SB2025102171 - SUSE update for webkit2gtk3

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2025-43272)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and crash the browser. 

2) Improper access control (CVE-ID: CVE-2025-43342)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in WebKit. A remote attacker can trick the victim into opening a specially crafted website and crash the browser.

3) Memory corruption (CVE-ID: CVE-2025-43343)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can trick the victim into opening a specially crafted website and crash the browser. 

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-43356)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to missing permissions checks. A remote attacker can trick the victim into visiting a specially crafted website and gain access to sensor information without user consent.

5) Use after free (CVE-ID: CVE-2025-43368)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in WebKit Process Model. A remote attacker can trick the victim into opening a specially crafted website and crash the browser.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2025/suse-su-20253701-1/