Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-4439 (GCVE-0-2022-4439)
Vulnerability from cvelistv5 – Published: 2022-12-14 00:00 – Updated: 2024-08-03 01:41
VLAI
EPSS
Summary
Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)
Severity
No CVSS data available.
CWE
- Use after free
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://chromereleases.googleblog.com/2022/12/sta… | |
| https://crbug.com/1392661 | |
| https://security.gentoo.org/glsa/202305-10 | vendor-advisory |
| https://security.gentoo.org/glsa/202311-11 | vendor-advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:44.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1392661"
},
{
"name": "GLSA-202305-10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"name": "GLSA-202311-11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "108.0.5359.124",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-25T11:08:48.564Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html"
},
{
"url": "https://crbug.com/1392661"
},
{
"name": "GLSA-202305-10",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"name": "GLSA-202311-11",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2022-4439",
"datePublished": "2022-12-14T00:00:00.000Z",
"dateReserved": "2022-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:41:44.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-4439",
"date": "2026-05-30",
"epss": "0.00315",
"percentile": "0.5487"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-4439\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2022-12-14T06:15:10.143\",\"lastModified\":\"2024-11-21T07:35:15.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)\"},{\"lang\":\"es\",\"value\":\"Use after free en Aura en Google Chrome en Windows anterior a 108.0.5359.124 permit\u00eda a un atacante remoto convencer al usuario de participar en interacciones espec\u00edficas de la interfaz de usuario para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de interacciones espec\u00edficas de la interfaz de usuario. (Severidad de seguridad de Chrome: alta)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"108.0.5359.124\",\"matchCriteriaId\":\"E23644AD-D312-47B1-B7AE-BCB47C85BA1A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1392661\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-10\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://security.gentoo.org/glsa/202311-11\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1392661\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202305-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202311-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Title
Уязвимость компонента Aura браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость компонента Aura браузера Google Chrome связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код
Severity
Vendor
Google Inc, АО "НППКТ"
Software Name
Google Chrome, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
до 108.0.5359.124 (Google Chrome), до 2.7 (ОСОН ОСнова Оnyx)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
- использование средств антивирусной защиты с функцией контроля доступа к веб-ресурсам;
- контролируемый доступ в сеть Интернет – регламентация разрешенных сетевых ресурсов и соединений;
- запуск веб-браузера от имени пользователя с минимальными возможными привилегиями в операционной системе;
- использование альтернативных веб-браузеров;
- применение систем обнаружения и предотвращения вторжений.
Использование рекомендаций производителя:
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
Для ОСОН ОСнова Оnyx (версия 2.7):
Обновление программного обеспечения chromium до версии 109.0.5414.119+repack-1~deb11u1.osnova1
Reference
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Google Inc, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 108.0.5359.124 (Google Chrome), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b \u0441 \u0444\u0443\u043d\u043a\u0446\u0438\u0435\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0432\u0435\u0431-\u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c;\n- \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0432 \u0441\u0435\u0442\u044c \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u2013 \u0440\u0435\u0433\u043b\u0430\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.7):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 109.0.5414.119+repack-1~deb11u1.osnova1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.12.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.02.2023",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.12.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-07318",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-4439",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Google Chrome, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , Microsoft Corp Windows - , Apple Inc. MacOS - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Aura \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Aura \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CERTFR-2022-AVI-1109
Vulnerability from certfr_avis - Published: 2022-12-15 - Updated: 2023-01-11
De multiples vulnérabilités ont été corrigées dans Google Chrome. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 108.0.5359.124/125 (pour Windows)",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 108.0.5359.124 (pour Mac et Linux)",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-4439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4439"
},
{
"name": "CVE-2022-4440",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4440"
},
{
"name": "CVE-2022-4436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4436"
},
{
"name": "CVE-2022-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4437"
},
{
"name": "CVE-2022-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4438"
}
],
"initial_release_date": "2022-12-15T00:00:00",
"last_revision_date": "2023-01-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome du 13 d\u00e9cembre 2022",
"url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html"
}
],
"reference": "CERTFR-2022-AVI-1109",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-15T00:00:00.000000"
},
{
"description": "Correction coquille.",
"revision_date": "2023-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Google \u003cspan\nclass=\"textit\"\u003eChrome\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome stable-channel-update-for-desktop_13 du 13 d\u00e9cembre 2022",
"url": null
}
]
}
CERTFR-2022-AVI-1116
Vulnerability from certfr_avis - Published: 2022-12-19 - Updated: 2022-12-19
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 108.0.1462.54",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-4439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4439"
},
{
"name": "CVE-2022-4440",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4440"
},
{
"name": "CVE-2022-4436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4436"
},
{
"name": "CVE-2022-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4437"
},
{
"name": "CVE-2022-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4438"
}
],
"initial_release_date": "2022-12-19T00:00:00",
"last_revision_date": "2022-12-19T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 16 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4436"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 16 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4440"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 16 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4437"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 16 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4439"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 16 d\u00e9cembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-4438"
}
],
"reference": "CERTFR-2022-AVI-1116",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4440 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4438 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4437 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4439 du 16 d\u00e9cembre 2022",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-4436 du 16 d\u00e9cembre 2022",
"url": null
}
]
}
FKIE_CVE-2022-4439
Vulnerability from fkie_nvd - Published: 2022-12-14 06:15 - Updated: 2024-11-21 07:35
Severity
Summary
Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E23644AD-D312-47B1-B7AE-BCB47C85BA1A",
"versionEndExcluding": "108.0.5359.124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "Use after free en Aura en Google Chrome en Windows anterior a 108.0.5359.124 permit\u00eda a un atacante remoto convencer al usuario de participar en interacciones espec\u00edficas de la interfaz de usuario para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de interacciones espec\u00edficas de la interfaz de usuario. (Severidad de seguridad de Chrome: alta)"
}
],
"id": "CVE-2022-4439",
"lastModified": "2024-11-21T07:35:15.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-14T06:15:10.143",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1392661"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1392661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-P3V4-RQHV-6X2V
Vulnerability from github – Published: 2022-12-14 06:30 – Updated: 2023-11-25 12:30
VLAI
Details
Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2022-4439"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-14T06:15:00Z",
"severity": "HIGH"
},
"details": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)",
"id": "GHSA-p3v4-rqhv-6x2v",
"modified": "2023-11-25T12:30:21Z",
