opensuse-su-2022:10254-1
Vulnerability from csaf_opensuse
Published
2022-12-31 15:01
Modified
2022-12-31 15:01
Summary
Security update for opera
Notes
Title of the patch
Security update for opera
Description of the patch
This update for opera fixes the following issues:
- Update to 94.0.4606.38
- CHR-9133 Update chromium on desktop-stable-108-4606 to
108.0.5359.125
- DNA-103624 Create JS API to open Search tabs feature
- DNA-104004 Improve welcome pop-up
- DNA-104053 Right mouse click open speed dial instead of
context menu
- DNA-104055 News article opens in active tab
- DNA-104084 [Suggestion] Introduce a way to remove the
Lucid Mode button
- DNA-104089 No crashes reported in soccoro for Linux
- The update to chromium 108.0.5359.125 fixes following issues:
CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439,
CVE-2022-4440
- Update to 94.0.4606.26
- CHR-9125 Update chromium on desktop-stable-108-4606 to
108.0.5359.99
- DNA-99207 WebUI popup/dropdown could be empty due to lack
of memory
- DNA-102882 [SD][News][Continue on][Suggestion] Do not focus
on opened page when opening in new tab
- DNA-103076 Release installer consent flow globally
- DNA-103137 Fix positioning in Web UI component
- DNA-103240 Re-use logic from popup for consent not set
in settings
- DNA-103540 Implement Autostart for Opera Desktop (except Poland)
- DNA-103636 Implement Lucid Mode for Videos
- DNA-103637 Implement Lucid Mode button on top of videos
- DNA-103638 Make Lucid Mode button on top of videos work
- DNA-103641 Implement Lucid Mode for Images
- DNA-103642 Updated design and animation for Lucid Mode button
on top of videos
- DNA-103650 Add Lucid Mode to Easy Setup
- DNA-103701 Move User Styles loading/saving to a separate
component
- DNA-103718 Record 'consent_given' stat for every session
- DNA-103724 Video detach button wont go away
- DNA-103757 Add click animation for Lucid Mode button on
top of videos
- DNA-103765 Console error with lucid mode flag off
- DNA-103770 Easy Setup switch doesn't get updated
- DNA-103771 Click animation should only show when turning
on Lucid Mode
- DNA-103773 Unable to access lucid mode settings section
directly
- DNA-103784 Investigate video buttons 'escaping'
- DNA-103800 Adapt Lucid Mode button to new design
- DNA-103836 Translations for O94
- DNA-103850 Label on detach button cut off
- DNA-103924 Popup windows of type TYPE_APP_POPUP have
incorrectly set minimum size
- DNA-103931 Wrong sidebar detection.
- DNA-103935 Change Lucid Mode Video (Sharpen videos) to
default off
- DNA-103949 Lucid Mode doesn't work in a private window
- DNA-103959 Unable to scroll down on player home page
- DNA-103962 [Settings] Remove 'Safety Check'
- DNA-104011 Turn on Lucid Mode on all streams
- DNA-104052 Hide Lucid Mode video button on Google Meet
- DNA-103930 Promote O94 to stable
- The update to chromium 108.0.5359.99 fixes following issues:
CVE-2022-4262
- Update to 93.0.4585.64
- DNA-102836 Make 1st screen of Consent Popup a little taller to
have more space under 'You can adjust your choices' label
- DNA-102934 Turn on building testlist on GOTH instead of
Buildbot
- DNA-102969 On some pages search popup don't work
- DNA-103053 Put consent flow settings in separate feature flag
- DNA-103054 Update consent settings to new design
- DNA-103062 Add opauto tests for consent flow settings
- DNA-103099 Set testlist_from in testlist generating script
- DNA-103240 Re-use logic from popup for consent not set in
settings
- DNA-103296 Force dark page break QR code in whats app
- DNA-103298 Stat for recording adblock whitelist is not sent in
every session
- DNA-103522 Missing translations for
IDS_CONSENT_FLOW_DATA_DESC_INTERESTS
- DNA-103526 search popup doesn't recognize some currencies
shortcut
- DNA-103530 Replace icons in sidebar setup
- DNA-103636 Implement Lucid Mode for Videos
- DNA-103637 Implement Lucid Mode button on top of videos
- DNA-103638 Make Lucid Mode button on top of videos work
- DNA-103641 Implement Lucid Mode for Images
- DNA-103642 Updated design and animation for Lucid Mode button
on top of videos
- DNA-103650 Add Lucid Mode to Easy Setup
- DNA-103701 Move User Styles loading/saving to a separate
component
- DNA-103718 Record 'consent_given' stat for every session
- DNA-103724 Video detach button wont go away
- DNA-103757 Add click animation for Lucid Mode button on
top of videos
- DNA-103765 Console error with lucid mode flag off
- DNA-103770 Easy Setup switch doesn't get updated
- DNA-103771 Click animation should only show when turning on
Lucid Mode
- DNA-103773 Unable to access lucid mode settings section
directly
