RESOLVED WORKSFORME236492
Information request for CVE-2022-22620 
https://bugs.webkit.org/show_bug.cgi?id=236492
Summary Information request for CVE-2022-22620
Gianluca Gabrielli
Reported 2022-02-11 01:10:16 PST
I saw that Apple released an update to fix a wildly exploited 0day, I'm talking about CVE-2022-22620. Do you have any extra information to share? I mainly interested if other projects might be affected as well, like Chromium, gtk, qt, etc.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-02-11 01:10:27 PST
<rdar://problem/88804116>
John Wilander
Comment 2 2022-02-14 18:29:13 PST
Apple's information is disclosed in security advisories: · https://support.apple.com/en-us/HT213092 · https://support.apple.com/en-us/HT213093 I assume you already know about those. Other WebKit ports such as GTK disclose their own information, such as: · https://webkitgtk.org/security.html · https://wpewebkit.org/security/ Chromium (really Blink) forked WebKit (really WebCore) in 2014. I do not have any info on whether they are affected or not.
Brent Fulgham
Comment 3 2022-02-14 19:20:35 PST
All members of the WebKit Security Team are aware of the details of that CVE, and the changeset that resolved it. If you feel that you need to have access to this information (e.g., you represent a project that distributes WebKit in some fashion, or are a web engine developer) you should seek to be nominated to join the WebKit Security Team as a 'Vendor Contact' so that you will receive those same updates.
Note You need to log in before you can comment on or make changes to this bug.