The following vulnerabilities have been discovered in the WebKitGTK web engine:
CVE-2024-54551
ajajfxhj discovered that processing web content may lead to a denial-of-service.
CVE-2025-24208
Muhammad Zaid Ghifari and Kalimantan Utara discovered that loading a malicious iframe may lead to a cross-site scripting attack.
CVE-2025-24209
Francisco Alonso and an anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-24213
The Google V8 Security Team discovered that a type confusion issue could lead to memory corruption. Note that this CVE is fixed only on ARM architectures. x86_64 is not vulnerable, x86 is not vulnerable when the SSE2 instruction set is enabled; but other architectures remain vulnerable.
CVE-2025-24216
Paul Bakker discovered that processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-24264
Gary Kwong and an anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected crash.
CVE-2025-30427
rheza discovered that processing maliciously crafted web content may lead to an unexpected crash.
https://security-tracker.debian.org/tracker/DSA-5899-1
Continue reading...
CVE-2024-54551
ajajfxhj discovered that processing web content may lead to a denial-of-service.
CVE-2025-24208
Muhammad Zaid Ghifari and Kalimantan Utara discovered that loading a malicious iframe may lead to a cross-site scripting attack.
CVE-2025-24209
Francisco Alonso and an anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-24213
The Google V8 Security Team discovered that a type confusion issue could lead to memory corruption. Note that this CVE is fixed only on ARM architectures. x86_64 is not vulnerable, x86 is not vulnerable when the SSE2 instruction set is enabled; but other architectures remain vulnerable.
CVE-2025-24216
Paul Bakker discovered that processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-24264
Gary Kwong and an anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected crash.
CVE-2025-30427
rheza discovered that processing maliciously crafted web content may lead to an unexpected crash.
https://security-tracker.debian.org/tracker/DSA-5899-1
Continue reading...
