{"affected":[{"ecosystem_specific":{"binaries":[{"WebKitGTK-4.1-lang":"2.50.4-160000.1.1","WebKitGTK-6.0-lang":"2.50.4-160000.1.1","libjavascriptcoregtk-4_1-0":"2.50.4-160000.1.1","libjavascriptcoregtk-6_0-1":"2.50.4-160000.1.1","libwebkit2gtk-4_1-0":"2.50.4-160000.1.1","libwebkitgtk-6_0-4":"2.50.4-160000.1.1","typelib-1_0-JavaScriptCore-4_1":"2.50.4-160000.1.1","typelib-1_0-JavaScriptCore-6_0":"2.50.4-160000.1.1","typelib-1_0-WebKit-6_0":"2.50.4-160000.1.1","typelib-1_0-WebKit2-4_1":"2.50.4-160000.1.1","typelib-1_0-WebKit2WebExtension-4_1":"2.50.4-160000.1.1","typelib-1_0-WebKitWebProcessExtension-6_0":"2.50.4-160000.1.1","webkit-jsc-4.1":"2.50.4-160000.1.1","webkit-jsc-6.0":"2.50.4-160000.1.1","webkit2gtk-4_1-injected-bundles":"2.50.4-160000.1.1","webkit2gtk3-minibrowser":"2.50.4-160000.1.1","webkit2gtk4-minibrowser":"2.50.4-160000.1.1","webkitgtk-6_0-injected-bundles":"2.50.4-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 16.0","name":"webkit2gtk3","purl":"pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.50.4-160000.1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"WebKitGTK-4.1-lang":"2.50.4-160000.1.1","WebKitGTK-6.0-lang":"2.50.4-160000.1.1","libjavascriptcoregtk-4_1-0":"2.50.4-160000.1.1","libjavascriptcoregtk-6_0-1":"2.50.4-160000.1.1","libwebkit2gtk-4_1-0":"2.50.4-160000.1.1","libwebkitgtk-6_0-4":"2.50.4-160000.1.1","typelib-1_0-JavaScriptCore-4_1":"2.50.4-160000.1.1","typelib-1_0-JavaScriptCore-6_0":"2.50.4-160000.1.1","typelib-1_0-WebKit-6_0":"2.50.4-160000.1.1","typelib-1_0-WebKit2-4_1":"2.50.4-160000.1.1","typelib-1_0-WebKit2WebExtension-4_1":"2.50.4-160000.1.1","typelib-1_0-WebKitWebProcessExtension-6_0":"2.50.4-160000.1.1","webkit-jsc-4.1":"2.50.4-160000.1.1","webkit-jsc-6.0":"2.50.4-160000.1.1","webkit2gtk-4_1-injected-bundles":"2.50.4-160000.1.1","webkit2gtk3-minibrowser":"2.50.4-160000.1.1","webkit2gtk4-minibrowser":"2.50.4-160000.1.1","webkitgtk-6_0-injected-bundles":"2.50.4-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 16.0","name":"webkit2gtk4","purl":"pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.50.4-160000.1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"WebKitGTK-4.1-lang":"2.50.4-160000.1.1","WebKitGTK-6.0-lang":"2.50.4-160000.1.1","libjavascriptcoregtk-4_1-0":"2.50.4-160000.1.1","libjavascriptcoregtk-6_0-1":"2.50.4-160000.1.1","libwebkit2gtk-4_1-0":"2.50.4-160000.1.1","libwebkitgtk-6_0-4":"2.50.4-160000.1.1","typelib-1_0-JavaScriptCore-4_1":"2.50.4-160000.1.1","typelib-1_0-JavaScriptCore-6_0":"2.50.4-160000.1.1","typelib-1_0-WebKit-6_0":"2.50.4-160000.1.1","typelib-1_0-WebKit2-4_1":"2.50.4-160000.1.1","typelib-1_0-WebKit2WebExtension-4_1":"2.50.4-160000.1.1","typelib-1_0-WebKitWebProcessExtension-6_0":"2.50.4-160000.1.1","webkit-jsc-4.1":"2.50.4-160000.1.1","webkit-jsc-6.0":"2.50.4-160000.1.1","webkit2gtk-4_1-injected-bundles":"2.50.4-160000.1.1","webkit2gtk3-minibrowser":"2.50.4-160000.1.1","webkit2gtk4-minibrowser":"2.50.4-160000.1.1","webkitgtk-6_0-injected-bundles":"2.50.4-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP applications 16.0","name":"webkit2gtk3","purl":"pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.50.4-160000.1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"WebKitGTK-4.1-lang":"2.50.4-160000.1.1","WebKitGTK-6.0-lang":"2.50.4-160000.1.1","libjavascriptcoregtk-4_1-0":"2.50.4-160000.1.1","libjavascriptcoregtk-6_0-1":"2.50.4-160000.1.1","libwebkit2gtk-4_1-0":"2.50.4-160000.1.1","libwebkitgtk-6_0-4":"2.50.4-160000.1.1","typelib-1_0-JavaScriptCore-4_1":"2.50.4-160000.1.1","typelib-1_0-JavaScriptCore-6_0":"2.50.4-160000.1.1","typelib-1_0-WebKit-6_0":"2.50.4-160000.1.1","typelib-1_0-WebKit2-4_1":"2.50.4-160000.1.1","typelib-1_0-WebKit2WebExtension-4_1":"2.50.4-160000.1.1","typelib-1_0-WebKitWebProcessExtension-6_0":"2.50.4-160000.1.1","webkit-jsc-4.1":"2.50.4-160000.1.1","webkit-jsc-6.0":"2.50.4-160000.1.1","webkit2gtk-4_1-injected-bundles":"2.50.4-160000.1.1","webkit2gtk3-minibrowser":"2.50.4-160000.1.1","webkit2gtk4-minibrowser":"2.50.4-160000.1.1","webkitgtk-6_0-injected-bundles":"2.50.4-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP applications 16.0","name":"webkit2gtk4","purl":"pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.50.4-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for webkit2gtk3 fixes the following issues:\n\nUpdate to version 2.50.4.\n\nSecurity issues fixed:\n\n- CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a\n  UIProcess crash due to an out-of-bounds read and an integer underflow (bsc#1254208).\n- CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of\n  verification of the origins of drag operations (bsc#1254473).\n- CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation\n  (bsc#1255497).\n- CVE-2025-43272: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1250439).\n- CVE-2025-43342: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  correctness issue and missing checks (bsc#1250440).\n- CVE-2025-43343: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1251975).