## This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: * CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of- bounds read and an integer underflow (bsc#1254208). * CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of verification of the origins of drag operations (bsc#1254473). * CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497). * CVE-2025-43272: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1250439).
* bsc#1250439
* bsc#1250440
* bsc#1250441
* bsc#1250442
* bsc#1251975
* bsc#1254164
* bsc#1254165
* bsc#1254166
* bsc#1254167
* bsc#1254168
* bsc#1254169
* bsc#1254170
* bsc#1254171
* bsc#1254172
* bsc#1254174
* bsc#1254175
* bsc#1254176
* bsc#1254177
* bsc#1254179
* bsc#1254208
* bsc#1254473
* bsc#1254498
* bsc#1254509
* bsc#1255183
* bsc#1255191
* bsc#1255194
* bsc#1255195
* bsc#1255198
* bsc#1255200
* bsc#1255497
Cross-
* CVE-2023-43000
* CVE-2025-13502
* CVE-2025-13947
* CVE-2025-14174
* CVE-2025-43272
* CVE-2025-43342
* CVE-2025-43343
* CVE-2025-43356
* CVE-2025-43368
* CVE-2025-43392
* CVE-2025-43419
* CVE-2025-43421
* CVE-2025-43425
* CVE-2025-43427
* CVE-2025-43429
* CVE-2025-43430
* CVE-2025-43431
* CVE-2025-43432
* CVE-2025-43434
* CVE-2025-43440
* CVE-2025-43443
* CVE-2025-43458
Get the latest Linux and open source security news straight to your inbox.