"published": "2022-12-14T06:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4439"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1392661"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-4439
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-4439",
"description": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)",
"id": "GSD-2022-4439",
"references": [
"https://www.debian.org/security/2022/dsa-5302",
"https://advisories.mageia.org/CVE-2022-4439.html",
"https://www.suse.com/security/cve/CVE-2022-4439.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-4439"
],
"details": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)",
"id": "GSD-2022-4439",
"modified": "2023-12-13T01:19:15.738191Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2022-4439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "108.0.5359.124"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html"
},
{
"name": "https://crbug.com/1392661",
"refsource": "MISC",
"url": "https://crbug.com/1392661"
},
{
"name": "GLSA-202305-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"name": "GLSA-202311-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202311-11"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "108.0.5359.124",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2022-4439"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/1392661",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1392661"
},
{
"name": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html"
},
{
"name": "GLSA-202305-10",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202305-10"
},
{
"name": "GLSA-202311-11",
"refsource": "",
"tags": [],
"url": "https://security.gentoo.org/glsa/202311-11"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-11-25T11:15Z",
"publishedDate": "2022-12-14T06:15Z"
}
}
}
OPENSUSE-SU-2022:10244-1
Vulnerability from csaf_opensuse - Published: 2022-12-15 18:08 - Updated: 2022-12-15 18:08Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Update to version 108.0.5359.124 (boo#1206403):
- CVE-2022-4436: Use after free in Blink Media
- CVE-2022-4437: Use after free in Mojo IPC
- CVE-2022-4438: Use after free in Blink Frames
- CVE-2022-4439: Use after free in Aura
- CVE-2022-4440: Use after free in Profiles
Patchnames: openSUSE-2022-10244
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nUpdate to version 108.0.5359.124 (boo#1206403):\n\n- CVE-2022-4436: Use after free in Blink Media\n- CVE-2022-4437: Use after free in Mojo IPC\n- CVE-2022-4438: Use after free in Blink Frames\n- CVE-2022-4439: Use after free in Aura\n- CVE-2022-4440: Use after free in Profiles\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-10244",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10244-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:10244-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I5J6OPVTWIV2IR6E5RHOT42UIBBBHIPD/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:10244-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I5J6OPVTWIV2IR6E5RHOT42UIBBBHIPD/"
},
{
"category": "self",
"summary": "SUSE Bug 1205433",
"url": "https://bugzilla.suse.com/1205433"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4436 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4437 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4438 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4439 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4440 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4440/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2022-12-15T18:08:17Z",
"generator": {
"date": "2022-12-15T18:08:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:10244-1",
"initial_release_date": "2022-12-15T18:08:17Z",
"revision_history": [
{
"date": "2022-12-15T18:08:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"product": {
"name": "chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"product_id": "chromedriver-108.0.5359.124-bp154.2.55.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"product": {
"name": "chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"product_id": "chromium-108.0.5359.124-bp154.2.55.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"product": {
"name": "chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"product_id": "chromedriver-108.0.5359.124-bp154.2.55.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"product": {
"name": "chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"product_id": "chromium-108.0.5359.124-bp154.2.55.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP4",
"product": {
"name": "SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64"
},
"product_reference": "chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64"
},
"product_reference": "chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-108.0.5359.124-bp154.2.55.1.aarch64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64"
},
"product_reference": "chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-108.0.5359.124-bp154.2.55.1.x86_64 as component of SUSE Package Hub 15 SP4",
"product_id": "SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
},
"product_reference": "chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-108.0.5359.124-bp154.2.55.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64"
},
"product_reference": "chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-108.0.5359.124-bp154.2.55.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64"
},
"product_reference": "chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-108.0.5359.124-bp154.2.55.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64"
},
"product_reference": "chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-108.0.5359.124-bp154.2.55.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
},
"product_reference": "chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4436"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4436",
"url": "https://www.suse.com/security/cve/CVE-2022-4436"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4436",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-15T18:08:17Z",
"details": "important"
}
],
"title": "CVE-2022-4436"
},
{
"cve": "CVE-2022-4437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4437"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4437",
"url": "https://www.suse.com/security/cve/CVE-2022-4437"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4437",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-15T18:08:17Z",
"details": "important"
}
],
"title": "CVE-2022-4437"
},
{
"cve": "CVE-2022-4438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4438"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4438",
"url": "https://www.suse.com/security/cve/CVE-2022-4438"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4438",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-15T18:08:17Z",
"details": "important"
}
],
"title": "CVE-2022-4438"
},
{
"cve": "CVE-2022-4439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4439"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4439",
"url": "https://www.suse.com/security/cve/CVE-2022-4439"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4439",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-15T18:08:17Z",
"details": "important"
}
],
"title": "CVE-2022-4439"
},
{
"cve": "CVE-2022-4440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4440"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4440",
"url": "https://www.suse.com/security/cve/CVE-2022-4440"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4440",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"SUSE Package Hub 15 SP4:chromium-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromedriver-108.0.5359.124-bp154.2.55.1.x86_64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.aarch64",
"openSUSE Leap 15.4:chromium-108.0.5359.124-bp154.2.55.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-15T18:08:17Z",
"details": "important"
}
],
"title": "CVE-2022-4440"
}
]
}
OPENSUSE-SU-2022:10245-1
Vulnerability from csaf_opensuse - Published: 2022-12-16 12:14 - Updated: 2022-12-16 12:14Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Update to version 108.0.5359.124 (boo#1206403):
- CVE-2022-4436: Use after free in Blink Media
- CVE-2022-4437: Use after free in Mojo IPC
- CVE-2022-4438: Use after free in Blink Frames
- CVE-2022-4439: Use after free in Aura
- CVE-2022-4440: Use after free in Profiles
Patchnames: openSUSE-2022-10245
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nUpdate to version 108.0.5359.124 (boo#1206403):\n\n- CVE-2022-4436: Use after free in Blink Media\n- CVE-2022-4437: Use after free in Mojo IPC\n- CVE-2022-4438: Use after free in Blink Frames\n- CVE-2022-4439: Use after free in Aura\n- CVE-2022-4440: Use after free in Profiles\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-10245",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10245-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:10245-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5GZONV2X67CIWI27PEH2RZABQNIN6PYU/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:10245-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5GZONV2X67CIWI27PEH2RZABQNIN6PYU/"
},
{
"category": "self",
"summary": "SUSE Bug 1205433",
"url": "https://bugzilla.suse.com/1205433"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4436 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4437 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4438 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4439 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4440 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4440/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2022-12-16T12:14:13Z",
