## This update for webkit2gtk3 fixes the following issues: Update to version 2.46.6 (bsc#1236946): * CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the user. * CVE-2025-24150: Copying a URL from Web Inspector may lead to command injection. * CVE-2025-24158: Processing web content may lead to a denial-of-service. * CVE-2025-24162: Processing maliciously crafted web content may lead to an unexpected process crash. Already fixed in previous releases: * CVE-2024-54543: Processing maliciously crafted web content may lead to memory corruption. * CVE-2024-27856: Processing a file may lead to unexpected app termination or arbitrary code execution. * CVE-2024-54658: Processing web content may lead to a denial-of-service. ## Patch Instructions:
* bsc#1236946
Cross-
* CVE-2024-27856
* CVE-2024-54543
* CVE-2024-54658
* CVE-2025-24143
* CVE-2025-24150
* CVE-2025-24158
* CVE-2025-24162
CVSS scores:
* CVE-2024-27856 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-27856 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-27856 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54543 ( SUSE ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54543 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54658 ( SUSE ): 7.1
Get the latest Linux and open source security news straight to your inbox.