- DNA-103784 Investigate video buttons 'escaping'
- DNA-103800 Adapt Lucid Mode button to new design
- DNA-103850 Label on detach button cut off
- DNA-103924 Popup windows of type TYPE_APP_POPUP have
incorrectly set minimum size
- DNA-103935 Change Lucid Mode Video (Sharpen videos) to
default off
- DNA-104011 Turn on Lucid Mode on all streams
Patchnames
openSUSE-2022-10254
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\n- Update to 94.0.4606.38\n - CHR-9133 Update chromium on desktop-stable-108-4606 to\n 108.0.5359.125\n - DNA-103624 Create JS API to open Search tabs feature\n - DNA-104004 Improve welcome pop-up\n - DNA-104053 Right mouse click open speed dial instead of\n context menu\n - DNA-104055 News article opens in active tab\n - DNA-104084 [Suggestion] Introduce a way to remove the\n Lucid Mode button\n - DNA-104089 No crashes reported in soccoro for Linux\n- The update to chromium 108.0.5359.125 fixes following issues: \n CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439,\n CVE-2022-4440\n\n- Update to 94.0.4606.26\n - CHR-9125 Update chromium on desktop-stable-108-4606 to\n 108.0.5359.99\n - DNA-99207 WebUI popup/dropdown could be empty due to lack\n of memory\n - DNA-102882 [SD][News][Continue on][Suggestion] Do not focus\n on opened page when opening in new tab\n - DNA-103076 Release installer consent flow globally\n - DNA-103137 Fix positioning in Web UI component\n - DNA-103240 Re-use logic from popup for consent not set\n in settings\n - DNA-103540 Implement Autostart for Opera Desktop (except Poland)\n - DNA-103636 Implement Lucid Mode for Videos\n - DNA-103637 Implement Lucid Mode button on top of videos\n - DNA-103638 Make Lucid Mode button on top of videos work\n - DNA-103641 Implement Lucid Mode for Images\n - DNA-103642 Updated design and animation for Lucid Mode button\n on top of videos\n - DNA-103650 Add Lucid Mode to Easy Setup\n - DNA-103701 Move User Styles loading/saving to a separate\n component\n - DNA-103718 Record \u0027consent_given\u0027 stat for every session\n - DNA-103724 Video detach button wont go away\n - DNA-103757 Add click animation for Lucid Mode button on\n top of videos\n - DNA-103765 Console error with lucid mode flag off\n - DNA-103770 Easy Setup switch doesn\u0027t get updated\n - DNA-103771 Click animation should only show when turning\n on Lucid Mode\n - DNA-103773 Unable to access lucid mode settings section\n directly\n - DNA-103784 Investigate video buttons \u0027escaping\u0027\n - DNA-103800 Adapt Lucid Mode button to new design\n - DNA-103836 Translations for O94\n - DNA-103850 Label on detach button cut off\n - DNA-103924 Popup windows of type TYPE_APP_POPUP have\n incorrectly set minimum size\n - DNA-103931 Wrong sidebar detection.\n - DNA-103935 Change Lucid Mode Video (Sharpen videos) to\n default off\n - DNA-103949 Lucid Mode doesn\u0027t work in a private window\n - DNA-103959 Unable to scroll down on player home page\n - DNA-103962 [Settings] Remove \u0027Safety Check\u0027\n - DNA-104011 Turn on Lucid Mode on all streams\n - DNA-104052 Hide Lucid Mode video button on Google Meet\n - DNA-103930 Promote O94 to stable\n- The update to chromium 108.0.5359.99 fixes following issues: \n CVE-2022-4262\n \n- Update to 93.0.4585.64\n - DNA-102836 Make 1st screen of Consent Popup a little taller to\n have more space under \u0027You can adjust your choices\u0027 label\n - DNA-102934 Turn on building testlist on GOTH instead of\n Buildbot\n - DNA-102969 On some pages search popup don\u0027t work\n - DNA-103053 Put consent flow settings in separate feature flag\n - DNA-103054 Update consent settings to new design\n - DNA-103062 Add opauto tests for consent flow settings\n - DNA-103099 Set testlist_from in testlist generating script\n - DNA-103240 Re-use logic from popup for consent not set in\n settings\n - DNA-103296 Force dark page break QR code in whats app\n - DNA-103298 Stat for recording adblock whitelist is not sent in\n every session\n - DNA-103522 Missing translations for\n IDS_CONSENT_FLOW_DATA_DESC_INTERESTS\n - DNA-103526 search popup doesn\u0027t recognize some currencies\n shortcut\n - DNA-103530 Replace icons in sidebar setup\n - DNA-103636 Implement Lucid Mode for Videos\n - DNA-103637 Implement Lucid Mode button on top of videos\n - DNA-103638 Make Lucid Mode button on top of videos work\n - DNA-103641 Implement Lucid Mode for Images\n - DNA-103642 Updated design and animation for Lucid Mode button\n on top of videos\n - DNA-103650 Add Lucid Mode to Easy Setup\n - DNA-103701 Move User Styles loading/saving to a separate\n component\n - DNA-103718 Record \u0027consent_given\u0027 