Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 43: Resolving Critical Memory Corruption Issues in webkitgtk

fedora
Calendar Grey November 25, 2025
Dist Fedora Esm H88
Critical updates to webkitgtk for Fedora 43 prevent media playback issues and enhance security against crafted content.
Prevent unsafe URI schemes from participating in media playback

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform.

Update Information:

Prevent unsafe URI schemes from participating in media playback. Make jsc_value_array_buffer_get_data() function introspectable. Fix logging in to Google accounts that have a WebAuthn second factor configured. Fix loading webkit://gpu when there are no threads configured for GPU rendering. Fix rendering gradients that use the CSS hue interpolation method. Fix pasting image data from the clipboard. Fix font-family selection when the font name contains spaces. Fix capturing canvas snapshots in the Web Inspector. Fix several crashes and rendering issues. 2.50.2 CVE fixes: CVE-2023-43000, CVE-2025-43392, CVE-2025-43419, CVE-2025-43425, CVE-2025-43427, CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432, CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-43480 This Fedora update additionally fixes CVE-2025-43421 via a downstream patch

Topics%20covered

Topics Covered

security advisory fedora memory corruption webkitgtk WebAuthn unexpected crash

Change Log

* Fri Nov 21 2025 Michael Catanzaro - 2.50.2-1 - Update to 2.50.2

References


[ 1 ] Bug #2403627 - CVE-2025-43343 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2403627 [ 2 ] Bug #2416362 - CVE-2023-43000 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2416362 [ 3 ] Bug #2416363 - CVE-2023-43000 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2416363 [ 4 ] Bug #2416369 - CVE-2025-43392 webkitgtk: A website may exfiltrate image data cross-origin [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2416369 [ 5 ] Bug #2416370 - CVE-2025-43392 webkitgtk: A website may exfiltrate image data cross-origin [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2416370 [ 6 ] Bug #2416375 - CVE-2025-43419 webkitgtk: Proces...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6f3e9e3af6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: webkitgtk
Product: Fedora 43
Version: 2.50.2
Release: 1.fc43
URL: https://www.webkitgtk.org/
Summary: GTK web content engine library

Topics%20covered

Topics Covered

security advisory fedora memory corruption webkitgtk WebAuthn unexpected crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here