\n- CVE-2025-43356: a website may be able to access sensor information without user consent due to improper cache handling\n  (bsc#1250441).\n- CVE-2025-43368: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  use-after-free issue (bsc#1250442).\n- CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165).\n- CVE-2025-43419: processing maliciously crafted web content may lead to memory corruption due to improper memory\n  handling (bsc#1254166).\n- CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled\n  array allocation sinking (bsc#1254167).\n- CVE-2025-43425: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1254168).\n- CVE-2025-43427: processing maliciously crafted web content may lead to an unexpected process crash due to issues with\n  state management (bsc#1254169).\n- CVE-2025-43429: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer\n  overflow issue (bsc#1254174).\n- CVE-2025-43430: processing maliciously crafted web content may lead to an unexpected process crash due to issues with\n  state management (bsc#1254172).\n- CVE-2025-43431: processing maliciously crafted web content may lead to memory corruption due to improper memory\n  handling (bsc#1254170).\n- CVE-2025-43432: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  use-after-free issue (bsc#1254171).\n- CVE-2025-43434: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  use-after-free issue (bsc#1254179).\n- CVE-2025-43440: processing maliciously crafted web content may lead to an unexpected process crash due to missing\n  checks (bsc#1254177).\n- CVE-2025-43443: processing maliciously crafted web content may lead to an unexpected process crash due to missing\n  checks (bsc#1254176).\n- CVE-2025-43458: processing maliciously crafted web content may lead to an unexpected process crash due to issues with\n  state management (bsc#1254498).\n- CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer\n  overflow issue (bsc#1255194).\n- CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a\n  use-after-free issue (bsc#1255198).\n- CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race\n  condition (bsc#1255183).\n- CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1255195).\n- CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a\n  use-after-free issue (bsc#1255200).\n- CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type\n  confusion (bsc#1255191).\n- CVE-2025-66287: processing maliciously crafted web content may lead to an unexpected process crash due to improper\n  memory handling (bsc#1254509).\n\nOther issues fixed and changes:\n\n- Version 2.50.4:\n  * Correctly handle the program name passed to the sleep disabler.\n  * Ensure GStreamer is initialized before using the Quirks.\n  * Fix several crashes and rendering issues.\n\n- Version 2.50.3:\n  * Fix seeking and looping of media elements that set the \"loop\" property.\n  * Fix several crashes and rendering issues.\n\n- Version 2.50.2:\n  * Prevent unsafe URI schemes from participating in media playback.\n  * Make jsc_value_array_buffer_get_data() function introspectable.\n  * Fix logging in to Google accounts that have a WebAuthn second factor configured.\n  * Fix loading webkit://gpu when there are no threads configured for GPU rendering.\n  * Fix rendering gradiants that use the CSS hue interpolation method.\n  * Fix pasting image data from the clipboard.\n  * Fix font-family selection when the font name contains spaces.\n  * Fix the build with standard C libraries that lack execinfo.h, like Musl or uClibc.\n  * Fix capturing canvas snapshots in the Web Inspector.\n  * Fix several crashes and rendering issues.\n\n- Version 2.50.1:\n  * Improve text rendering performance.\n  * Fix audio playback broken on instagram.\n  * Fix rendering of layers with fractional transforms.\n  * Fix the build with ENABLE(VIDEO) disabled.\n  * Fix the build in s390x.\n  * Fix several crashes and rendering issues.\n\n- Version 2.50.0:\n  * Improved rendering performance by recording each layer once and replaying every dirty region in different worker\n    threads.\n  * Enable damage propagation to the UI process by default.\n  * CSS property font-variant-emoji is now enabled by default.\n  * Font synthesis properties (bold/italic) are now properly handled.\n  * Ensure web view is focused on tap gesture.\n  * Added new API to get the theme color of a WebKitWebView.\n\n- Version 2.49.90:\n  * Add support for font collection / fragment identifiers.\n  * Fix web process deadlock on exit.\n  * Fix stuttering when playing WebP animations\n  * Fix CSS animations with cubic-bezier timing function.\n  * Do not start the MemoryPressureMonitor if it’s disabled\n  * Fix several crashes and rendering issues.\n  * Updated translations.\n\n- Version 2.48.6:\n  * Fix emojis incorrectly rendered in their text variant.\n  * Add support for font collection / fragment identifiers.\n  * Fix web process deadlock on exit.\n  * Fix stuttering when playing WebP animations.