This Week in WebKit — June 13 - June 19, 2026

A WebAuthn ceremony is scoped to a relying-party origin, and that origin is the one thing the authenticator trusts. But the UIProcess receivers for MakeCredential/GetAssertion consumed frameInfo.securityOrigin and parentOrigin straight off the IPC message, never re-deriving them from the frame's real URL. A WebContent process that's already compromised could therefore claim https://bank.com while hosted elsewhere and run a credential ceremony under the spoofed origin. The fix re-derives the origin from UIProcess-owned WebFrameProxy state and MESSAGE_CHECKs the renderer's claim — terminating the process when it lies.

The UIProcess runs unsandboxed and can read any file the user can, so the only paths it should act on are ones the user dragged or pasted in. registerAttachmentIdentifierFromFilePath skipped that check entirely, taking an arbitrary absolute path from the renderer and binding the file's bytes to an attachment that web content can read back via attachment.info.data. The regression test names /etc/passwd and expects the process to die. The fix adds a per-process allowlist populated only at real drag-drop and pasteboard grants — anything else is a confused-deputy file read.

Streaming Wasm compilation finishes on a background worklist, posting its result back through a DeferredWorkTimer ticket and a captured JSGlobalObject*. Both are scoped to the requesting iframe's realm — tear that iframe out of the DOM before compilation completes and the global is collected, the ticket cancelled and freed, yet the completion lambda dereferences both. The tell is in the removed comment: m_ticket was a PackedPtr deliberately invisible to the GC, so nothing kept the referenced state alive. The fix weak-holds the ticket via ThreadSafeWeakPtr and re-derives the global, early-returning if either is dead.

Before an indexed drawElements, ANGLE computes the highest index referenced and rejects any that exceeds the vertices the bound buffers supply. But the cardinality of the full 32-bit range needs 33 bits, and downstream consumer arithmetic narrows it to 32 — collapsing the maximal range to an apparently-empty, trivially-in-bounds value so the draw proceeds. The result is an out-of-bounds vertex-attribute read in the GPU process, reachable straight from web content via a 0xFFFFFFFF index against an undersized buffer. The fix reworks IndexRange to a start/end pair and computes vertexCount() in size_t.