INFSA-2025:17802: webkit2gtk3 security update
Information about definition
Identificator: INFSA-2025:17802
Type: security
Release date: 2025-10-17 10:50:22 UTC
Information about package
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Vulnerabilities description
- CVE-2025-43272
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
- CVE-2025-43342
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper checks.
- CVE-2025-43356
A flaw was found in WebKitGTK. A malicious website can obtain access to sensor information without user consent due to improper handling of caches.
- CVE-2025-43368
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-43272
|
no information | 8.8 | no information |
|
NIST — CVE-2025-43342
|
no information | 8.8 | no information |
|
NIST — CVE-2025-43356
|
no information | 6.5 | no information |
|
NIST — CVE-2025-43368
|
no information | 8.8 | no information |
Updated packages
Preparing to download...