This update for webkit2gtk3 fixes the following issues:
Update to version 2.52.0:
- CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption (bsc#1259950).
- CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption (bsc#1259949).
- CVE-2025-31277: processing maliciously crafted web content may lead to memory corruption (bsc#1259948).
- CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259947).
- CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259946).
- CVE-2025-43433: processing maliciously crafted web content may lead to memory corruption (bsc#1259945).
- CVE-2025-43438: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259944).
- CVE-2025-43441: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259943).
- CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259942).
- CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259941).
- CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app (bsc#1259940).
- CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259939).
- CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259938).
- CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259937).
- CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259936).
- CVE-2026-20652: a remote attacker may be able to cause a denial-of-service (bsc#1259935).
- CVE-2026-20676: a website may be able to track users through web extensions (bsc#1259934).
Changelog:
- Make scrolling with touch input smoother for...