Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42 webkitgtk Important Security Fix - 2025-4fc934f283

fedora
Calendar Grey December 2, 2025
Dist Fedora Esm H88
Fixes for unsafe URI schemes and several memory corruption issues in WebKitGTK for Fedora 42.
Prevent unsafe URI schemes from participating in media playback

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform.

Update Information:

Prevent unsafe URI schemes from participating in media playback. Make jsc_value_array_buffer_get_data() function introspectable. Fix logging in to Google accounts that have a WebAuthn second factor configured. Fix loading webkit://gpu when there are no threads configured for GPU rendering. Fix rendering gradients that use the CSS hue interpolation method. Fix pasting image data from the clipboard. Fix font-family selection when the font name contains spaces. Fix capturing canvas snapshots in the Web Inspector. Fix several crashes and rendering issues. 2.50.2 CVE fixes: CVE-2023-43000, CVE-2025-43392, CVE-2025-43419, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-43480 This Fedora update additionally fixes CVE-2025-43421 via a downstream patch

Topics%20covered

Topics Covered

security advisory fedora memory corruption important webkitgtk cross-site

Change Log

* Sat Nov 22 2025 Michael Catanzaro - 2.50.2-1 - Update to 2.50.2

References


[ 1 ] Bug #2403627 - CVE-2025-43343 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2403627 [ 2 ] Bug #2416362 - CVE-2023-43000 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2416362 [ 3 ] Bug #2416369 - CVE-2025-43392 webkitgtk: A website may exfiltrate image data cross-origin [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2416369 [ 4 ] Bug #2416375 - CVE-2025-43419 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2416375 [ 5 ] Bug #2416381 - CVE-2025-43425 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2416381 [ 6 ] Bug #2416967 ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4fc934f283' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: webkitgtk
Product: Fedora 42
Version: 2.50.2
Release: 1.fc42
URL: https://www.webkitgtk.org/
Summary: GTK web content engine library

Topics%20covered

Topics Covered

security advisory fedora memory corruption important webkitgtk cross-site

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here