SUSE-SU-2025:02765-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202502765-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:02765-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:02765-1
- Upstream
- Related
- Published
- 2025-08-12T12:59:26Z
- Modified
- 2026-03-11T07:29:07.525417Z
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
Updated to version 2.48.5: - CVE-2025-31273: Fixed a vulnerability where processing maliciously crafted web content could lead to memory corruption. (bsc#1247564) - CVE-2025-31278: Fixed a vulnerability where processing maliciously crafted web content may lead to memory corruption. (bsc#1247563) - CVE-2025-43211: Fixed a vulnerability where processing web content may lead to a denial-of-service. (bsc#1247562) - CVE-2025-43212: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247595) - CVE-2025-43216: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247596) - CVE-2025-43227: Fixed a vulnerability where processing maliciously crafted web content may disclose sensitive user information. (bsc#1247597) - CVE-2025-43228: Fixed a vulnerability where visiting a malicious website may lead to address bar spoofing. (bsc#1247598) - CVE-2025-43240: Fixed a vulnerability where a download's origin may be incorrectly associated. (bsc#1247599) - CVE-2025-43265: Fixed a vulnerability where processing maliciously crafted web content may disclose internal states of the app. (bsc#1247600) - CVE-2025-6558: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247742)
Other fixes: - Improve emoji font selection with USESKIA=ON. - Improve playback of multimedia streams from blob URLs. - Fix the build with USESKIAOPENTYPESVG=ON and USESYSPROFCAPTURE=ON. - Fix crash when using a WebKitWebView widget in an offscreen window. - Fix several crashes and rendering issues. - Fix a crash introduced by the new threaded rendering implementation using Skia API. - Improve rendering performance by recording layers once and replaying every dirty region in different worker threads. - Fix a crash when setting WEBKITSKIAGPUPAINTINGTHREADS=0. - Fix a reference cycle in webkitmediastreamsrc preventing its disposal. - Increase memperprocess again to avoid running out of memory.
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202502765-1/
- https://bugzilla.suse.com/1247562
- https://bugzilla.suse.com/1247563
- https://bugzilla.suse.com/1247564
- https://bugzilla.suse.com/1247595
- https://bugzilla.suse.com/1247596
- https://bugzilla.suse.com/1247597
- https://bugzilla.suse.com/1247598
- https://bugzilla.suse.com/1247599
- https://bugzilla.suse.com/1247600
- https://bugzilla.suse.com/1247742
- https://www.suse.com/security/cve/CVE-2024-44192
- https://www.suse.com/security/cve/CVE-2024-54467
- https://www.suse.com/security/cve/CVE-2025-24189
- https://www.suse.com/security/cve/CVE-2025-24201
- https://www.suse.com/security/cve/CVE-2025-31273
- https://www.suse.com/security/cve/CVE-2025-31278
- https://www.suse.com/security/cve/CVE-2025-43211
- https://www.suse.com/security/cve/CVE-2025-43212
- https://www.suse.com/security/cve/CVE-2025-43216
- https://www.suse.com/security/cve/CVE-2025-43227
- https://www.suse.com/security/cve/CVE-2025-43228
- https://www.suse.com/security/cve/CVE-2025-43240
- https://www.suse.com/security/cve/CVE-2025-43265
- https://www.suse.com/security/cve/CVE-2025-6558
Affected packages
openSUSE:Leap 15.6
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
Ecosystem specific
{
"binaries": [
{
"webkit2gtk-4_0-injected-bundles": "2.48.5-150600.12.43.1",
"WebKitGTK-4.1-lang": "2.48.5-150600.12.43.1",
"libwebkitgtk-6_0-4": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_1-0-32bit": "2.48.5-150600.12.43.1",
"webkit-jsc-4": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_1-0": "2.48.5-150600.12.43.1",
"WebKitGTK-6.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_1-0-32bit": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit-6_0": "2.48.5-150600.12.43.1",
"webkitgtk-6_0-injected-bundles": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKitWebProcessExtension-6_0": "2.48.5-150600.12.43.1",
"webkit2gtk3-devel": "2.48.5-150600.12.43.1",
"webkit-jsc-6.0": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-devel": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-6_0": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_0": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37": "2.48.5-150600.12.43.1",
"webkit2gtk3-minibrowser": "2.48.5-150600.12.43.1",
