The following vulnerabilities have been discovered in the WebKitGTK web engine:
CVE-2025-6558
Clement Lecigne and Vlad Stolyarov discovered that processing maliciously crafted web content may lead to an unexpected crash.
CVE-2025-31273
Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that processing maliciously crafted web content may lead to memory corruption.
CVE-2025-31278
Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43211
Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that processing web content may lead to a denial-of-service.
CVE-2025-43212
Nan Wang and Ziling Chen discovered that processing maliciously crafted web content may lead to an unexpected crash.
CVE-2025-43216
Ignacio Sanmillan discovered that processing maliciously crafted web content may lead to an unexpected crash.
CVE-2025-43227
Gilad Moav discovered that processing maliciously crafted web content may disclose sensitive user information.
CVE-2025-43228
Jaydev Ahire discovered that visiting a malicious website may lead to address bar spoofing.
CVE-2025-43240
Syarif Muhammad Sajjad discovered that a download's origin may be incorrectly associated.
CVE-2025-43265
HexRabbit discovered that processing maliciously crafted web content may disclose internal states of the app.
https://security-tracker.debian.org/tracker/DSA-5978-1
Continue reading...
CVE-2025-6558
Clement Lecigne and Vlad Stolyarov discovered that processing maliciously crafted web content may lead to an unexpected crash.
CVE-2025-31273
Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that processing maliciously crafted web content may lead to memory corruption.
CVE-2025-31278
Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43211
Yuhao Hu, Yan Kang, Chenggang Wu, and Xiaojie Wei discovered that processing web content may lead to a denial-of-service.
CVE-2025-43212
Nan Wang and Ziling Chen discovered that processing maliciously crafted web content may lead to an unexpected crash.
CVE-2025-43216
Ignacio Sanmillan discovered that processing maliciously crafted web content may lead to an unexpected crash.
CVE-2025-43227
Gilad Moav discovered that processing maliciously crafted web content may disclose sensitive user information.
CVE-2025-43228
Jaydev Ahire discovered that visiting a malicious website may lead to address bar spoofing.
CVE-2025-43240
Syarif Muhammad Sajjad discovered that a download's origin may be incorrectly associated.
CVE-2025-43265
HexRabbit discovered that processing maliciously crafted web content may disclose internal states of the app.
https://security-tracker.debian.org/tracker/DSA-5978-1
Continue reading...