"generator": {
"date": "2022-12-16T12:14:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:10245-1",
"initial_release_date": "2022-12-16T12:14:13Z",
"revision_history": [
{
"date": "2022-12-16T12:14:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"product": {
"name": "chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"product_id": "chromedriver-108.0.5359.124-bp153.2.148.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"product": {
"name": "chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"product_id": "chromium-108.0.5359.124-bp153.2.148.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"product": {
"name": "chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"product_id": "chromedriver-108.0.5359.124-bp153.2.148.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"product": {
"name": "chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"product_id": "chromium-108.0.5359.124-bp153.2.148.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64"
},
"product_reference": "chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64"
},
"product_reference": "chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-108.0.5359.124-bp153.2.148.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64"
},
"product_reference": "chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-108.0.5359.124-bp153.2.148.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
},
"product_reference": "chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-108.0.5359.124-bp153.2.148.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64"
},
"product_reference": "chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-108.0.5359.124-bp153.2.148.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64"
},
"product_reference": "chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-108.0.5359.124-bp153.2.148.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64"
},
"product_reference": "chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-108.0.5359.124-bp153.2.148.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
},
"product_reference": "chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4436"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4436",
"url": "https://www.suse.com/security/cve/CVE-2022-4436"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4436",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-16T12:14:13Z",
"details": "important"
}
],
"title": "CVE-2022-4436"
},
{
"cve": "CVE-2022-4437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4437"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4437",
"url": "https://www.suse.com/security/cve/CVE-2022-4437"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4437",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-16T12:14:13Z",
"details": "important"
}
],
"title": "CVE-2022-4437"
},
{
"cve": "CVE-2022-4438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4438"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4438",
"url": "https://www.suse.com/security/cve/CVE-2022-4438"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4438",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-16T12:14:13Z",
"details": "important"
}
],
"title": "CVE-2022-4438"
},
{
"cve": "CVE-2022-4439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4439"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4439",
"url": "https://www.suse.com/security/cve/CVE-2022-4439"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4439",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-16T12:14:13Z",
"details": "important"
}
],
"title": "CVE-2022-4439"
},
{
"cve": "CVE-2022-4440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4440"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4440",
"url": "https://www.suse.com/security/cve/CVE-2022-4440"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4440",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"SUSE Package Hub 15 SP3:chromium-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromedriver-108.0.5359.124-bp153.2.148.1.x86_64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.aarch64",
"openSUSE Leap 15.3:chromium-108.0.5359.124-bp153.2.148.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-16T12:14:13Z",
"details": "important"
}
],
"title": "CVE-2022-4440"
}
]
}
OPENSUSE-SU-2022:10254-1
Vulnerability from csaf_opensuse - Published: 2022-12-31 15:01 - Updated: 2022-12-31 15:01Summary
Security update for opera
Severity
Important
Notes
Title of the patch: Security update for opera
Description of the patch: This update for opera fixes the following issues:
- Update to 94.0.4606.38
- CHR-9133 Update chromium on desktop-stable-108-4606 to
108.0.5359.125
- DNA-103624 Create JS API to open Search tabs feature
- DNA-104004 Improve welcome pop-up
- DNA-104053 Right mouse click open speed dial instead of
context menu
- DNA-104055 News article opens in active tab
- DNA-104084 [Suggestion] Introduce a way to remove the
Lucid Mode button
- DNA-104089 No crashes reported in soccoro for Linux
- The update to chromium 108.0.5359.125 fixes following issues:
CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439,
CVE-2022-4440
- Update to 94.0.4606.26
- CHR-9125 Update chromium on desktop-stable-108-4606 to
108.0.5359.99
- DNA-99207 WebUI popup/dropdown could be empty due to lack
of memory
- DNA-102882 [SD][News][Continue on][Suggestion] Do not focus
on opened page when opening in new tab
- DNA-103076 Release installer consent flow globally
- DNA-103137 Fix positioning in Web UI component
- DNA-103240 Re-use logic from popup for consent not set
in settings
- DNA-103540 Implement Autostart for Opera Desktop (except Poland)
- DNA-103636 Implement Lucid Mode for Videos
- DNA-103637 Implement Lucid Mode button on top of videos
- DNA-103638 Make Lucid Mode button on top of videos work
- DNA-103641 Implement Lucid Mode for Images
- DNA-103642 Updated design and animation for Lucid Mode button
on top of videos
- DNA-103650 Add Lucid Mode to Easy Setup
- DNA-103701 Move User Styles loading/saving to a separate
component
- DNA-103718 Record 'consent_given' stat for every session
- DNA-103724 Video detach button wont go away
- DNA-103757 Add click animation for Lucid Mode button on
top of videos
- DNA-103765 Console error with lucid mode flag off
- DNA-103770 Easy Setup switch doesn't get updated
- DNA-103771 Click animation should only show when turning
on Lucid Mode
- DNA-103773 Unable to access lucid mode settings section
directly
- DNA-103784 Investigate video buttons 'escaping'
- DNA-103800 Adapt Lucid Mode button to new design
- DNA-103836 Translations for O94
- DNA-103850 Label on detach button cut off
- DNA-103924 Popup windows of type TYPE_APP_POPUP have
incorrectly set minimum size
- DNA-103931 Wrong sidebar detection.
- DNA-103935 Change Lucid Mode Video (Sharpen videos) to
default off
- DNA-103949 Lucid Mode doesn't work in a private window
- DNA-103959 Unable to scroll down on player home page
- DNA-103962 [Settings] Remove 'Safety Check'
- DNA-104011 Turn on Lucid Mode on all streams
- DNA-104052 Hide Lucid Mode video button on Google Meet
- DNA-103930 Promote O94 to stable
- The update to chromium 108.0.5359.99 fixes following issues:
CVE-2022-4262
- Update to 93.0.4585.64
- DNA-102836 Make 1st screen of Consent Popup a little taller to
have more space under 'You can adjust your choices' label
- DNA-102934 Turn on building testlist on GOTH instead of
Buildbot
- DNA-102969 On some pages search popup don't work
- DNA-103053 Put consent flow settings in separate feature flag
- DNA-103054 Update consent settings to new design
- DNA-103062 Add opauto tests for consent flow settings
- DNA-103099 Set testlist_from in testlist generating script
- DNA-103240 Re-use logic from popup for consent not set in
settings
- DNA-103296 Force dark page break QR code in whats app
- DNA-103298 Stat for recording adblock whitelist is not sent in
every session
- DNA-103522 Missing translations for
IDS_CONSENT_FLOW_DATA_DESC_INTERESTS
- DNA-103526 search popup doesn't recognize some currencies
shortcut
- DNA-103530 Replace icons in sidebar setup
- DNA-103636 Implement Lucid Mode for Videos
- DNA-103637 Implement Lucid Mode button on top of videos
- DNA-103638 Make Lucid Mode button on top of videos work
- DNA-103641 Implement Lucid Mode for Images
- DNA-103642 Updated design and animation for Lucid Mode button
on top of videos
- DNA-103650 Add Lucid Mode to Easy Setup
- DNA-103701 Move User Styles loading/saving to a separate
component
- DNA-103718 Record 'consent_given' stat for every session
- DNA-103724 Video detach button wont go away
- DNA-103757 Add click animation for Lucid Mode button on
top of videos
- DNA-103765 Console error with lucid mode flag off
- DNA-103770 Easy Setup switch doesn't get updated
- DNA-103771 Click animation should only show when turning on
Lucid Mode
- DNA-103773 Unable to access lucid mode settings section
directly
- DNA-103784 Investigate video buttons 'escaping'
- DNA-103800 Adapt Lucid Mode button to new design
- DNA-103850 Label on detach button cut off
- DNA-103924 Popup windows of type TYPE_APP_POPUP have
incorrectly set minimum size
- DNA-103935 Change Lucid Mode Video (Sharpen videos) to
default off
- DNA-104011 Turn on Lucid Mode on all streams
Patchnames: openSUSE-2022-10254
