WebKitGTK+: Multiple Vulnerabilities — GLSA 202511-02

Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which can lead to execution of arbitary code.

Affected packages

Background

WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.

Description

Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.48.5:4.1" ">=net-libs/webkit-gtk-2.48.5:6"
 

References

• CVE-2024-40857
• CVE-2024-40866
• CVE-2024-44185
• CVE-2024-44187
• CVE-2024-44192
• CVE-2024-44244
• CVE-2024-44296
• CVE-2024-54467
• CVE-2024-54551
• CVE-2025-24201
• CVE-2025-24208
• CVE-2025-24209
• CVE-2025-24213
• CVE-2025-24216
• CVE-2025-24264
• CVE-2025-30427
• CVE-2025-31273
• CVE-2025-31278
• CVE-2025-43211
• CVE-2025-43212
• CVE-2025-43216
• CVE-2025-43227
• CVE-2025-43228
• CVE-2025-43240
• CVE-2025-43265
• WSA-2025-0002
• WSA-2025-0003

Release date
November 24, 2025

Latest revision
November 24, 2025: 1

Severity
high

Exploitable
remote

Bugzilla entries

• 938026
• 941276
• 951739
• 961021