stat for every session\n - DNA-103724 Video detach button wont go away\n - DNA-103757 Add click animation for Lucid Mode button on\n top of videos\n - DNA-103765 Console error with lucid mode flag off\n - DNA-103770 Easy Setup switch doesn\u0027t get updated\n - DNA-103771 Click animation should only show when turning on\n Lucid Mode\n - DNA-103773 Unable to access lucid mode settings section\n directly\n - DNA-103784 Investigate video buttons \u0027escaping\u0027\n - DNA-103800 Adapt Lucid Mode button to new design\n - DNA-103850 Label on detach button cut off\n - DNA-103924 Popup windows of type TYPE_APP_POPUP have\n incorrectly set minimum size\n - DNA-103935 Change Lucid Mode Video (Sharpen videos) to\n default off\n - DNA-104011 Turn on Lucid Mode on all streams\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-10254",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10254-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:10254-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:10254-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4262 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4436 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4437 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4438 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4438/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4439 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4439/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4440 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4440/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2022-12-31T15:01:26Z",
"generator": {
"date": "2022-12-31T15:01:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:10254-1",
"initial_release_date": "2022-12-31T15:01:26Z",
"revision_history": [
{
"date": "2022-12-31T15:01:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-94.0.4606.38-lp154.2.35.1.x86_64",
"product": {
"name": "opera-94.0.4606.38-lp154.2.35.1.x86_64",
"product_id": "opera-94.0.4606.38-lp154.2.35.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.4 NonFree",
"product": {
"name": "openSUSE Leap 15.4 NonFree",
"product_id": "openSUSE Leap 15.4 NonFree",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-94.0.4606.38-lp154.2.35.1.x86_64 as component of openSUSE Leap 15.4 NonFree",
"product_id": "openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
},
"product_reference": "opera-94.0.4606.38-lp154.2.35.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-4262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4262"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4262",
"url": "https://www.suse.com/security/cve/CVE-2022-4262"
},
{
"category": "external",
"summary": "SUSE Bug 1205999 for CVE-2022-4262",
"url": "https://bugzilla.suse.com/1205999"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4262"
},
{
"cve": "CVE-2022-4436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4436"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4436",
"url": "https://www.suse.com/security/cve/CVE-2022-4436"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4436",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4436"
},
{
"cve": "CVE-2022-4437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4437"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4437",
"url": "https://www.suse.com/security/cve/CVE-2022-4437"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4437",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4437"
},
{
"cve": "CVE-2022-4438",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4438"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4438",
"url": "https://www.suse.com/security/cve/CVE-2022-4438"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4438",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4438"
},
{
"cve": "CVE-2022-4439",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4439"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4439",
"url": "https://www.suse.com/security/cve/CVE-2022-4439"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4439",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4439"
},
{
"cve": "CVE-2022-4440",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4440"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4440",
"url": "https://www.suse.com/security/cve/CVE-2022-4440"
},
{
"category": "external",
"summary": "SUSE Bug 1206403 for CVE-2022-4440",
"url": "https://bugzilla.suse.com/1206403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-31T15:01:26Z",
"details": "important"
}
],
"title": "CVE-2022-4440"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…