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\n- Update to 94.0.4606.38\n - CHR-9133 Update chromium on desktop-stable-108-4606 to\n 108.0.5359.125\n - DNA-103624 Create JS API to open Search tabs feature\n - DNA-104004 Improve welcome pop-up\n - DNA-104053 Right mouse click open speed dial instead of\n context menu\n - DNA-104055 News article opens in active tab\n - DNA-104084 [Suggestion] Introduce a way to remove the\n Lucid Mode button\n - DNA-104089 No crashes reported in soccoro for Linux\n- The update to chromium 108.0.5359.125 fixes following issues: \n CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439,\n CVE-2022-4440\n\n- Update to 94.0.4606.26\n - CHR-9125 Update chromium on desktop-stable-108-4606 to\n 108.0.5359.99\n - DNA-99207 WebUI popup/dropdown could be empty due to lack\n of memory\n - DNA-102882 [SD][News][Continue on][Suggestion] Do not focus\n on opened page when opening in new tab\n - DNA-103076 Release installer consent flow globally\n - DNA-103137 Fix positioning in Web UI component\n - DNA-103240 Re-use logic from popup for consent not set\n in settings\n - DNA-103540 Implement Autostart for Opera Desktop (except Poland)\n - DNA-103636 Implement Lucid Mode for Videos\n - DNA-103637 Implement Lucid Mode button on top of videos\n - DNA-103638 Make Lucid Mode button on top of videos work\n - DNA-103641 Implement Lucid Mode for Images\n - DNA-103642 Updated design and animation for Lucid Mode button\n on top of videos\n - DNA-103650 Add Lucid Mode to Easy Setup\n - DNA-103701 Move User Styles loading/saving to a separate\n component\n - DNA-103718 Record \u0027consent_given\u0027 stat for every session\n - DNA-103724 Video detach button wont go away\n - DNA-103757 Add click animation for Lucid Mode button on\n top of videos\n - DNA-103765 Console error with lucid mode flag off\n - DNA-103770 Easy Setup switch doesn\u0027t get updated\n - DNA-103771 Click animation should only show when turning\n on Lucid Mode\n - DNA-103773 Unable to access lucid mode settings section\n directly\n - DNA-103784 Investigate video buttons \u0027escaping\u0027\n - DNA-103800 Adapt Lucid Mode button to new design\n - DNA-103836 Translations for O94\n - DNA-103850 Label on detach button cut off\n - DNA-103924 Popup windows of type TYPE_APP_POPUP have\n incorrectly set minimum size\n - DNA-103931 Wrong sidebar detection.\n - DNA-103935 Change Lucid Mode Video (Sharpen videos) to\n default off\n - DNA-103949 Lucid Mode doesn\u0027t work in a private window\n - DNA-103959 Unable to scroll down on player home page\n - DNA-103962 [Settings] Remove \u0027Safety Check\u0027\n - DNA-104011 Turn on Lucid Mode on all streams\n - DNA-104052 Hide Lucid Mode video button on Google Meet\n - DNA-103930 Promote O94 to stable\n- The update to chromium 108.0.5359.99 fixes following issues: \n CVE-2022-4262\n \n- Update to 93.0.4585.64\n - DNA-102836 Make 1st screen of Consent Popup a little taller to\n have more space under \u0027You can adjust your choices\u0027 label\n - DNA-102934 Turn on building testlist on GOTH instead of\n Buildbot\n - DNA-102969 On some pages search popup don\u0027t work\n - DNA-103053 Put consent flow settings in separate feature flag\n - DNA-103054 Update consent settings to new design\n - DNA-103062 Add opauto tests for consent flow settings\n - DNA-103099 Set testlist_from in testlist generating script\n - DNA-103240 Re-use logic from popup for consent not set in\n settings\n - DNA-103296 Force dark page break QR code in whats app\n - DNA-103298 Stat for recording adblock whitelist is not sent in\n every session\n - DNA-103522 Missing translations for\n IDS_CONSENT_FLOW_DATA_DESC_INTERESTS\n - DNA-103526 search popup doesn\u0027t recognize some currencies\n shortcut\n - DNA-103530 Replace icons in sidebar setup\n - DNA-103636 Implement Lucid Mode for Videos\n - DNA-103637 Implement Lucid Mode button on top of videos\n - DNA-103638 Make Lucid Mode button on top of videos work\n - DNA-103641 Implement Lucid Mode for Images\n - DNA-103642 Updated design and animation for Lucid Mode button\n on top of videos\n - DNA-103650 Add Lucid Mode to Easy Setup\n - DNA-103701 Move User Styles loading/saving to a separate\n component\n - DNA-103718 Record \u0027consent_given\u0027 stat for every session\n - DNA-103724 Video detach button wont go away\n - DNA-103757 Add click animation for Lucid Mode button on\n top of videos\n - DNA-103765 Console error with lucid mode flag off\n - DNA-103770 Easy Setup switch doesn\u0027t get updated\n - DNA-103771 Click animation should only show when turning on\n Lucid Mode\n - DNA-103773 Unable to access lucid mode settings section\n directly\n - DNA-103784 Investigate video buttons \u0027escaping\u0027\n - DNA-103800 Adapt Lucid Mode button to new design\n - DNA-103850 Label on detach button cut off\n - DNA-103924 Popup windows of type TYPE_APP_POPUP have\n incorrectly set minimum size\n - DNA-103935 Change Lucid Mode Video (Sharpen videos) to\n default off\n - DNA-104011 Turn on Lucid Mode on all streams\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-10254",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10254-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:10254-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:10254-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4262 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4436 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4437 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4438 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4439 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4440 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4440/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2022-12-31T15:01:26Z",
"generator": {
"date": "2022-12-31T15:01:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:10254-1",
"initial_release_date": "2022-12-31T15:01:26Z",
"revision_history": [
{
"date": "2022-12-31T15:01:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-94.0.4606.38-lp154.2.35.1.x86_64",
"product": {
"name": "opera-94.0.4606.38-lp154.2.35.1.x86_64",
"product_id": "opera-94.0.4606.38-lp154.2.35.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.4 NonFree",
"product": {
"name": "openSUSE Leap 15.4 NonFree",
"product_id": "openSUSE Leap 15.4 NonFree",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-94.0.4606.38-lp154.2.35.1.x86_64 as component of openSUSE Leap 15.4 NonFree",
"product_id": "openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
},
"product_reference": "opera-94.0.4606.38-lp154.2.35.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4262"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4262",
"url": "https://www.suse.com/security/cve/CVE-2022-4262"
},
{
"category": "external",
"summary": "SUSE Bug 1205999 for CVE-2022-4262",
"url": "https://bugzilla.suse.com/1205999"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4262"
},
{
"cve": "CVE-2022-4436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4436"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4436",
"url": "https://www.suse.com/security/cve/CVE-2022-4436"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4436",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4436"
},
{
"cve": "CVE-2022-4437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4437"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4437",
"url": "https://www.suse.com/security/cve/CVE-2022-4437"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4437",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4437"
},
{
"cve": "CVE-2022-4438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4438"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4438",
"url": "https://www.suse.com/security/cve/CVE-2022-4438"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4438",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4438"
},
{
"cve": "CVE-2022-4439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4439"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4439",
"url": "https://www.suse.com/security/cve/CVE-2022-4439"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4439",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4439"
},
{
"cve": "CVE-2022-4440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4440"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4440",
"url": "https://www.suse.com/security/cve/CVE-2022-4440"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4440",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4440"
}
]
}
OPENSUSE-SU-2023:0115-1
Vulnerability from csaf_opensuse - Published: 2023-05-27 12:01 - Updated: 2023-05-27 12:01Summary
Security update for opera
Severity
Important
Notes
Title of the patch: Security update for opera
Description of the patch: This update for opera fixes the following issues:
- Update to 99.0.4788.13
* CHR-9290 Update Chromium on desktop-stable-113-4788 to
113.0.5672.127
* DNA-107317 __delayLoadHelper2 crash in crashreporter
- The update to chromium 113.0.5672.127 fixes following issues:
CVE-2023-2721, CVE-2023-2722, CVE-2023-2723, CVE-2023-2724,
CVE-2023-2725, CVE-2023-2726
- Update to 99.0.4788.9
* CHR-9283 Update Chromium on desktop-stable-113-4788 to
113.0.5672.93
* DNA-107638 Translations for O99
* DNA-107678 Crash Report [@ BrowserContextKeyedServiceFactory::
BrowserContextKeyedServiceFactory(char const*,
BrowserContextDependencyManager*) ]
* DNA-107795 Fix wrong german translation of
'Close All Duplicate Tabs'
* DNA-107800 Fonts on section#folder and AddSitePanel not
readable when animated wallpaper chosen
* DNA-107840 Promote O99 to stable
- Update to 98.0.4759.39
* DNA-102363 ChromeFileSystemAccessPermissionContextTest.
