Skip to content
Tech News
← Back to articles

Safari 26.5 fixes WebKit bugs that could crash Safari or expose user data

2026-05-14 | original
read original get WebKit Developer Tools → more articles
Why This Matters

Safari 26.5's security updates are crucial for protecting users from WebKit vulnerabilities that could lead to crashes or data leaks. These fixes enhance browser stability and safeguard sensitive information, reinforcing Apple's commitment to security. Staying updated ensures a safer browsing experience amid evolving web threats.

Key Takeaways

Apple has published the full list of security fixes for Safari 26.5, including a WebKit vulnerability that could let maliciously crafted web content disclose sensitive user information. Here are the details.

Apple releases security content for Safari 26.5

Earlier this week, Apple released iOS 26.5 and its counterparts, along with updates for older versions of iOS, iPadOS, and macOS.

On that same day, the company released the full security content for each update, and you can find more details about it here.

Now, Apple has released the security content for Safari 26.5, which includes fixes for 20 WebKit vulnerabilities, as well as a WebRTC issue that could cause an unexpected process crash.

Here’s the full security content of Safari 26.5:

WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A validation issue was addressed with improved logic. WebKit Bugzilla: 308906 CVE-2026-43660: Cantina WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: The issue was addressed with improved input validation. WebKit Bugzilla: 308675 CVE-2026-28907: Cantina WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may disclose sensitive user information Description: This issue was addressed with improved access restrictions. WebKit Bugzilla: 309698 CVE-2026-28962: Luke Francis, Vaagn Vardanian, kwak kiyong / kakaogames, Vitaly Simonovich, Adel Bouachraoui, greenbynox WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 307669 CVE-2026-43658: Do Young Park WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 308545 CVE-2026-28905: Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang WebKit Bugzilla: 308707 CVE-2026-28847: DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea WebKit Bugzilla: 309601 CVE-2026-28904: Luka Rački WebKit Bugzilla: 310880 CVE-2026-28955: wac and Kookhwan Lee working with TrendAI Zero Day Initiative WebKit Bugzilla: 310303 CVE-2026-28903: Mateusz Krzywicki (iVerify.io) WebKit Bugzilla: 309628 CVE-2026-28953: Maher Azzouzi WebKit Bugzilla: 309861 CVE-2026-28902: Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon) WebKit Bugzilla: 310207 CVE-2026-28901: Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io WebKit Bugzilla: 311631 CVE-2026-28913: an anonymous researcher WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 313939 CVE-2026-28883: kwak kiyong / kakaogames WebKit Available for: macOS Sonoma and macOS Sequoia Impact: An app may be able to access sensitive user data Description: This issue was addressed with improved data protection. WebKit Bugzilla: 311228 CVE-2026-28958: Cantina WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved input validation. WebKit Bugzilla: 310527 CVE-2026-28917: Vitaly Simonovich WebKit Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 310234 CVE-2026-28947: dr3dd WebKit Bugzilla: 310544 CVE-2026-28946: Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox WebKit Bugzilla: 312180 CVE-2026-28942: Milad Nasr and Nicholas Carlini with Claude, Anthropic WebKit Available for: macOS Sonoma and macOS Sequoia Impact: A malicious iframe may use another website’s download settings Description: The issue was addressed with improved UI handling. CVE-2026-28971: Khiem Tran WebKit Bugzilla: 311288 WebRTC Available for: macOS Sonoma and macOS Sequoia Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 311131 CVE-2026-28944: Kenneth Hsu of Palo Alto Networks, Jérôme DJOUDER, dr3dd

If your Mac is compatible with Safari 26.5, it might be a good idea to make sure you’re running the latest version as soon as possible.

To learn more about Apple’s security releases, follow this link.

Worth checking out on Amazon

Explore topics: webkit safari 26.5 apple webrtc macos sonoma
Related:
Foxconn Attack Highlights Manufacturing's Cyber Crisis
Desperate Trump taps "Tim Apple," Jensen Huang, Elon Musk to attend Xi summit
Best MP3 Players for 2026
Don't Miss These iPhone Lock Screen Changes in iOS 26
Your iPhone Gets Stolen. Then the Hacking Begins

© 2026 GoKawiil

About | Editorial Policy | Contact