The following vulnerabilities have been discovered in the WebKitGTK web engine:
CVE-2025-14174
Apple and the Google Threat Analysis Group discovered that processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-43529 was also issued in response to this report.
CVE-2025-43501
Hossein Lotfi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43529
The Google Threat Analysis Group discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
CVE-2025-43531
Phil Pizlo discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43535
Google Big Sleep / Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43536
Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43541
Hossein Lotfi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
https://security-tracker.debian.org/tracker/DSA-6083-1
Continue reading...
CVE-2025-14174
Apple and the Google Threat Analysis Group discovered that processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-43529 was also issued in response to this report.
CVE-2025-43501
Hossein Lotfi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43529
The Google Threat Analysis Group discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
CVE-2025-43531
Phil Pizlo discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43535
Google Big Sleep / Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43536
Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43541
Hossein Lotfi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
https://security-tracker.debian.org/tracker/DSA-6083-1
Continue reading...
