Apple WebKit 26.1 security cluster credited to Google Big Sleep

Source status: Direct Apple security advisory credits Google Big Sleep. Individual CVE impact varies; this entry groups the same-release Big Sleep WebKit cluster.

Summary

Apple’s Safari 26.1 security content credits Google Big Sleep for five WebKit issues:

CVE-2025-43429: buffer overflow addressed with improved bounds checking.
CVE-2025-43430: state-management issue that could cause an unexpected process crash.
CVE-2025-43431 and CVE-2025-43433: memory-handling issues that could lead to memory corruption.
CVE-2025-43434: use-after-free addressed with improved memory management.

The advisories describe impacts such as unexpected process termination, unexpected Safari crash, and memory corruption when processing maliciously crafted web content.

Why this is grouped

The Big Sleep credit appears across a set of same-release WebKit fixes. Rather than inflate the index by turning every adjacent WebKit entry into a separate story, we group the cluster and list the CVEs explicitly.

When a cluster contains mixed impact levels, we mark the entry as high if at least one directly credited issue is memory corruption in a browser engine. That is an editorial severity for the cluster, not a replacement for per-CVE scoring.

References

Catalogued in the Bugflation public ledger. Disagree with the attribution or severity label? Email the desk.