\n  * Fix CSS animations with cubic-bezier timing function.\n  * Do not start the MemoryPressureMonitor if it's disabled.\n  * Fix several crashes and rendering issues.\n\n- Fix a11y regression where AT-SPI roles were mapped incorrectly.\n- Disable skia on ppc64le.\n\n","id":"SUSE-SU-2026:20102-1","modified":"2026-01-20T12:37:33Z","published":"2026-01-20T12:37:33Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620102-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250439"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250440"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250441"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250442"},{"type":"REPORT","url":"https://bugzilla.suse.com/1251975"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254164"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254165"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254166"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254167"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254168"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254169"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254170"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254171"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254172"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254174"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254175"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254176"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254177"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254179"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254208"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254473"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254498"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254509"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255183"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255191"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255194"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255195"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255198"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255200"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255497"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-43000"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-13502"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-13947"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-14174"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43272"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43342"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43343"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43356"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43368"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43392"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43419"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43421"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43427"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43429"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43430"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43431"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43432"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43434"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43440"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43443"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43458"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43480"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43501"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43529"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43531"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43535"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43536"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-43541"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-66287"}],"related":["CVE-2023-43000","CVE-2025-13502","CVE-2025-13947","CVE-2025-14174","CVE-2025-43272","CVE-2025-43342","CVE-2025-43343","CVE-2025-43356","CVE-2025-43368","CVE-2025-43392","CVE-2025-43419","CVE-2025-43421","CVE-2025-43425","CVE-2025-43427","CVE-2025-43429","CVE-2025-43430","CVE-2025-43431","CVE-2025-43432","CVE-2025-43434","CVE-2025-43440","CVE-2025-43443","CVE-2025-43458","CVE-2025-43480","CVE-2025-43501","CVE-2025-43529","CVE-2025-43531","CVE-2025-43535","CVE-2025-43536","CVE-2025-43541","CVE-2025-66287"],"summary":"Security update for webkit2gtk3","upstream":["CVE-2023-43000","CVE-2025-13502","CVE-2025-13947","CVE-2025-14174","CVE-2025-43272","CVE-2025-43342","CVE-2025-43343","CVE-2025-43356","CVE-2025-43368","CVE-2025-43392","CVE-2025-43419","CVE-2025-43421","CVE-2025-43425","CVE-2025-43427","CVE-2025-43429","CVE-2025-43430","CVE-2025-43431","CVE-2025-43432","CVE-2025-43434","CVE-2025-43440","CVE-2025-43443","CVE-2025-43458","CVE-2025-43480","CVE-2025-43501","CVE-2025-43529","CVE-2025-43531","CVE-2025-43535","CVE-2025-43536","CVE-2025-43541","CVE-2025-66287"]}