ConfirmSensitiveEntryAccess_DangerousFile fails
* DNA-105534 [Add to Opera] Incorrect scroll on modal when
browser window size is too small
* DNA-106649 Opening new tab when pinned tab is active gives
2 active tabs
* DNA-107226 Speed Dial freezes and empty space remains after
Continue booking tile dragging
* DNA-107435 Building archive_source_release target fails
* DNA-107441 [Start page] Right mouse click on tile in continue
on section opens target site in current tab
* DNA-107508 Crash at permissions::PermissionRecoverySuccessRate
Tracker::TrackUsage(ContentSettingsType)
* DNA-107528 Handle real-time SD impression reporting
* DNA-107546 Context menus broken with one workspace
* DNA-107548 Paste from Context Menu doesn’t work for Search
on StartPage
* DNA-107560 Optimize real-time SD impression reporting
Patchnames: openSUSE-2023-115
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
273 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\n- Update to 99.0.4788.13\n * CHR-9290 Update Chromium on desktop-stable-113-4788 to\n 113.0.5672.127\n * DNA-107317 __delayLoadHelper2 crash in crashreporter\n- The update to chromium 113.0.5672.127 fixes following issues:\n CVE-2023-2721, CVE-2023-2722, CVE-2023-2723, CVE-2023-2724,\n CVE-2023-2725, CVE-2023-2726\n\n- Update to 99.0.4788.9\n * CHR-9283 Update Chromium on desktop-stable-113-4788 to\n 113.0.5672.93\n * DNA-107638 Translations for O99\n * DNA-107678 Crash Report [@ BrowserContextKeyedServiceFactory::\n BrowserContextKeyedServiceFactory(char const*,\n BrowserContextDependencyManager*) ]\n * DNA-107795 Fix wrong german translation of\n \u0027Close All Duplicate Tabs\u0027\n * DNA-107800 Fonts on section#folder and AddSitePanel not\n readable when animated wallpaper chosen\n * DNA-107840 Promote O99 to stable\n\n- Update to 98.0.4759.39\n * DNA-102363 ChromeFileSystemAccessPermissionContextTest.\n ConfirmSensitiveEntryAccess_DangerousFile fails\n * DNA-105534 [Add to Opera] Incorrect scroll on modal when\n browser window size is too small\n * DNA-106649 Opening new tab when pinned tab is active gives\n 2 active tabs\n * DNA-107226 Speed Dial freezes and empty space remains after\n Continue booking tile dragging\n * DNA-107435 Building archive_source_release target fails\n * DNA-107441 [Start page] Right mouse click on tile in continue\n on section opens target site in current tab\n * DNA-107508 Crash at permissions::PermissionRecoverySuccessRate\n Tracker::TrackUsage(ContentSettingsType)\n * DNA-107528 Handle real-time SD impression reporting\n * DNA-107546 Context menus broken with one workspace\n * DNA-107548 Paste from Context Menu doesn\u2019t work for Search\n on StartPage\n * DNA-107560 Optimize real-time SD impression reporting\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2023-115",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0115-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2023:0115-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NVMVZHYNGC7MNXWYYPCKCBLKKYAGFJPY/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2023:0115-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NVMVZHYNGC7MNXWYYPCKCBLKKYAGFJPY/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3196 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3197 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3198 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3199 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3200 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3201 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3445 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3445/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3446 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3446/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3447 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3447/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3448 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3449 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3450 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3723 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3885 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3886 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3887 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3888 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3889 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4262 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4436 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4437 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4438 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4439 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4440 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4440/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0471 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0471/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0472 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0473 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0474 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0474/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0696 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0697 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0698 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0699 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0700 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0701 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0702 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0703 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0704 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0705 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0927 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0928 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0928/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0929 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0930 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0930/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0931 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0931/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0932 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0933 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0933/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0941 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0941/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1213 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1214 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1215 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1216 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1217 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1218 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1219 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1220 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1221 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1222 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1223 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1224 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1225 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1226 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1227 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1228 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1230 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1231 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1232 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1233 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1234 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1235 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1236 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1528 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1528/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1529 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1530 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1531 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1531/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1532 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1532/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1533 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1534 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1534/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2033 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2133 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2134 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2135 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2136 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2137 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2721 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2722 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2723 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2724 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2725 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2726 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2726/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2023-05-27T12:01:50Z",
"generator": {
"date": "2023-05-27T12:01:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2023:0115-1",
"initial_release_date": "2023-05-27T12:01:50Z",
"revision_history": [
{
"date": "2023-05-27T12:01:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-99.0.4788.13-lp155.3.6.1.x86_64",
"product": {
"name": "opera-99.0.4788.13-lp155.3.6.1.x86_64",
"product_id": "opera-99.0.4788.13-lp155.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.5 NonFree",
"product": {
"name": "openSUSE Leap 15.5 NonFree",
"product_id": "openSUSE Leap 15.5 NonFree"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-99.0.4788.13-lp155.3.6.1.x86_64 as component of openSUSE Leap 15.5 NonFree",
"product_id": "openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
},
"product_reference": "opera-99.0.4788.13-lp155.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3196"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3196",
"url": "https://www.suse.com/security/cve/CVE-2022-3196"
},
{
"category": "external",
"summary": "SUSE Bug 1203419 for CVE-2022-3196",
