The WebKit rendering engine used in many Linux applications is a complete security mess. That’s the takeaway from a blog post by Michael Catanzaro, who works on GNOME’s WebKitGTK+ project. He’s sounding the alarm about a problem the open-source community needs to fix.
Most web browsers issue regular security updates to their users. But, if you’re using a WebKit-based browser, or email client, or any other application that uses that rendering engine, on Linux, you almost certainly aren’t getting security updates.
WebKit is a large open-source project. Apple uses WebKit for Safari on Mac and iOS, and those versions of WebKit receive regular security updates. But the WebKit port used for Linux does not.
The common port used by Linux distros is WebKitGTK+, which is associated with GNOME software and other applications that use the GTK+ toolkit. This includes Epiphany, GNOME’s flagship web browser, often called simply “Web” or “GNOME Web.” It also includes a variety of other applications, such as the Evolution email client, Midori web browser, GIMP image-editing program, Banshee and Rhythmbox media players, and many other programs.
Submitted by: Arnfried Walbrecht