKit/commit/9b9da1b63f9db0bfb2e25fcbcfb89c246913b72e