------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2025-0008 ------------------------------------------------------------------------
Date reported : December 01, 2025 Advisory ID : WSA-2025-0008 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2025-0008.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2025-0008.html CVE identifiers : CVE-2023-43000, CVE-2025-43392, CVE-2025-43419, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-43480. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2023-43000 Versions affected: WebKitGTK and WPE WebKit before 2.42.0. Credit to Apple. Impact: Processing maliciously crafted web content may lead to memory corruption. Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 255951 CVE-2025-43392 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to Tom Van Goethem. Impact: A website may exfiltrate image data cross-origin. Description: The issue was addressed with improved handling of caches. WebKit Bugzilla: 297566 CVE-2025-43419 Versions affected: WebKitGTK and WPE WebKit before 2.50.0. Credit to Ignacio Sanmillan (@ulexec). Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 293895 CVE-2025-43425 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298851 CVE-2025-43427 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to Gary Kwong, rheza (@ginggilBesel). Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management. WebKit Bugzilla: 298628 CVE-2025-43429 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to Google Big Sleep. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A buffer overflow was addressed with improved bounds checking. WebKit Bugzilla: 298232 CVE-2025-43430 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to Google Big Sleep. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management. WebKit Bugzilla: 298196 CVE-2025-43431 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to Google Big Sleep. Impact: Processing maliciously crafted web content may lead to memory corruption. Description: The issue was addressed with improved memory handling. WebKit Bugzilla: 298194 CVE-2025-43432 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 299313 CVE-2025-43434 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to Google Big Sleep. Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash. Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 297958 CVE-2025-43440 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to Nan Wang (@eternalsakura13). Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed with improved checks. WebKit Bugzilla: 298126 CVE-2025-43443 Versions affected: WebKitGTK and WPE WebKit before 2.50.2. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed with improved checks. WebKit Bugzilla: 299843 CVE-2025-43480 Versions affected: WebKitGTK and WPE WebKit before 2.46.0. Credit to Aleksejs Popovs. Impact: A malicious website may exfiltrate data cross-origin. Description: The issue was addressed with improved checks. WebKit Bugzilla: 276208 We recommend updating to the latest stable versions of WebKitGTK and WPE WebKit. It is the best way to ensure that you are running safe versions of WebKit. Please check our websites for information about the latest stable releases. Further information about WebKitGTK and WPE WebKit security advisories can be found at: https://webkitgtk.org/security.html or https://wpewebkit.org/security. The WebKitGTK and WPE WebKit team,
signature.asc
Description: PGP signature