"url": "https://bugzilla.suse.com/1203419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3196"
},
{
"cve": "CVE-2022-3197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3197"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3197",
"url": "https://www.suse.com/security/cve/CVE-2022-3197"
},
{
"category": "external",
"summary": "SUSE Bug 1203419 for CVE-2022-3197",
"url": "https://bugzilla.suse.com/1203419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3197"
},
{
"cve": "CVE-2022-3198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3198"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3198",
"url": "https://www.suse.com/security/cve/CVE-2022-3198"
},
{
"category": "external",
"summary": "SUSE Bug 1203419 for CVE-2022-3198",
"url": "https://bugzilla.suse.com/1203419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3198"
},
{
"cve": "CVE-2022-3199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3199"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3199",
"url": "https://www.suse.com/security/cve/CVE-2022-3199"
},
{
"category": "external",
"summary": "SUSE Bug 1203419 for CVE-2022-3199",
"url": "https://bugzilla.suse.com/1203419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3199"
},
{
"cve": "CVE-2022-3200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3200"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3200",
"url": "https://www.suse.com/security/cve/CVE-2022-3200"
},
{
"category": "external",
"summary": "SUSE Bug 1203419 for CVE-2022-3200",
"url": "https://bugzilla.suse.com/1203419"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3200"
},
{
"cve": "CVE-2022-3201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3201"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3201",
"url": "https://www.suse.com/security/cve/CVE-2022-3201"
},
{
"category": "external",
"summary": "SUSE Bug 1203419 for CVE-2022-3201",
"url": "https://bugzilla.suse.com/1203419"
},
{
"category": "external",
"summary": "SUSE Bug 1203808 for CVE-2022-3201",
"url": "https://bugzilla.suse.com/1203808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3201"
},
{
"cve": "CVE-2022-3445",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3445"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3445",
"url": "https://www.suse.com/security/cve/CVE-2022-3445"
},
{
"category": "external",
"summary": "SUSE Bug 1204223 for CVE-2022-3445",
"url": "https://bugzilla.suse.com/1204223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3445"
},
{
"cve": "CVE-2022-3446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3446"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3446",
"url": "https://www.suse.com/security/cve/CVE-2022-3446"
},
{
"category": "external",
"summary": "SUSE Bug 1204223 for CVE-2022-3446",
"url": "https://bugzilla.suse.com/1204223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3446"
},
{
"cve": "CVE-2022-3447",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3447"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3447",
"url": "https://www.suse.com/security/cve/CVE-2022-3447"
},
{
"category": "external",
"summary": "SUSE Bug 1204223 for CVE-2022-3447",
"url": "https://bugzilla.suse.com/1204223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3447"
},
{
"cve": "CVE-2022-3448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3448"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3448",
"url": "https://www.suse.com/security/cve/CVE-2022-3448"
},
{
"category": "external",
"summary": "SUSE Bug 1204223 for CVE-2022-3448",
"url": "https://bugzilla.suse.com/1204223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3448"
},
{
"cve": "CVE-2022-3449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3449"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3449",
"url": "https://www.suse.com/security/cve/CVE-2022-3449"
},
{
"category": "external",
"summary": "SUSE Bug 1204223 for CVE-2022-3449",
"url": "https://bugzilla.suse.com/1204223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3449"
},
{
"cve": "CVE-2022-3450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3450"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3450",
"url": "https://www.suse.com/security/cve/CVE-2022-3450"
},
{
"category": "external",
"summary": "SUSE Bug 1204223 for CVE-2022-3450",
"url": "https://bugzilla.suse.com/1204223"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3450"
},
{
"cve": "CVE-2022-3723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3723"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3723",
"url": "https://www.suse.com/security/cve/CVE-2022-3723"
},
{
"category": "external",
"summary": "SUSE Bug 1204819 for CVE-2022-3723",
"url": "https://bugzilla.suse.com/1204819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-3723"
},
{
"cve": "CVE-2022-3885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3885"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3885",
"url": "https://www.suse.com/security/cve/CVE-2022-3885"
},
{
"category": "external",
"summary": "SUSE Bug 1205221 for CVE-2022-3885",
"url": "https://bugzilla.suse.com/1205221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2022-3885"
},
{
"cve": "CVE-2022-3886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3886"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3886",
"url": "https://www.suse.com/security/cve/CVE-2022-3886"
},
{
"category": "external",
"summary": "SUSE Bug 1205221 for CVE-2022-3886",
"url": "https://bugzilla.suse.com/1205221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2022-3886"
},
{
"cve": "CVE-2022-3887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3887"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3887",
"url": "https://www.suse.com/security/cve/CVE-2022-3887"
},
{
"category": "external",
"summary": "SUSE Bug 1205221 for CVE-2022-3887",
"url": "https://bugzilla.suse.com/1205221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2022-3887"
},
{
"cve": "CVE-2022-3888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3888"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3888",
"url": "https://www.suse.com/security/cve/CVE-2022-3888"
},
{
"category": "external",
"summary": "SUSE Bug 1205221 for CVE-2022-3888",
"url": "https://bugzilla.suse.com/1205221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2022-3888"
},
{
"cve": "CVE-2022-3889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3889"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3889",
"url": "https://www.suse.com/security/cve/CVE-2022-3889"
},
{
"category": "external",
"summary": "SUSE Bug 1205221 for CVE-2022-3889",
"url": "https://bugzilla.suse.com/1205221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2022-3889"
},
{
"cve": "CVE-2022-4262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4262"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4262",
"url": "https://www.suse.com/security/cve/CVE-2022-4262"
},
{
"category": "external",
"summary": "SUSE Bug 1205999 for CVE-2022-4262",
"url": "https://bugzilla.suse.com/1205999"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-4262"
},
{
"cve": "CVE-2022-4436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4436"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4436",
"url": "https://www.suse.com/security/cve/CVE-2022-4436"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4436",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-4436"
},
{
"cve": "CVE-2022-4437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4437"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4437",
"url": "https://www.suse.com/security/cve/CVE-2022-4437"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4437",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-4437"
},
{
"cve": "CVE-2022-4438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4438"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4438",
"url": "https://www.suse.com/security/cve/CVE-2022-4438"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4438",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-4438"
},
{
"cve": "CVE-2022-4439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4439"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4439",
"url": "https://www.suse.com/security/cve/CVE-2022-4439"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4439",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-4439"
},
{
"cve": "CVE-2022-4440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4440"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4440",
"url": "https://www.suse.com/security/cve/CVE-2022-4440"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4440",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2022-4440"
},
{
"cve": "CVE-2023-0471",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0471"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0471",
"url": "https://www.suse.com/security/cve/CVE-2023-0471"
},
{
"category": "external",
"summary": "SUSE Bug 1207512 for CVE-2023-0471",
"url": "https://bugzilla.suse.com/1207512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0471"
},
{
"cve": "CVE-2023-0472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0472"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0472",
"url": "https://www.suse.com/security/cve/CVE-2023-0472"
},
{
"category": "external",
"summary": "SUSE Bug 1207512 for CVE-2023-0472",
"url": "https://bugzilla.suse.com/1207512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0472"
},
{
"cve": "CVE-2023-0473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0473"
}
],
"notes": [
{
"category": "general",
"text": "Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0473",
"url": "https://www.suse.com/security/cve/CVE-2023-0473"
},
{
"category": "external",
"summary": "SUSE Bug 1207512 for CVE-2023-0473",
"url": "https://bugzilla.suse.com/1207512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0473"
},
{
"cve": "CVE-2023-0474",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0474"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0474",
"url": "https://www.suse.com/security/cve/CVE-2023-0474"
},
{
"category": "external",
"summary": "SUSE Bug 1207512 for CVE-2023-0474",
"url": "https://bugzilla.suse.com/1207512"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0474"
},
{
"cve": "CVE-2023-0696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0696"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0696",
