The following vulnerabilities have been discovered in the WebKitGTK web engine:
CVE-2025-43214
shandikri discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43457
Gary Kwong and Hossein Lotfi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43511
Lee Dong Ha discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20608
HanQing and Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20635
EntryHi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20636
EntryHi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20644
HanQing and Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20652
Nathaniel Oh discovered that a remote attacker may be able to cause a denial-of-service.
CVE-2026-20676
Tom Van Goethem discovered that a website may be able to track users through web extensions.
https://security-tracker.debian.org/tracker/DSA-6172-1
Continue reading...
CVE-2025-43214
shandikri discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43457
Gary Kwong and Hossein Lotfi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43511
Lee Dong Ha discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20608
HanQing and Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20635
EntryHi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20636
EntryHi discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20644
HanQing and Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-20652
Nathaniel Oh discovered that a remote attacker may be able to cause a denial-of-service.
CVE-2026-20676
Tom Van Goethem discovered that a website may be able to track users through web extensions.
https://security-tracker.debian.org/tracker/DSA-6172-1
Continue reading...
