CVE-2019-8720
📋 TL;DR
CVE-2019-8720 is a memory corruption vulnerability in WebKit that allows arbitrary code execution when processing malicious web content. This affects any application using WebKit for web rendering, including browsers and web views in applications. Attackers can exploit this to take control of affected systems.
💻 Affected Systems
- WebKitGTK
- WebKit
- Applications using WebKit rendering engine
- GNOME Web (Epiphany)
- WPE WebKit
📦 What is this software?
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Power Big Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Big Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Scientific Computing by Redhat
View all CVEs affecting Enterprise Linux For Scientific Computing →
Enterprise Linux Server Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Server Update Services For Sap Solutions →
Enterprise Linux Server Update Services For Sap Solutions by Redhat
View all CVEs affecting Enterprise Linux Server Update Services For Sap Solutions →
Webkitgtk by Webkitgtk
Wpe Webkit by Wpewebkit
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control, data theft, and lateral movement capabilities.
Likely Case
Remote code execution leading to malware installation, credential theft, or system disruption.
If Mitigated
Limited impact with proper sandboxing and memory protection mechanisms in place.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website). CISA lists this as known exploited. Multiple memory corruption issues were addressed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: WebKitGTK 2.26.0 and later
Vendor Advisory: https://webkitgtk.org/security/WSA-2019-0005.html
Restart Required: Yes
Instructions:
1. Update WebKitGTK to version 2.26.0 or later. 2. For Linux distributions, use package manager: 'sudo apt update && sudo apt upgrade webkit2gtk' (Debian/Ubuntu) or 'sudo yum update webkit2gtk3' (RHEL/CentOS). 3. Restart all applications using WebKit.
🔧 Temporary Workarounds
Disable JavaScript
linuxDisable JavaScript in WebKit-based applications to prevent exploitation through malicious scripts
gsettings set org.gnome.Epiphany.web enable-javascript false
Configure application settings to disable JavaScript
Use alternative browser
allSwitch to browsers not using WebKit engine (Firefox, Chromium) for web browsing
🧯 If You Can't Patch
- Implement strict network filtering to block access to untrusted websites
- Use application sandboxing/containerization to limit impact of potential exploitation
🔍 How to Verify
Check if Vulnerable:
Check WebKitGTK version: 'pkg-config --modversion webkit2gtk-4.0' or 'webkit2gtk-4.0 --version'Check Version:
pkg-config --modversion webkit2gtk-4.0Verify Fix Applied:
Verify version is 2.26.0 or higher: 'pkg-config --modversion webkit2gtk-4.0 | grep -q "^2\.2[6-9]\|^[3-9]" && echo "Patched" || echo "Vulnerable"'📡 Detection & Monitoring
Log Indicators:
- Application crashes in WebKit processes
- Unusual memory access patterns in system logs
- Suspicious child process creation from browser processes
Network Indicators:
- Connections to known malicious domains from WebKit applications
- Unusual outbound traffic patterns following web browsing
SIEM Query:
process_name:"WebKit" AND (event_type:crash OR parent_process:unusual)