DLA-4414-1 webkit2gtk - security update

Bulletin has no description...

CVE-2025-43536

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash. Mitigation Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify ...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

webkitgtk: A website may exfiltrate image data cross-origin

A flaw was found in WebKitGTK. A malicious website may exfiltrate image data cross-origin due to improper handling of caches...

webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management...

webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser...

webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...

[SECURITY] Fedora 42 Update: webkitgtk-2.50.3-1.fc42

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

RHEL 8 : webkit2gtk3 (RHSA-2025:23434)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23434 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkit: WebKitGTK / WPE WebKit:...

RHEL 9 : webkit2gtk3 (RHSA-2025:23452)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23452 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkit: WebKitGTK / WPE WebKit:...

[SECURITY] Fedora 43 Update: chromium-143.0.7499.109-2.fc43

Chromium is an open-source web browser, powered by WebKit Blink...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-14611link is external Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability CVE-2025-43529link is external Apple Multiple Products...

Apple Multiple Products Use-After-Free WebKit Vulnerability

Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabiliti...

PT-2025-51037

Name of the Vulnerable Software and Affected Versions: WebKitGTK versions 2.50.4-0ubuntu0.25.04.1, Apple iOS, iPadOS, macOS, Safari, tvOS, and visionOS versions prior to 26.2. Description: This vulnerability is a use-after-free issue in WebKit, potentially leading to arbitrary code execution. The...

About the security content of Safari 26.2

About the security content of Safari 26.2 This document describes the security content of Safari 26.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS

A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash DoS via a crafted payload to the GLib remote inspector server...