"url": "https://www.suse.com/security/cve/CVE-2023-0696"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0696",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0696"
},
{
"cve": "CVE-2023-0697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0697"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0697",
"url": "https://www.suse.com/security/cve/CVE-2023-0697"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0697",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0697"
},
{
"cve": "CVE-2023-0698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0698"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0698",
"url": "https://www.suse.com/security/cve/CVE-2023-0698"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0698",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0698"
},
{
"cve": "CVE-2023-0699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0699"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0699",
"url": "https://www.suse.com/security/cve/CVE-2023-0699"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0699",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0699"
},
{
"cve": "CVE-2023-0700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0700"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0700",
"url": "https://www.suse.com/security/cve/CVE-2023-0700"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0700",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0700"
},
{
"cve": "CVE-2023-0701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0701"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0701",
"url": "https://www.suse.com/security/cve/CVE-2023-0701"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0701",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0701"
},
{
"cve": "CVE-2023-0702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0702"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0702",
"url": "https://www.suse.com/security/cve/CVE-2023-0702"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0702",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0702"
},
{
"cve": "CVE-2023-0703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0703"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0703",
"url": "https://www.suse.com/security/cve/CVE-2023-0703"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0703",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0703"
},
{
"cve": "CVE-2023-0704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0704"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0704",
"url": "https://www.suse.com/security/cve/CVE-2023-0704"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0704",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0704"
},
{
"cve": "CVE-2023-0705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0705"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0705",
"url": "https://www.suse.com/security/cve/CVE-2023-0705"
},
{
"category": "external",
"summary": "SUSE Bug 1208029 for CVE-2023-0705",
"url": "https://bugzilla.suse.com/1208029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0705"
},
{
"cve": "CVE-2023-0927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0927"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0927",
"url": "https://www.suse.com/security/cve/CVE-2023-0927"
},
{
"category": "external",
"summary": "SUSE Bug 1208589 for CVE-2023-0927",
"url": "https://bugzilla.suse.com/1208589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0927"
},
{
"cve": "CVE-2023-0928",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0928"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0928",
"url": "https://www.suse.com/security/cve/CVE-2023-0928"
},
{
"category": "external",
"summary": "SUSE Bug 1208589 for CVE-2023-0928",
"url": "https://bugzilla.suse.com/1208589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0928"
},
{
"cve": "CVE-2023-0929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0929"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0929",
"url": "https://www.suse.com/security/cve/CVE-2023-0929"
},
{
"category": "external",
"summary": "SUSE Bug 1208589 for CVE-2023-0929",
"url": "https://bugzilla.suse.com/1208589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0929"
},
{
"cve": "CVE-2023-0930",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0930"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0930",
"url": "https://www.suse.com/security/cve/CVE-2023-0930"
},
{
"category": "external",
"summary": "SUSE Bug 1208589 for CVE-2023-0930",
"url": "https://bugzilla.suse.com/1208589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0930"
},
{
"cve": "CVE-2023-0931",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0931"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0931",
"url": "https://www.suse.com/security/cve/CVE-2023-0931"
},
{
"category": "external",
"summary": "SUSE Bug 1208589 for CVE-2023-0931",
"url": "https://bugzilla.suse.com/1208589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0931"
},
{
"cve": "CVE-2023-0932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0932"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0932",
"url": "https://www.suse.com/security/cve/CVE-2023-0932"
},
{
"category": "external",
"summary": "SUSE Bug 1208589 for CVE-2023-0932",
"url": "https://bugzilla.suse.com/1208589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0932"
},
{
"cve": "CVE-2023-0933",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0933"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0933",
"url": "https://www.suse.com/security/cve/CVE-2023-0933"
},
{
"category": "external",
"summary": "SUSE Bug 1208589 for CVE-2023-0933",
"url": "https://bugzilla.suse.com/1208589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0933"
},
{
"cve": "CVE-2023-0941",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0941"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0941",
"url": "https://www.suse.com/security/cve/CVE-2023-0941"
},
{
"category": "external",
"summary": "SUSE Bug 1208589 for CVE-2023-0941",
"url": "https://bugzilla.suse.com/1208589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-0941"
},
{
"cve": "CVE-2023-1213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1213"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1213",
"url": "https://www.suse.com/security/cve/CVE-2023-1213"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1213",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1213"
},
{
"cve": "CVE-2023-1214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1214"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1214",
"url": "https://www.suse.com/security/cve/CVE-2023-1214"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1214",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1214"
},
{
"cve": "CVE-2023-1215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1215"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1215",
"url": "https://www.suse.com/security/cve/CVE-2023-1215"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1215",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1215"
},
{
"cve": "CVE-2023-1216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1216"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1216",
"url": "https://www.suse.com/security/cve/CVE-2023-1216"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1216",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1216"
},
{
"cve": "CVE-2023-1217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1217"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1217",
"url": "https://www.suse.com/security/cve/CVE-2023-1217"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1217",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1217"
},
{
"cve": "CVE-2023-1218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1218"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1218",
"url": "https://www.suse.com/security/cve/CVE-2023-1218"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1218",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1218"
},
{
"cve": "CVE-2023-1219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1219"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1219",
"url": "https://www.suse.com/security/cve/CVE-2023-1219"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1219",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1219"
},
{
"cve": "CVE-2023-1220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1220"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1220",
"url": "https://www.suse.com/security/cve/CVE-2023-1220"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1220",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1220"
},
{
"cve": "CVE-2023-1221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1221"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1221",
"url": "https://www.suse.com/security/cve/CVE-2023-1221"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1221",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1221"
},
{
"cve": "CVE-2023-1222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1222"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1222",
"url": "https://www.suse.com/security/cve/CVE-2023-1222"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1222",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1222"
},
{
"cve": "CVE-2023-1223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1223"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1223",
"url": "https://www.suse.com/security/cve/CVE-2023-1223"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1223",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1223"
},
{
"cve": "CVE-2023-1224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1224"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1224",
"url": "https://www.suse.com/security/cve/CVE-2023-1224"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1224",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1224"
},
{
"cve": "CVE-2023-1225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1225"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1225",
"url": "https://www.suse.com/security/cve/CVE-2023-1225"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1225",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1225"
},
{
"cve": "CVE-2023-1226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1226"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1226",
