The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. https://crbug.com/396544 https://src.chromium.org/viewvc/blink?revision=179240&view=revision External References: http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
While WebKit contains NavigationScheduler, it does not seem to contain functionality corrected by the fix for this issue. Note that XSS auditor is feature of the Chrome/Chromium browser, hence consider WebKitGTK versions unaffected. I haven't investigated QtWebKit, it's likely unaffected too.
This issue has been addressed in the following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2014:1626 https://rhn.redhat.com/errata/RHSA-2014-1626.html