SUSE-SU-2026:1139-1

CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption (bsc#1259950).
CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption (bsc#1259949).
CVE-2025-31277: processing maliciously crafted web content may lead to memory corruption (bsc#1259948).
CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259947).
CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259946).
CVE-2025-43433: processing maliciously crafted web content may lead to memory corruption (bsc#1259945).
CVE-2025-43438: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259944).
CVE-2025-43441: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259943).
CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259942).
CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259941).
CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app (bsc#1259940).
CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259939).
CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259938).
CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259937).
CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259936).
CVE-2026-20652: a remote attacker may be able to cause a denial-of-service (bsc#1259935).
CVE-2026-20676: a website may be able to track users through web extensions (bsc#1259934).

Changelog:

Make scrolling with touch input smoother for small movements.
Fix estimated load progress of downloads when Content-Length value is wrong.
Ensure that 'scrollend' events are correctly emitted after scroll animations.
Fix several crashes and rendering issues.

References

Affected packages

SUSE:Linux Enterprise Server 12 SP5-LTSS / webkit2gtk3

Package

Name: webkit2gtk3
Purl: pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.52.0-4.54.1

Ecosystem specific

{
    "binaries": [
        {
            "typelib-1_0-JavaScriptCore-4_0": "2.52.0-4.54.1",
            "libwebkit2gtk3-lang": "2.52.0-4.54.1",
            "typelib-1_0-WebKit2-4_0": "2.52.0-4.54.1",
            "typelib-1_0-WebKit2WebExtension-4_0": "2.52.0-4.54.1",
            "libwebkit2gtk-4_0-37": "2.52.0-4.54.1",
            "webkit2gtk3-devel": "2.52.0-4.54.1",
            "libjavascriptcoregtk-4_0-18": "2.52.0-4.54.1",
            "webkit2gtk-4_0-injected-bundles": "2.52.0-4.54.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1139-1.json"

SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / webkit2gtk3

Package

Name: webkit2gtk3
Purl: pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.52.0-4.54.1

Ecosystem specific

{
    "binaries": [
        {
            "typelib-1_0-JavaScriptCore-4_0": "2.52.0-4.54.1",
            "libwebkit2gtk3-lang": "2.52.0-4.54.1",
            "typelib-1_0-WebKit2-4_0": "2.52.0-4.54.1",
            "typelib-1_0-WebKit2WebExtension-4_0": "2.52.0-4.54.1",
            "libwebkit2gtk-4_0-37": "2.52.0-4.54.1",
            "webkit2gtk3-devel": "2.52.0-4.54.1",
            "libjavascriptcoregtk-4_0-18": "2.52.0-4.54.1",
            "webkit2gtk-4_0-injected-bundles": "2.52.0-4.54.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1139-1.json"