This update for webkit2gtk3 fixes the following issues:
Update to version 2.50.4.
Security issues fixed:
- CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a
UIProcess crash due to an out-of-bounds read and an integer underflow (bsc#1254208).
- CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of
verification of the origins of drag operations (bsc#1254473).
- CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation
(bsc#1255497).
- CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165).
- CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled
array allocation sinking (bsc#1254167).
- CVE-2025-43425: processing maliciously crafted web content may lead to an unexpected process crash due to improper
memory handling (bsc#1254168).
- CVE-2025-43427: processing maliciously crafted web content may lead to an unexpected process crash due to issues with
state management (bsc#1254169).
- CVE-2025-43429: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer
overflow issue (bsc#1254174).
- CVE-2025-43430: processing maliciously crafted web content may lead to an unexpected process crash due to issues with
state management (bsc#1254172).
- CVE-2025-43431: processing maliciously crafted web content may lead to memory corruption due to improper memory
handling (bsc#1254170).
- CVE-2025-43432: processing maliciously crafted web content may lead to an unexpected process crash due to a
use-after-free issue (bsc#1254171).
- CVE-2025-43434: processing maliciously crafted web content may lead to an unexpected process crash due to a
use-after-free issue (bsc#1254179).
- CVE-2025-43440: processing maliciously crafted web content...