"webkit2gtk4-devel": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_1": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_1": "2.48.5-150600.12.43.1",
"webkit2gtk4-minibrowser": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18-32bit": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_1-0": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-minibrowser": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_1": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37-32bit": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.5-150600.12.43.1",
"WebKitGTK-4.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-6_0-1": "2.48.5-150600.12.43.1",
"webkit-jsc-4.1": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18": "2.48.5-150600.12.43.1",
"webkit2gtk-4_1-injected-bundles": "2.48.5-150600.12.43.1"
}
]
}webkit2gtk3-soup2
Package
- Name
- webkit2gtk3-soup2
- Purl
- pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
Ecosystem specific
{
"binaries": [
{
"webkit2gtk-4_0-injected-bundles": "2.48.5-150600.12.43.1",
"WebKitGTK-4.1-lang": "2.48.5-150600.12.43.1",
"libwebkitgtk-6_0-4": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_1-0-32bit": "2.48.5-150600.12.43.1",
"webkit-jsc-4": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_1-0": "2.48.5-150600.12.43.1",
"WebKitGTK-6.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_1-0-32bit": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit-6_0": "2.48.5-150600.12.43.1",
"webkitgtk-6_0-injected-bundles": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKitWebProcessExtension-6_0": "2.48.5-150600.12.43.1",
"webkit2gtk3-devel": "2.48.5-150600.12.43.1",
"webkit-jsc-6.0": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-devel": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-6_0": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_0": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37": "2.48.5-150600.12.43.1",
"webkit2gtk3-minibrowser": "2.48.5-150600.12.43.1",
"webkit2gtk4-devel": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_1": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_1": "2.48.5-150600.12.43.1",
"webkit2gtk4-minibrowser": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18-32bit": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_1-0": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-minibrowser": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_1": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37-32bit": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.5-150600.12.43.1",
"WebKitGTK-4.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-6_0-1": "2.48.5-150600.12.43.1",
"webkit-jsc-4.1": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18": "2.48.5-150600.12.43.1",
"webkit2gtk-4_1-injected-bundles": "2.48.5-150600.12.43.1"
}
]
}webkit2gtk4
Package
- Name
- webkit2gtk4
- Purl
- pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2015.6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
Ecosystem specific
{
"binaries": [
{
"webkit2gtk-4_0-injected-bundles": "2.48.5-150600.12.43.1",
"WebKitGTK-4.1-lang": "2.48.5-150600.12.43.1",
"libwebkitgtk-6_0-4": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_1-0-32bit": "2.48.5-150600.12.43.1",
"webkit-jsc-4": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_1-0": "2.48.5-150600.12.43.1",
"WebKitGTK-6.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_1-0-32bit": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit-6_0": "2.48.5-150600.12.43.1",
"webkitgtk-6_0-injected-bundles": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKitWebProcessExtension-6_0": "2.48.5-150600.12.43.1",
"webkit2gtk3-devel": "2.48.5-150600.12.43.1",
"webkit-jsc-6.0": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-devel": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-6_0": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_0": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37": "2.48.5-150600.12.43.1",
"webkit2gtk3-minibrowser": "2.48.5-150600.12.43.1",
"webkit2gtk4-devel": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_1": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_1": "2.48.5-150600.12.43.1",
"webkit2gtk4-minibrowser": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18-32bit": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_1-0": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-minibrowser": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_1": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37-32bit": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.5-150600.12.43.1",