"url": "https://www.suse.com/security/cve/CVE-2023-1226"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1226",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1226"
},
{
"cve": "CVE-2023-1227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1227"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1227",
"url": "https://www.suse.com/security/cve/CVE-2023-1227"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1227",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1227"
},
{
"cve": "CVE-2023-1228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1228"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1228",
"url": "https://www.suse.com/security/cve/CVE-2023-1228"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1228",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1228"
},
{
"cve": "CVE-2023-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1229"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1229",
"url": "https://www.suse.com/security/cve/CVE-2023-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1229",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1229"
},
{
"cve": "CVE-2023-1230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1230"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1230",
"url": "https://www.suse.com/security/cve/CVE-2023-1230"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1230",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1230"
},
{
"cve": "CVE-2023-1231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1231"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1231",
"url": "https://www.suse.com/security/cve/CVE-2023-1231"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1231",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1231"
},
{
"cve": "CVE-2023-1232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1232"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1232",
"url": "https://www.suse.com/security/cve/CVE-2023-1232"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1232",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1232"
},
{
"cve": "CVE-2023-1233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1233"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1233",
"url": "https://www.suse.com/security/cve/CVE-2023-1233"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1233",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1233"
},
{
"cve": "CVE-2023-1234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1234"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1234",
"url": "https://www.suse.com/security/cve/CVE-2023-1234"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1234",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1234"
},
{
"cve": "CVE-2023-1235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1235"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1235",
"url": "https://www.suse.com/security/cve/CVE-2023-1235"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1235",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1235"
},
{
"cve": "CVE-2023-1236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1236"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1236",
"url": "https://www.suse.com/security/cve/CVE-2023-1236"
},
{
"category": "external",
"summary": "SUSE Bug 1209040 for CVE-2023-1236",
"url": "https://bugzilla.suse.com/1209040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-1236"
},
{
"cve": "CVE-2023-1528",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1528"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1528",
"url": "https://www.suse.com/security/cve/CVE-2023-1528"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1528",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-1528"
},
{
"cve": "CVE-2023-1529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1529"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1529",
"url": "https://www.suse.com/security/cve/CVE-2023-1529"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1529",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-1529"
},
{
"cve": "CVE-2023-1530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1530"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1530",
"url": "https://www.suse.com/security/cve/CVE-2023-1530"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1530",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-1530"
},
{
"cve": "CVE-2023-1531",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1531"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1531",
"url": "https://www.suse.com/security/cve/CVE-2023-1531"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1531",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-1531"
},
{
"cve": "CVE-2023-1532",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1532"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1532",
"url": "https://www.suse.com/security/cve/CVE-2023-1532"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1532",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-1532"
},
{
"cve": "CVE-2023-1533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1533"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1533",
"url": "https://www.suse.com/security/cve/CVE-2023-1533"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1533",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-1533"
},
{
"cve": "CVE-2023-1534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1534"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1534",
"url": "https://www.suse.com/security/cve/CVE-2023-1534"
},
{
"category": "external",
"summary": "SUSE Bug 1209598 for CVE-2023-1534",
"url": "https://bugzilla.suse.com/1209598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-1534"
},
{
"cve": "CVE-2023-2033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2033"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2033",
"url": "https://www.suse.com/security/cve/CVE-2023-2033"
},
{
"category": "external",
"summary": "SUSE Bug 1210478 for CVE-2023-2033",
"url": "https://bugzilla.suse.com/1210478"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-2033"
},
{
"cve": "CVE-2023-2133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2133"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2133",
"url": "https://www.suse.com/security/cve/CVE-2023-2133"
},
{
"category": "external",
"summary": "SUSE Bug 1210618 for CVE-2023-2133",
"url": "https://bugzilla.suse.com/1210618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-2133"
},
{
"cve": "CVE-2023-2134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2134"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2134",
"url": "https://www.suse.com/security/cve/CVE-2023-2134"
},
{
"category": "external",
"summary": "SUSE Bug 1210618 for CVE-2023-2134",
"url": "https://bugzilla.suse.com/1210618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-2134"
},
{
"cve": "CVE-2023-2135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2135"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2135",
"url": "https://www.suse.com/security/cve/CVE-2023-2135"
},
{
"category": "external",
"summary": "SUSE Bug 1210618 for CVE-2023-2135",
"url": "https://bugzilla.suse.com/1210618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-2135"
},
{
"cve": "CVE-2023-2136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2136"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2136",
"url": "https://www.suse.com/security/cve/CVE-2023-2136"
},
{
"category": "external",
"summary": "SUSE Bug 1210618 for CVE-2023-2136",
"url": "https://bugzilla.suse.com/1210618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "critical"
}
],
"title": "CVE-2023-2136"
},
{
"cve": "CVE-2023-2137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2137"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2137",
"url": "https://www.suse.com/security/cve/CVE-2023-2137"
},
{
"category": "external",
"summary": "SUSE Bug 1210618 for CVE-2023-2137",
"url": "https://bugzilla.suse.com/1210618"
},
{
"category": "external",
"summary": "SUSE Bug 1210660 for CVE-2023-2137",
"url": "https://bugzilla.suse.com/1210660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-2137"
},
{
"cve": "CVE-2023-2721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2721"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2721",
"url": "https://www.suse.com/security/cve/CVE-2023-2721"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2721",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-2721"
},
{
"cve": "CVE-2023-2722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2722"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2722",
"url": "https://www.suse.com/security/cve/CVE-2023-2722"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2722",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-2722"
},
{
"cve": "CVE-2023-2723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2723"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2723",
"url": "https://www.suse.com/security/cve/CVE-2023-2723"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2723",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-2723"
},
{
"cve": "CVE-2023-2724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2724"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2724",
"url": "https://www.suse.com/security/cve/CVE-2023-2724"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2724",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-2724"
},
{
"cve": "CVE-2023-2725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2725"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2725",
"url": "https://www.suse.com/security/cve/CVE-2023-2725"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2725",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-2725"
},
{
"cve": "CVE-2023-2726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2726"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2726",
"url": "https://www.suse.com/security/cve/CVE-2023-2726"
},
{
"category": "external",
"summary": "SUSE Bug 1211442 for CVE-2023-2726",
"url": "https://bugzilla.suse.com/1211442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5 NonFree:opera-99.0.4788.13-lp155.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-05-27T12:01:50Z",
"details": "important"
}
],
"title": "CVE-2023-2726"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…