Source status: Direct Apple security advisory credits Google Big Sleep. CVE-2025-43535 is co-credited with Nan Wang; CVE-2025-46299 is credited to Google Big Sleep.
Summary
Appleās iOS 26.2 and iPadOS 26.2 security content includes two WebKit entries that credit Google Big Sleep:
- CVE-2025-43535, co-credited to Google Big Sleep and Nan Wang, where processing maliciously crafted web content could lead to an unexpected process crash.
- CVE-2025-46299, credited to Google Big Sleep, where processing maliciously crafted web content could disclose internal states of the app.
The CVE-2025-46299 entry was added on January 9, 2026, so we use that date for this index entry.
Why it matters
The follow-up matters less for any single CVE than for the continuity of the record. Big Sleep was not a one-off SQLite demonstration. By late 2025 and early 2026, upstream product advisories were repeatedly naming it in accepted WebKit security fixes.
References
Catalogued in the Bugflation public ledger. Disagree with the attribution or severity label? Email the desk.