Red Hat Product Security has issued an important security advisory (RHSA-2025:0279) for webkit2gtk3 on Red Hat Enterprise Linux 8.8 Extended Update Support. The advisory addresses four vulnerabilities in WebKitGTK and webkit components where processing maliciously crafted web content can lead to unexpected process crashes (CVE-2024-54479, CVE-2024-54502, CVE-2024-54508) and memory corruption (CVE-2024-54505). These issues relate to improper handling of web content, potentially causing denial of service or memory safety problems. The advisory includes updated packages to remediate these vulnerabilities. No CVSS scores are provided in the advisory, but the impact is rated as Important by Red Hat. The update is available via Red Hat's errata and package repositories.

The vulnerabilities can cause unexpected process crashes or memory corruption when processing maliciously crafted web content, which may lead to denial of service conditions or potentially unstable behavior in applications using webkit2gtk3. There are no reports of active exploitation in the wild. The impact is rated as Important by Red Hat, indicating a significant security concern but not necessarily critical remote code execution or data breach.

Red Hat has released updated webkit2gtk3 packages that address these vulnerabilities. Users of Red Hat Enterprise Linux 8.8 Extended Update Support should apply the security update as described in the Red Hat advisory RHSA-2025:0279 and the referenced article https://access.redhat.com/articles/11258. Applying the official update fully mitigates the vulnerabilities. No additional mitigations are indicated or required beyond applying the vendor-provided patch.