Then please check this CVE-2023-26081 : In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because aut
and here is a proof of concept Unsandboxed Password Manager · Advisory · google/security-research · GitHub
and here is another one CVE-2022-29536 : In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_strin
it is easy to write a proof of concept for it.
before i made my post i tested both of them and i was able to replicate them, then i used the flatpak version and i wasn’t able to replicate them.
and yes i am aware that Epiphany is using WebKitGTK.
Also here is Guido Gunther who reported CVE-2022-29536 CVE-2022-29536 (#39) · Issues · Librem5 / debs / Epiphany · GitLab in Jun 2022.
and you also have CVE-2021-45085, CVE-2021-45086, CVE-2021-45087, CVE-2021-45088 which from checking the code i wasn’t able to find the fixes that were implemented here Various XSS, including via page titles in about:overview (CVE-2021-45085, CVE-2021-45086, CVE-2021-45087, CVE-2021-45088) (#1612) · Issues · GNOME / Epiphany · GitLab