"WebKitGTK-4.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-6_0-1": "2.48.5-150600.12.43.1",
"webkit-jsc-4.1": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18": "2.48.5-150600.12.43.1",
"webkit2gtk-4_1-injected-bundles": "2.48.5-150600.12.43.1"
}
]
}SUSE:Linux Enterprise Module for Basesystem 15 SP6
webkit2gtk3-soup2
Package
- Name
- webkit2gtk3-soup2
- Purl
- pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
Ecosystem specific
{
"binaries": [
{
"webkit2gtk-4_0-injected-bundles": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-devel": "2.48.5-150600.12.43.1",
"webkitgtk-6_0-injected-bundles": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.5-150600.12.43.1",
"libwebkitgtk-6_0-4": "2.48.5-150600.12.43.1",
"WebKitGTK-4.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-6_0-1": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_0": "2.48.5-150600.12.43.1",
"WebKitGTK-6.0-lang": "2.48.5-150600.12.43.1"
}
]
}webkit2gtk4
Package
- Name
- webkit2gtk4
- Purl
- pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
Ecosystem specific
{
"binaries": [
{
"webkit2gtk-4_0-injected-bundles": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-devel": "2.48.5-150600.12.43.1",
"webkitgtk-6_0-injected-bundles": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.5-150600.12.43.1",
"libwebkitgtk-6_0-4": "2.48.5-150600.12.43.1",
"WebKitGTK-4.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-6_0-1": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_0": "2.48.5-150600.12.43.1",
"WebKitGTK-6.0-lang": "2.48.5-150600.12.43.1"
}
]
}SUSE:Linux Enterprise Module for Basesystem 15 SP7
webkit2gtk3-soup2
Package
- Name
- webkit2gtk3-soup2
- Purl
- pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
Ecosystem specific
{
"binaries": [
{
"webkit2gtk-4_0-injected-bundles": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-devel": "2.48.5-150600.12.43.1",
"webkitgtk-6_0-injected-bundles": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.5-150600.12.43.1",
"libwebkitgtk-6_0-4": "2.48.5-150600.12.43.1",
"WebKitGTK-4.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-6_0-1": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_0": "2.48.5-150600.12.43.1",
"WebKitGTK-6.0-lang": "2.48.5-150600.12.43.1"
}
]
}webkit2gtk4
Package
- Name
- webkit2gtk4
- Purl
- pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
Ecosystem specific
{
"binaries": [
{
"webkit2gtk-4_0-injected-bundles": "2.48.5-150600.12.43.1",
"webkit2gtk3-soup2-devel": "2.48.5-150600.12.43.1",
"webkitgtk-6_0-injected-bundles": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.5-150600.12.43.1",
"libwebkitgtk-6_0-4": "2.48.5-150600.12.43.1",
"WebKitGTK-4.0-lang": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-6_0-1": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_0-37": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_0-18": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_0": "2.48.5-150600.12.43.1",
"WebKitGTK-6.0-lang": "2.48.5-150600.12.43.1"
}
]
}SUSE:Linux Enterprise Module for Desktop Applications 15 SP6
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
Ecosystem specific
{
"binaries": [
{
"WebKitGTK-4.1-lang": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_1": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_1": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_1-0": "2.48.5-150600.12.43.1",
"webkit2gtk3-devel": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_1-0": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_1": "2.48.5-150600.12.43.1",
"webkit2gtk-4_1-injected-bundles": "2.48.5-150600.12.43.1"
}
]
}SUSE:Linux Enterprise Module for Desktop Applications 15 SP7
webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
Ecosystem specific
{
"binaries": [
{
"WebKitGTK-4.1-lang": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2-4_1": "2.48.5-150600.12.43.1",
"typelib-1_0-WebKit2WebExtension-4_1": "2.48.5-150600.12.43.1",
"libwebkit2gtk-4_1-0": "2.48.5-150600.12.43.1",
"webkit2gtk3-devel": "2.48.5-150600.12.43.1",
"libjavascriptcoregtk-4_1-0": "2.48.5-150600.12.43.1",
"typelib-1_0-JavaScriptCore-4_1": "2.48.5-150600.12.43.1",
"webkit2gtk-4_1-injected-bundles": "2.48.5-150600.12.43.1"
}
]
}SUSE:Linux Enterprise Module for Development Tools 15 SP6
webkit2gtk4
Package
- Name
- webkit2gtk4
- Purl
- pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1
SUSE:Linux Enterprise Module for Development Tools 15 SP7
webkit2gtk4
Package
- Name
- webkit2gtk4
- Purl
- pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.5-150600.12.43.1