Not a user yet?
Log in Register for free Suggest a product
Update

A cross-origin issue in the Navigation API was addressed with improved input validation.

SafariSafari
Apple

Safari 26.4
Released March 24, 2026

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 304951
CVE-2026-20665: webb

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may bypass Same Origin Policy
Description: A cross-origin issue in the Navigation API was addressed with improved input validation.
WebKit Bugzilla: 306050
CVE-2026-20643: Thomas Espach

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: A logic issue was addressed with improved checks.
WebKit Bugzilla: 305859
CVE-2026-28871: @hamayanhamayan

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 306136
CVE-2026-20664: Daniel Rhea, Söhnke Benedikt Fischedick (Tripton), Emrovsky & Switch, Yevhen Pervushyn
WebKit Bugzilla: 307723
CVE-2026-28857: Narcis Oliveras Fontàs, Söhnke Benedikt Fischedick (Tripton), Daniel Rhea, Nathaniel Oh (@calysteon)

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: A malicious website may be able to access script message handlers intended for other origins
Description: A logic issue was addressed with improved state management.
WebKit Bugzilla: 307014
CVE-2026-28861: Hongze Wu and Shuaike Dong from Ant Group Infrastructure Security Team

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: A malicious website may be able to process restricted web content outside the sandbox
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 308248
CVE-2026-28859: greenbynox, Arni Hardarson

WebKit Sandboxing
Available for: macOS Sonoma and macOS Sequoia
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: An authorization issue was addressed with improved state management.
WebKit Bugzilla: 306827
CVE-2026-20691: Gongyu Ma (@Mezone0)

More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Apple updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad