Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-38003 (GCVE-0-2021-38003)
Vulnerability from cvelistv5 – Published: 2021-11-23 21:30 – Updated: 2025-10-21 23:25
VLAI?
EPSS
CISA KEV
Summary
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
8.8 (High)
CWE
- Inappropriate implementation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://chromereleases.googleblog.com/2021/10/sta… | x_refsource_MISC |
| https://crbug.com/1263462 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2022/dsa-5046 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: c943b03e-cf91-4347-bb52-de0315c940f9
Exploited: Yes
Timestamps
First Seen: 2021-11-03
Asserted: 2021-11-03
Scope
Notes: KEV entry: Google Chromium V8 Memory Corruption Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-38003
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-122 CWE-755 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Chromium V8 |
| Due Date | 2021-11-17 |
| Date Added | 2021-11-03 |
| Vendorproject | |
| Vulnerabilityname | Google Chromium V8 Memory Corruption Vulnerability |
| Knownransomwarecampaignuse | Unknown |
References
Created: 2026-02-02 12:28 UTC
| Updated: 2026-02-06 07:17 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1263462"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-38003",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:50:22.850976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:24.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2021-38003 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "95.0.4638.69",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-15T14:08:16.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1263462"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-38003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "95.0.4638.69"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"name": "https://crbug.com/1263462",
"refsource": "MISC",
"url": "https://crbug.com/1263462"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2021-38003",
"datePublished": "2021-11-23T21:30:31.000Z",
"dateReserved": "2021-08-03T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:24.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2021-38003",
"cwes": "[\"CWE-122\", \"CWE-755\"]",
"dateAdded": "2021-11-03",
"dueDate": "2021-11-17",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-38003",
"product": "Chromium V8",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
"vendorProject": "Google",
"vulnerabilityName": "Google Chromium V8 Memory Corruption Vulnerability"
},
"epss": {
"cve": "CVE-2021-38003",
"date": "2026-05-21",
"epss": "0.65705",
"percentile": "0.98518"
},
"fkie_nvd": {
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Google Chromium V8 Memory Corruption Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"95.0.4638.69\", \"matchCriteriaId\": \"B625BE9F-2418-44C9-8974-DFD6430CBD46\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"}, {\"lang\": \"es\", \"value\": \"Una implementaci\\u00f3n inapropiada de V8 en Google Chrome versiones anteriores a 95.0.4638.69, permit\\u00eda a un atacante remoto explotar potencialmente la corrupci\\u00f3n de la pila por medio de una p\\u00e1gina HTML dise\\u00f1ada\"}]",
"id": "CVE-2021-38003",
"lastModified": "2024-11-21T06:16:14.770",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-11-23T22:15:07.937",
"references": "[{\"url\": \"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://crbug.com/1263462\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5046\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://crbug.com/1263462\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5046\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-38003\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2021-11-23T22:15:07.937\",\"lastModified\":\"2025-10-24T14:10:04.320\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Una implementaci\u00f3n inapropiada de V8 en Google Chrome versiones anteriores a 95.0.4638.69, permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Google Chromium V8 Memory Corruption Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"95.0.4638.69\",\"matchCriteriaId\":\"B625BE9F-2418-44C9-8974-DFD6430CBD46\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://crbug.com/1263462\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5046\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://crbug.com/1263462\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://crbug.com/1263462\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\", \"name\": \"FEDORA-2021-6a292e2cf4\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5046\", \"name\": \"DSA-5046\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T01:30:09.213Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-38003\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T16:50:22.850976Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2021-38003 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-755\", \"description\": \"CWE-755 Improper Handling of Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T16:49:47.124Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"95.0.4638.69\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://crbug.com/1263462\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\", \"name\": \"FEDORA-2021-6a292e2cf4\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5046\", \"name\": \"DSA-5046\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Inappropriate implementation\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2022-01-15T14:08:16.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"95.0.4638.69\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Chrome\"}]}, \"vendor_name\": \"Google\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\", \"name\": \"https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://crbug.com/1263462\", \"name\": \"https://crbug.com/1263462\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\", \"name\": \"FEDORA-2021-6a292e2cf4\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5046\", \"name\": \"DSA-5046\", \"refsource\": \"DEBIAN\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Inappropriate implementation\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-38003\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"chrome-cve-admin@google.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-38003\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:25:24.322Z\", \"dateReserved\": \"2021-08-03T00:00:00.000Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2021-11-23T21:30:31.000Z\", \"assignerShortName\": \"Chrome\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2021-AVI-831
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Google indique qu'il existe des codes d'exploitation fonctionnels pour les vulnérabilités CVE-2021-38000 et CVE-2021-38003.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 95.0.4638.69",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38000"
},
{
"name": "CVE-2021-37999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37999"
},
{
"name": "CVE-2021-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37997"
},
{
"name": "CVE-2021-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38003"
},
{
"name": "CVE-2021-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38001"
},
{
"name": "CVE-2021-38002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38002"
},
{
"name": "CVE-2021-37998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37998"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-831",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nGoogle indique qu\u0027il existe des codes d\u0027exploitation fonctionnels pour\nles vuln\u00e9rabilit\u00e9s\u00a0CVE-2021-38000 et CVE-2021-38003.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 28 octobre 2021",
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
}
]
}
CERTFR-2021-AVI-831
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Google indique qu'il existe des codes d'exploitation fonctionnels pour les vulnérabilités CVE-2021-38000 et CVE-2021-38003.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome versions ant\u00e9rieures \u00e0 95.0.4638.69",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38000"
},
{
"name": "CVE-2021-37999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37999"
},
{
"name": "CVE-2021-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37997"
},
{
"name": "CVE-2021-38003",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38003"
},
{
"name": "CVE-2021-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38001"
},
{
"name": "CVE-2021-38002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38002"
},
{
"name": "CVE-2021-37998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37998"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-831",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nGoogle indique qu\u0027il existe des codes d\u0027exploitation fonctionnels pour\nles vuln\u00e9rabilit\u00e9s\u00a0CVE-2021-38000 et CVE-2021-38003.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 28 octobre 2021",
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
}
]
}
BDU:2021-05227
Vulnerability from fstec - Published: 28.10.2021
VLAI Severity ?
Title
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю получить доступ к системе
Description
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome связана с ошибками при проверке безопасности стандартных элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к системе
Severity ?
Vendor
ООО «РусБИТех-Астра», Google Inc, АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Google Chrome, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), до 95.0.4638.69 (Google Chrome), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.4 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций:
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Для Astra Linux:
Использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для ОСОН Основа:
Обновление программного обеспечения chromium до версии 95.0.4638.69+repack-1osnova1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets
Для ОС Astra Linux 1.6 «Смоленск»:
обновить пакет chromium до 103.0.5060.134-0astragost0+ci202208041321+astra5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Reference
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
https://www.anti-malware.ru/news/2021-10-29-111332/37332
https://www.cybersecurity-help.cz/vdb/SB2021102808
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
CWE
CWE-358
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Google Inc, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), \u0434\u043e 95.0.4638.69 (Google Chrome), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.4 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\n\n\u0414\u043b\u044f Astra Linux:\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 95.0.4638.69+repack-1osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 103.0.5060.134-0astragost0+ci202208041321+astra5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.10.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.10.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-05227",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-38003",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Google Chrome, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 JavaScript-\u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 V8 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 (CWE-358)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 JavaScript-\u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 V8 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html\nhttps://www.anti-malware.ru/news/2021-10-29-111332/37332\nhttps://www.cybersecurity-help.cz/vdb/SB2021102808\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-358",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
CNVD-2021-99260
Vulnerability from cnvd - Published: 2021-12-13
VLAI Severity ?
Title
Google Chrome V8实现不当漏洞(CNVD-2021-99260)
Description
Chrome是由Google开发的一款设计简单、高效的Web浏览工具。
Google Chrome 95.0.4638.69之前版本存在V8实现不当漏洞。攻击者可利用该漏洞通过精心制作的HTML页面潜在的造成堆损坏。
Severity
中
Patch Name
Google Chrome V8实现不当漏洞(CNVD-2021-99260)的补丁
Patch Description
Chrome是由Google开发的一款设计简单、高效的Web浏览工具。
Google Chrome 95.0.4638.69之前版本存在V8实现不当漏洞。攻击者可利用该漏洞通过精心制作的HTML页面潜在的造成堆损坏。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新:https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Reference
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
Impacted products
| Name | Google Chrome <95.0.4638.69 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-38003",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-38003"
}
},
"description": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\n\nGoogle Chrome 95.0.4638.69\u4e4b\u524d\u7248\u672c\u5b58\u5728V8\u5b9e\u73b0\u4e0d\u5f53\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u6f5c\u5728\u7684\u9020\u6210\u5806\u635f\u574f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-99260",
"openTime": "2021-12-13",
"patchDescription": "Chrome\u662f\u7531Google\u5f00\u53d1\u7684\u4e00\u6b3e\u8bbe\u8ba1\u7b80\u5355\u3001\u9ad8\u6548\u7684Web\u6d4f\u89c8\u5de5\u5177\u3002\r\n\r\nGoogle Chrome 95.0.4638.69\u4e4b\u524d\u7248\u672c\u5b58\u5728V8\u5b9e\u73b0\u4e0d\u5f53\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7cbe\u5fc3\u5236\u4f5c\u7684HTML\u9875\u9762\u6f5c\u5728\u7684\u9020\u6210\u5806\u635f\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome V8\u5b9e\u73b0\u4e0d\u5f53\u6f0f\u6d1e\uff08CNVD-2021-99260\uff09\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c95.0.4638.69"
},
"referenceLink": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"serverity": "\u4e2d",
"submitTime": "2021-10-29",
"title": "Google Chrome V8\u5b9e\u73b0\u4e0d\u5f53\u6f0f\u6d1e\uff08CNVD-2021-99260\uff09"
}
FKIE_CVE-2021-38003
Vulnerability from fkie_nvd - Published: 2021-11-23 22:15 - Updated: 2025-10-24 14:10
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Google Chromium V8 Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B625BE9F-2418-44C9-8974-DFD6430CBD46",
"versionEndExcluding": "95.0.4638.69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
},
{
"lang": "es",
"value": "Una implementaci\u00f3n inapropiada de V8 en Google Chrome versiones anteriores a 95.0.4638.69, permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada"
}
],
"id": "CVE-2021-38003",
"lastModified": "2025-10-24T14:10:04.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-11-23T22:15:07.937",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://crbug.com/1263462"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://crbug.com/1263462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-4XX3-XG55-3WR5
Vulnerability from github – Published: 2021-11-24 00:00 – Updated: 2025-10-22 00:32
VLAI?
Details
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2021-38003"
],
"database_specific": {
"cwe_ids": [
"CWE-755",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-23T22:15:00Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-4xx3-xg55-3wr5",
"modified": "2025-10-22T00:32:26Z",
"published": "2021-11-24T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38003"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1263462"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-38003"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2021-38003
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-38003",
"description": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2021-38003",
"references": [
"https://www.suse.com/security/cve/CVE-2021-38003.html",
"https://www.debian.org/security/2022/dsa-5046",
"https://advisories.mageia.org/CVE-2021-38003.html",
"https://security.archlinux.org/CVE-2021-38003"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-38003"
],
"details": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2021-38003",
"modified": "2023-12-13T01:23:17.380268Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2021-38003",
"dateAdded": "2021-11-03",
"dueDate": "2021-11-17",
"product": "Chromium V8 Engine",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "",
"vendorProject": "Google",
"vulnerabilityName": "Google Chromium V8 Incorrect Implementation Vulnerability"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-38003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "95.0.4638.69"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"name": "https://crbug.com/1263462",
"refsource": "MISC",
"url": "https://crbug.com/1263462"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5046"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "95.0.4638.69",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-38003"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html"
},
{
"name": "https://crbug.com/1263462",
"refsource": "MISC",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://crbug.com/1263462"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-02-18T21:15Z",
"publishedDate": "2021-11-23T22:15Z"
}
}
}
OPENSUSE-SU-2021:1462-1
Vulnerability from csaf_opensuse - Published: 2021-11-08 14:24 - Updated: 2021-11-08 14:24Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Chromium 95.0.4638.69 (boo#1192184):
* CVE-2021-37997: Use after free in Sign-In
* CVE-2021-37998: Use after free in Garbage Collection
* CVE-2021-37999: Insufficient data validation in New Tab Page
* CVE-2021-38000: Insufficient validation of untrusted input in Intents
* CVE-2021-38001: Type Confusion in V8
* CVE-2021-38002: Use after free in Web Transport
* CVE-2021-38003: Inappropriate implementation in V8
Patchnames: openSUSE-2021-1462
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.1 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium 95.0.4638.69 (boo#1192184):\n\n* CVE-2021-37997: Use after free in Sign-In\n* CVE-2021-37998: Use after free in Garbage Collection\n* CVE-2021-37999: Insufficient data validation in New Tab Page\n* CVE-2021-38000: Insufficient validation of untrusted input in Intents\n* CVE-2021-38001: Type Confusion in V8\n* CVE-2021-38002: Use after free in Web Transport\n* CVE-2021-38003: Inappropriate implementation in V8\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1462",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1462-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1462-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LILU2Q77SAPFWPTS2P4ZOLY6WZ3NJCJN/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1462-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LILU2Q77SAPFWPTS2P4ZOLY6WZ3NJCJN/"
},
{
"category": "self",
"summary": "SUSE Bug 1192184",
"url": "https://bugzilla.suse.com/1192184"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37997 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37998 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37999 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38000 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38001 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38002 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38003 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38003/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-11-08T14:24:30Z",
"generator": {
"date": "2021-11-08T14:24:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1462-1",
"initial_release_date": "2021-11-08T14:24:30Z",
"revision_history": [
{
"date": "2021-11-08T14:24:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"product": {
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"product_id": "chromedriver-95.0.4638.69-bp153.2.40.3.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"product": {
"name": "chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"product_id": "chromium-95.0.4638.69-bp153.2.40.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"product": {
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"product_id": "chromedriver-95.0.4638.69-bp153.2.40.3.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"product": {
"name": "chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"product_id": "chromium-95.0.4638.69-bp153.2.40.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64"
},
"product_reference": "chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64"
},
"product_reference": "chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-95.0.4638.69-bp153.2.40.3.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64"
},
"product_reference": "chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-95.0.4638.69-bp153.2.40.3.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
},
"product_reference": "chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64"
},
"product_reference": "chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64"
},
"product_reference": "chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-95.0.4638.69-bp153.2.40.3.aarch64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64"
},
"product_reference": "chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-95.0.4638.69-bp153.2.40.3.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
},
"product_reference": "chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64"
},
"product_reference": "chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-95.0.4638.69-bp153.2.40.3.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64"
},
"product_reference": "chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-95.0.4638.69-bp153.2.40.3.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64"
},
"product_reference": "chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-95.0.4638.69-bp153.2.40.3.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
},
"product_reference": "chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37997"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37997",
"url": "https://www.suse.com/security/cve/CVE-2021-37997"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37997",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-08T14:24:30Z",
"details": "critical"
}
],
"title": "CVE-2021-37997"
},
{
"cve": "CVE-2021-37998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37998"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37998",
"url": "https://www.suse.com/security/cve/CVE-2021-37998"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37998",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-08T14:24:30Z",
"details": "critical"
}
],
"title": "CVE-2021-37998"
},
{
"cve": "CVE-2021-37999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37999"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37999",
"url": "https://www.suse.com/security/cve/CVE-2021-37999"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37999",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-08T14:24:30Z",
"details": "critical"
}
],
"title": "CVE-2021-37999"
},
{
"cve": "CVE-2021-38000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38000"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38000",
"url": "https://www.suse.com/security/cve/CVE-2021-38000"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38000",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-08T14:24:30Z",
"details": "critical"
}
],
"title": "CVE-2021-38000"
},
{
"cve": "CVE-2021-38001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38001"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38001",
"url": "https://www.suse.com/security/cve/CVE-2021-38001"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38001",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-08T14:24:30Z",
"details": "critical"
}
],
"title": "CVE-2021-38001"
},
{
"cve": "CVE-2021-38002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38002"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38002",
"url": "https://www.suse.com/security/cve/CVE-2021-38002"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38002",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-08T14:24:30Z",
"details": "critical"
}
],
"title": "CVE-2021-38002"
},
{
"cve": "CVE-2021-38003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38003"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38003",
"url": "https://www.suse.com/security/cve/CVE-2021-38003"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38003",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"SUSE Package Hub 15 SP3:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.2:chromium-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromedriver-95.0.4638.69-bp153.2.40.3.x86_64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.aarch64",
"openSUSE Leap 15.3:chromium-95.0.4638.69-bp153.2.40.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-11-08T14:24:30Z",
"details": "critical"
}
],
"title": "CVE-2021-38003"
}
]
}
OPENSUSE-SU-2022:0047-1
Vulnerability from csaf_opensuse - Published: 2022-02-20 17:01 - Updated: 2022-02-20 17:01Summary
Security update for opera
Severity
Important
Notes
Title of the patch: Security update for opera
Description of the patch: This update for opera fixes the following issues:
Update to 83.0.4254.27
- CHR-8737 Update chromium on desktop-stable-97-4254 to
97.0.4692.99
- DNA-96336 [Mac] Translate new network installer slogan
- DNA-96678 Add battery level monitoring capability to
powerSavePrivate
- DNA-96939 Crash at
opera::ExternalVideoService::MarkAsManuallyClosed()
- DNA-97276 Enable #static-tab-audio-indicator on all streams
- The update to chromium 97.0.4692.99 fixes following issues:
CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292,
CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296,
CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301,
CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306,
CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310,
CVE-2022-0311
Update to 83.0.4254.19
- DNA-96079 Turn on #automatic-video-popout on developer
- DNA-97070 Opera 83 translations
- DNA-97119 [LastCard] Stop showing used burner cards
- DNA-97131 Enable automatic-video-popout on all streams from
O84 on
- DNA-97257 Crash at
views::ImageButton::SetMinimumImageSize(gfx::Size const&)
- DNA-97259 Promote O83 to stable
- Complete Opera 83.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-83/
- Update to 83.0.4254.16
- DNA-96968 Fix alignment of the 'Advanced' button in Settings
- Update to 83.0.4254.14
- CHR-8701 Update chromium on desktop-stable-97-4254 to
97.0.4692.45
- CHR-8713 Update chromium on desktop-stable-97-4254 to
97.0.4692.56
- CHR-8723 Update chromium on desktop-stable-97-4254 to
97.0.4692.71
- DNA-96780 Crash at
ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)
- DNA-96822 Tab close resize behavior change
- DNA-96861 Create Loomi Options menu
- DNA-96904 Support Win11 snap layout popup
- DNA-96951 Tab close animation broken
- DNA-96991 Tab X button doesn’t work correctly
- DNA-97027 Incorrect tab size after tab close
- The update to chromium 97.0.4692.71 fixes following issues:
CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099,
CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103,
CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106,
CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110,
CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113,
CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117,
CVE-2022-0118, CVE-2022-0120
- Update to version 82.0.4227.58
- DNA-96780 Crash at
ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)
- DNA-96890 Settings default browser not working for current
user on Windows 7
- Update to version 82.0.4227.43
- CHR-8705 Update chromium on desktop-stable-96-4227 to
96.0.4664.110
- DNA-93284 Unstable
obj/opera/desktop/common/installer_rc_generated/installer.res
- DNA-95908 Interstitial/internal pages shown as NOT SECURE
after visiting http site
- DNA-96404 Opera doesn’t show on main screen when second screen
is abruptly disconnected
- The update to chromium 96.0.4664.110 fixes following issues:
CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101,
CVE-2021-4102
- Update to version 82.0.4227.33
- CHR-8689 Update chromium on desktop-stable-96-4227 to
96.0.4664.93
- DNA-96559 Tooltip popup looks bad in dark theme
- DNA-96570 [Player] Tidal logging in via PLAY doesn’t work
- DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks
- DNA-96649 Update Meme button
- DNA-96676 Add Icon in the Sidebar Setup
- DNA-96677 Add default URL
- The update to chromium 96.0.4664.93 fixes following issues:
CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054,
CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057,
CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062,
CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066,
CVE-2021-4067, CVE-2021-4068
- Update to version 82.0.4227.23
- DNA-95632 With new au-logic UUID is set with delay and may be
not set for pb-builds (when closing fast)
- DNA-96349 Laggy tooltip animation
- DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap
version for Opera 82
- DNA-96493 Create 'small' enticement in credit card autofill
- DNA-96533 Opera 82 translations
- DNA-96535 Make the URL configurable
- DNA-96553 Add switch to whitelist test pages
- DNA-96557 Links not opened from panel
- DNA-96558 AdBlock bloks some trackers inside the panel
- DNA-96568 [Player] Tidal in sidebar Player opens wrong site
when logging in
- DNA-96659 Siteprefs not applied after network service crash
- DNA-96593 Promote O82 to stable
- Complete Opera 82.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-82/
- Update to version 82.0.4227.13
- CHR-8668 Update chromium on desktop-stable-96-4227 to
96.0.4664.45
- DNA-76987 [Mac] Update desktop EULA with geolocation split
- DNA-93388 Problem with symlinks on windows when creating
file list
- DNA-95734 Discarded Recently Closed items get revived
after restart
- DNA-96134 'Your profile has been updated' does not disappear
- DNA-96190 Opera freezes when trying to drag expanded
bookmark folder with nested subfolders
- DNA-96223 Easy Files not working in Full Screen
- DNA-96274 Checkout autofill shouldn't show used burner card
- DNA-96275 Change the notification message for pausing
multi-use cards
- DNA-96295 'Video pop out' setting doesn't sync
- DNA-96316 Highlight text wrong colour on dark mode
- DNA-96326 Wrong translation Private Mode > Turkish
- DNA-96351 macOS window controls are missing in full screen
- DNA-96440 Update video URL
- DNA-96448 add option to pin extension via rich hints
- DNA-96453 Register user-chosen option on client-side, read on
hint side
- DNA-96454 Choosing an option from the settings menu should
close the popup
- DNA-96484 Enable AB test for a new autoupdater logic (for 50%)
- DNA-96500 Add 'don't show me again' prefs to allowed whitelist
- DNA-96538 Inline audiocomplete for www.mediaexpert.pl
incorrectly suggested
- The update to chromium 96.0.4664.45 fixes following issues:
CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008,
CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012,
CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016,
CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021,
CVE-2021-38022
- Update to version 81.0.4196.54
- CHR-8644 Update chromium on desktop-stable-95-4196 to
95.0.4638.69
- DNA-95773 ExtensionWebRequestApiTest crashes on mac
- DNA-96062 Opera 81 translations
- DNA-96134 “Your profile has been updated’ does not disappear
- DNA-96274 Checkout autofill shouldn’t show used burner card
- DNA-96275 Change the notification message for pausing
multi-use cards
- DNA-96440 Update video URL
- The update to chromium 95.0.4638.69 fixes following issues:
CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980,
CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004
- Update to version 81.0.4196.37
- DNA-96008 Crash at
content::WebContentsImpl::OpenURL(content::OpenURLParams const&)
- DNA-96032 Closing the videoconference pop-up force leaving
the meeting
- DNA-96092 Crash at void
opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result)
- DNA-96142 [Yat] Emoji icon cut off in URL for Yat
Patchnames: openSUSE-2022-47
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
307 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\nUpdate to 83.0.4254.27\n\n - CHR-8737 Update chromium on desktop-stable-97-4254 to\n 97.0.4692.99\n - DNA-96336 [Mac] Translate new network installer slogan\n - DNA-96678 Add battery level monitoring capability to\n powerSavePrivate\n - DNA-96939 Crash at \n opera::ExternalVideoService::MarkAsManuallyClosed()\n - DNA-97276 Enable #static-tab-audio-indicator on all streams\n\n- The update to chromium 97.0.4692.99 fixes following issues:\n CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292,\n CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296,\n CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301,\n CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306,\n CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310,\n CVE-2022-0311\n\nUpdate to 83.0.4254.19\n\n - DNA-96079 Turn on #automatic-video-popout on developer\n - DNA-97070 Opera 83 translations\n - DNA-97119 [LastCard] Stop showing used burner cards\n - DNA-97131 Enable automatic-video-popout on all streams from\n O84 on\n - DNA-97257 Crash at \n views::ImageButton::SetMinimumImageSize(gfx::Size const\u0026)\n - DNA-97259 Promote O83 to stable\n\n- Complete Opera 83.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-83/\n\n- Update to 83.0.4254.16\n\n - DNA-96968 Fix alignment of the \u0027Advanced\u0027 button in Settings\n\n- Update to 83.0.4254.14\n\n - CHR-8701 Update chromium on desktop-stable-97-4254 to\n 97.0.4692.45\n - CHR-8713 Update chromium on desktop-stable-97-4254 to\n 97.0.4692.56\n - CHR-8723 Update chromium on desktop-stable-97-4254 to\n 97.0.4692.71\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96822 Tab close resize behavior change\n - DNA-96861 Create Loomi Options menu\n - DNA-96904 Support Win11 snap layout popup\n - DNA-96951 Tab close animation broken\n - DNA-96991 Tab X button doesn\u2019t work correctly\n - DNA-97027 Incorrect tab size after tab close\n- The update to chromium 97.0.4692.71 fixes following issues:\n CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099,\n CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103,\n CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106,\n CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110,\n CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113,\n CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117,\n CVE-2022-0118, CVE-2022-0120\n\n- Update to version 82.0.4227.58\n\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96890 Settings default browser not working for current\n user on Windows 7\n\n- Update to version 82.0.4227.43\n\n - CHR-8705 Update chromium on desktop-stable-96-4227 to\n 96.0.4664.110\n - DNA-93284 Unstable\n obj/opera/desktop/common/installer_rc_generated/installer.res\n - DNA-95908 Interstitial/internal pages shown as NOT SECURE\n after visiting http site\n - DNA-96404 Opera doesn\u2019t show on main screen when second screen\n is abruptly disconnected\n\n- The update to chromium 96.0.4664.110 fixes following issues:\n CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101,\n CVE-2021-4102\n\n- Update to version 82.0.4227.33\n\n - CHR-8689 Update chromium on desktop-stable-96-4227 to\n 96.0.4664.93\n - DNA-96559 Tooltip popup looks bad in dark theme\n - DNA-96570 [Player] Tidal logging in via PLAY doesn\u2019t work\n - DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks\n - DNA-96649 Update Meme button\n - DNA-96676 Add Icon in the Sidebar Setup\n - DNA-96677 Add default URL\n- The update to chromium 96.0.4664.93 fixes following issues:\n CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054,\n CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057,\n CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062,\n CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066,\n CVE-2021-4067, CVE-2021-4068\n\n- Update to version 82.0.4227.23\n\n - DNA-95632 With new au-logic UUID is set with delay and may be\n not set for pb-builds (when closing fast)\n - DNA-96349 Laggy tooltip animation\n - DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap\n version for Opera 82\n - DNA-96493 Create \u0027small\u0027 enticement in credit card autofill\n - DNA-96533 Opera 82 translations\n - DNA-96535 Make the URL configurable\n - DNA-96553 Add switch to whitelist test pages\n - DNA-96557 Links not opened from panel\n - DNA-96558 AdBlock bloks some trackers inside the panel\n - DNA-96568 [Player] Tidal in sidebar Player opens wrong site\n when logging in\n - DNA-96659 Siteprefs not applied after network service crash\n - DNA-96593 Promote O82 to stable\n\n- Complete Opera 82.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-82/\n\n- Update to version 82.0.4227.13\n\n - CHR-8668 Update chromium on desktop-stable-96-4227 to\n 96.0.4664.45\n - DNA-76987 [Mac] Update desktop EULA with geolocation split\n - DNA-93388 Problem with symlinks on windows when creating\n file list\n - DNA-95734 Discarded Recently Closed items get revived\n after restart\n - DNA-96134 \u0027Your profile has been updated\u0027 does not disappear\n - DNA-96190 Opera freezes when trying to drag expanded\n bookmark folder with nested subfolders\n - DNA-96223 Easy Files not working in Full Screen\n - DNA-96274 Checkout autofill shouldn\u0027t show used burner card\n - DNA-96275 Change the notification message for pausing\n multi-use cards\n - DNA-96295 \u0027Video pop out\u0027 setting doesn\u0027t sync\n - DNA-96316 Highlight text wrong colour on dark mode\n - DNA-96326 Wrong translation Private Mode \u003e Turkish\n - DNA-96351 macOS window controls are missing in full screen\n - DNA-96440 Update video URL\n - DNA-96448 add option to pin extension via rich hints\n - DNA-96453 Register user-chosen option on client-side, read on\n hint side\n - DNA-96454 Choosing an option from the settings menu should\n close the popup\n - DNA-96484 Enable AB test for a new autoupdater logic (for 50%)\n - DNA-96500 Add \u0027don\u0027t show me again\u0027 prefs to allowed whitelist\n - DNA-96538 Inline audiocomplete for www.mediaexpert.pl\n incorrectly suggested\n- The update to chromium 96.0.4664.45 fixes following issues:\n CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008,\n CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012,\n CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016,\n CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021,\n CVE-2021-38022\n \n\n- Update to version 81.0.4196.54\n\n - CHR-8644 Update chromium on desktop-stable-95-4196 to\n 95.0.4638.69\n - DNA-95773 ExtensionWebRequestApiTest crashes on mac\n - DNA-96062 Opera 81 translations\n - DNA-96134 \u201cYour profile has been updated\u2019 does not disappear\n - DNA-96274 Checkout autofill shouldn\u2019t show used burner card\n - DNA-96275 Change the notification message for pausing\n multi-use cards\n - DNA-96440 Update video URL\n\n- The update to chromium 95.0.4638.69 fixes following issues:\n CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980,\n CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004 \n\n- Update to version 81.0.4196.37\n\n - DNA-96008 Crash at\n content::WebContentsImpl::OpenURL(content::OpenURLParams const\u0026)\n - DNA-96032 Closing the videoconference pop-up force leaving\n the meeting\n - DNA-96092 Crash at void\n opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result)\n - DNA-96142 [Yat] Emoji icon cut off in URL for Yat\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-47",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0047-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0047-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JVEGWNKSSGZPVVLVJKNT5ZEY54Z5RLV4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0047-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JVEGWNKSSGZPVVLVJKNT5ZEY54Z5RLV4/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37997 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37998 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37999 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38001 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38002 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38003 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38004 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38005 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38006 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38007 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38009 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38010 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38011 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38012 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38013 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38014 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38015 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38016 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38017 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38019 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38020 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38021 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38022 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4052 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4053 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4054 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4055 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4056 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4057 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4058 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4059 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4061 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4062 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4063 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4064 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4065 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4066 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4067 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4078 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4098 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4099 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4100 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4101 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4102 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0096 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0097 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0098 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0099 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0100 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0101 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0102 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0103 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0104 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0105 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0106 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0107 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0108 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0109 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0110 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0111 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0112 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0113 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0114 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0115 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0116 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0117 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0118 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0120 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0289 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0290 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0291 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0292 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0293 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0294 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0295 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0296 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0297 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0298 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0300 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0301 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0302 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0304 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0305 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0306 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0306/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0307 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0308 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0309 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0310 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0311 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0311/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2022-02-20T17:01:21Z",
"generator": {
"date": "2022-02-20T17:01:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0047-1",
"initial_release_date": "2022-02-20T17:01:21Z",
"revision_history": [
{
"date": "2022-02-20T17:01:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-83.0.4254.27-lp153.2.33.1.x86_64",
"product": {
"name": "opera-83.0.4254.27-lp153.2.33.1.x86_64",
"product_id": "opera-83.0.4254.27-lp153.2.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3 NonFree",
"product": {
"name": "openSUSE Leap 15.3 NonFree",
"product_id": "openSUSE Leap 15.3 NonFree",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-83.0.4254.27-lp153.2.33.1.x86_64 as component of openSUSE Leap 15.3 NonFree",
"product_id": "openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
},
"product_reference": "opera-83.0.4254.27-lp153.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37980"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37980",
"url": "https://www.suse.com/security/cve/CVE-2021-37980"
},
{
"category": "external",
"summary": "SUSE Bug 1191463 for CVE-2021-37980",
"url": "https://bugzilla.suse.com/1191463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "moderate"
}
],
"title": "CVE-2021-37980"
},
{
"cve": "CVE-2021-37997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37997"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37997",
"url": "https://www.suse.com/security/cve/CVE-2021-37997"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37997",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-37997"
},
{
"cve": "CVE-2021-37998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37998"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37998",
"url": "https://www.suse.com/security/cve/CVE-2021-37998"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37998",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-37998"
},
{
"cve": "CVE-2021-37999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37999"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37999",
"url": "https://www.suse.com/security/cve/CVE-2021-37999"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37999",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-37999"
},
{
"cve": "CVE-2021-38001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38001"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38001",
"url": "https://www.suse.com/security/cve/CVE-2021-38001"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38001",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38001"
},
{
"cve": "CVE-2021-38002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38002"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38002",
"url": "https://www.suse.com/security/cve/CVE-2021-38002"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38002",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38002"
},
{
"cve": "CVE-2021-38003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38003"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38003",
"url": "https://www.suse.com/security/cve/CVE-2021-38003"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38003",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38003"
},
{
"cve": "CVE-2021-38004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38004"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38004",
"url": "https://www.suse.com/security/cve/CVE-2021-38004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "moderate"
}
],
"title": "CVE-2021-38004"
},
{
"cve": "CVE-2021-38005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38005"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38005",
"url": "https://www.suse.com/security/cve/CVE-2021-38005"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38005",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38005"
},
{
"cve": "CVE-2021-38006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38006"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38006",
"url": "https://www.suse.com/security/cve/CVE-2021-38006"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38006",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38006"
},
{
"cve": "CVE-2021-38007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38007"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38007",
"url": "https://www.suse.com/security/cve/CVE-2021-38007"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38007",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38007"
},
{
"cve": "CVE-2021-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38008"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38008",
"url": "https://www.suse.com/security/cve/CVE-2021-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38008",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38008"
},
{
"cve": "CVE-2021-38009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38009"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38009",
"url": "https://www.suse.com/security/cve/CVE-2021-38009"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38009",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38009"
},
{
"cve": "CVE-2021-38010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38010"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38010",
"url": "https://www.suse.com/security/cve/CVE-2021-38010"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38010",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38010"
},
{
"cve": "CVE-2021-38011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38011"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38011",
"url": "https://www.suse.com/security/cve/CVE-2021-38011"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38011",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38011"
},
{
"cve": "CVE-2021-38012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38012"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38012",
"url": "https://www.suse.com/security/cve/CVE-2021-38012"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38012",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38012"
},
{
"cve": "CVE-2021-38013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38013"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38013",
"url": "https://www.suse.com/security/cve/CVE-2021-38013"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38013",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38013"
},
{
"cve": "CVE-2021-38014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38014"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38014",
"url": "https://www.suse.com/security/cve/CVE-2021-38014"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38014",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38014"
},
{
"cve": "CVE-2021-38015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38015"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38015",
"url": "https://www.suse.com/security/cve/CVE-2021-38015"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38015",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38015"
},
{
"cve": "CVE-2021-38016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38016"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38016",
"url": "https://www.suse.com/security/cve/CVE-2021-38016"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38016",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38016"
},
{
"cve": "CVE-2021-38017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38017"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38017",
"url": "https://www.suse.com/security/cve/CVE-2021-38017"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38017",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38017"
},
{
"cve": "CVE-2021-38019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38019"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38019",
"url": "https://www.suse.com/security/cve/CVE-2021-38019"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38019",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38019"
},
{
"cve": "CVE-2021-38020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38020"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38020",
"url": "https://www.suse.com/security/cve/CVE-2021-38020"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38020",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38020"
},
{
"cve": "CVE-2021-38021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38021"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38021",
"url": "https://www.suse.com/security/cve/CVE-2021-38021"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38021",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38021"
},
{
"cve": "CVE-2021-38022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38022"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38022",
"url": "https://www.suse.com/security/cve/CVE-2021-38022"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38022",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38022"
},
{
"cve": "CVE-2021-4052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4052"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4052",
"url": "https://www.suse.com/security/cve/CVE-2021-4052"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4052",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4052"
},
{
"cve": "CVE-2021-4053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4053"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4053",
"url": "https://www.suse.com/security/cve/CVE-2021-4053"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4053",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4053"
},
{
"cve": "CVE-2021-4054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4054"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4054",
"url": "https://www.suse.com/security/cve/CVE-2021-4054"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4054",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4054"
},
{
"cve": "CVE-2021-4055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4055"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4055",
"url": "https://www.suse.com/security/cve/CVE-2021-4055"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4055",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4055"
},
{
"cve": "CVE-2021-4056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4056"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4056",
"url": "https://www.suse.com/security/cve/CVE-2021-4056"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4056",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4056"
},
{
"cve": "CVE-2021-4057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4057"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4057",
"url": "https://www.suse.com/security/cve/CVE-2021-4057"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4057",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4057"
},
{
"cve": "CVE-2021-4058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4058"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4058",
"url": "https://www.suse.com/security/cve/CVE-2021-4058"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4058",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4058"
},
{
"cve": "CVE-2021-4059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4059"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4059",
"url": "https://www.suse.com/security/cve/CVE-2021-4059"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4059",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4059"
},
{
"cve": "CVE-2021-4061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4061"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4061",
"url": "https://www.suse.com/security/cve/CVE-2021-4061"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4061",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4061"
},
{
"cve": "CVE-2021-4062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4062"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4062",
"url": "https://www.suse.com/security/cve/CVE-2021-4062"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4062",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4062"
},
{
"cve": "CVE-2021-4063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4063"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4063",
"url": "https://www.suse.com/security/cve/CVE-2021-4063"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4063",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4063"
},
{
"cve": "CVE-2021-4064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4064"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4064",
"url": "https://www.suse.com/security/cve/CVE-2021-4064"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4064",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4064"
},
{
"cve": "CVE-2021-4065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4065"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4065",
"url": "https://www.suse.com/security/cve/CVE-2021-4065"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4065",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4065"
},
{
"cve": "CVE-2021-4066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4066"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4066",
"url": "https://www.suse.com/security/cve/CVE-2021-4066"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4066",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4066"
},
{
"cve": "CVE-2021-4067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4067"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4067",
"url": "https://www.suse.com/security/cve/CVE-2021-4067"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4067",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4067"
},
{
"cve": "CVE-2021-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4068"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4068",
"url": "https://www.suse.com/security/cve/CVE-2021-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4068",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4068"
},
{
"cve": "CVE-2021-4078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4078"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4078",
"url": "https://www.suse.com/security/cve/CVE-2021-4078"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4078",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4078"
},
{
"cve": "CVE-2021-4079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4079"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4079",
"url": "https://www.suse.com/security/cve/CVE-2021-4079"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4079",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4079"
},
{
"cve": "CVE-2021-4098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4098"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4098",
"url": "https://www.suse.com/security/cve/CVE-2021-4098"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4098",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4098"
},
{
"cve": "CVE-2021-4099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4099"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4099",
"url": "https://www.suse.com/security/cve/CVE-2021-4099"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4099",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4099"
},
{
"cve": "CVE-2021-4100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4100"
}
],
"notes": [
{
"category": "general",
"text": "Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4100",
"url": "https://www.suse.com/security/cve/CVE-2021-4100"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4100",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4100"
},
{
"cve": "CVE-2021-4101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4101"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4101",
"url": "https://www.suse.com/security/cve/CVE-2021-4101"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4101",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4101"
},
{
"cve": "CVE-2021-4102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4102"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4102",
"url": "https://www.suse.com/security/cve/CVE-2021-4102"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4102",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4102"
},
{
"cve": "CVE-2022-0096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0096"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0096",
"url": "https://www.suse.com/security/cve/CVE-2022-0096"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0096",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0096",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0096"
},
{
"cve": "CVE-2022-0097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0097"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0097",
"url": "https://www.suse.com/security/cve/CVE-2022-0097"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0097",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0097",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0097"
},
{
"cve": "CVE-2022-0098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0098"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0098",
"url": "https://www.suse.com/security/cve/CVE-2022-0098"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0098",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0098",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0098"
},
{
"cve": "CVE-2022-0099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0099"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0099",
"url": "https://www.suse.com/security/cve/CVE-2022-0099"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0099",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0099",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0099"
},
{
"cve": "CVE-2022-0100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0100"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0100",
"url": "https://www.suse.com/security/cve/CVE-2022-0100"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0100",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0100",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0100"
},
{
"cve": "CVE-2022-0101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0101"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0101",
"url": "https://www.suse.com/security/cve/CVE-2022-0101"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0101",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0101",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0101"
},
{
"cve": "CVE-2022-0102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0102"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0102",
"url": "https://www.suse.com/security/cve/CVE-2022-0102"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0102",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0102",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0102"
},
{
"cve": "CVE-2022-0103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0103"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0103",
"url": "https://www.suse.com/security/cve/CVE-2022-0103"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0103",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0103",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0103"
},
{
"cve": "CVE-2022-0104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0104"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0104",
"url": "https://www.suse.com/security/cve/CVE-2022-0104"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0104",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0104",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0104"
},
{
"cve": "CVE-2022-0105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0105"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0105",
"url": "https://www.suse.com/security/cve/CVE-2022-0105"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0105",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0105",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0105"
},
{
"cve": "CVE-2022-0106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0106"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0106",
"url": "https://www.suse.com/security/cve/CVE-2022-0106"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0106",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0106",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0106"
},
{
"cve": "CVE-2022-0107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0107"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0107",
"url": "https://www.suse.com/security/cve/CVE-2022-0107"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0107",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0107",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0107"
},
{
"cve": "CVE-2022-0108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0108"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0108",
"url": "https://www.suse.com/security/cve/CVE-2022-0108"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0108",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1210731 for CVE-2022-0108",
"url": "https://bugzilla.suse.com/1210731"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0108",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0108"
},
{
"cve": "CVE-2022-0109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0109"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0109",
"url": "https://www.suse.com/security/cve/CVE-2022-0109"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0109",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0109",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0109"
},
{
"cve": "CVE-2022-0110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0110"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0110",
"url": "https://www.suse.com/security/cve/CVE-2022-0110"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0110",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0110",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0110"
},
{
"cve": "CVE-2022-0111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0111"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0111",
"url": "https://www.suse.com/security/cve/CVE-2022-0111"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0111",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0111",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0111"
},
{
"cve": "CVE-2022-0112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0112"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0112",
"url": "https://www.suse.com/security/cve/CVE-2022-0112"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0112",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0112",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0112"
},
{
"cve": "CVE-2022-0113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0113"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0113",
"url": "https://www.suse.com/security/cve/CVE-2022-0113"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0113",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0113",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0113"
},
{
"cve": "CVE-2022-0114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0114"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0114",
"url": "https://www.suse.com/security/cve/CVE-2022-0114"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0114",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0114",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0114"
},
{
"cve": "CVE-2022-0115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0115"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0115",
"url": "https://www.suse.com/security/cve/CVE-2022-0115"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0115",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0115",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0115"
},
{
"cve": "CVE-2022-0116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0116"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0116",
"url": "https://www.suse.com/security/cve/CVE-2022-0116"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0116",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0116",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0116"
},
{
"cve": "CVE-2022-0117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0117"
}
],
"notes": [
{
"category": "general",
"text": "Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0117",
"url": "https://www.suse.com/security/cve/CVE-2022-0117"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0117",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0117",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0117"
},
{
"cve": "CVE-2022-0118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0118"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0118",
"url": "https://www.suse.com/security/cve/CVE-2022-0118"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0118",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0118",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0118"
},
{
"cve": "CVE-2022-0120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0120"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0120",
"url": "https://www.suse.com/security/cve/CVE-2022-0120"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0120",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0120",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0120"
},
{
"cve": "CVE-2022-0289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0289"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0289",
"url": "https://www.suse.com/security/cve/CVE-2022-0289"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0289",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0289"
},
{
"cve": "CVE-2022-0290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0290"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0290",
"url": "https://www.suse.com/security/cve/CVE-2022-0290"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0290",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0290"
},
{
"cve": "CVE-2022-0291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0291"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0291",
"url": "https://www.suse.com/security/cve/CVE-2022-0291"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0291",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0291"
},
{
"cve": "CVE-2022-0292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0292"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0292",
"url": "https://www.suse.com/security/cve/CVE-2022-0292"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0292",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0292"
},
{
"cve": "CVE-2022-0293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0293"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0293",
"url": "https://www.suse.com/security/cve/CVE-2022-0293"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0293",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0293"
},
{
"cve": "CVE-2022-0294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0294"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0294",
"url": "https://www.suse.com/security/cve/CVE-2022-0294"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0294",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0294"
},
{
"cve": "CVE-2022-0295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0295"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0295",
"url": "https://www.suse.com/security/cve/CVE-2022-0295"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0295",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0295"
},
{
"cve": "CVE-2022-0296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0296"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0296",
"url": "https://www.suse.com/security/cve/CVE-2022-0296"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0296",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0296"
},
{
"cve": "CVE-2022-0297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0297"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0297",
"url": "https://www.suse.com/security/cve/CVE-2022-0297"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0297",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0297"
},
{
"cve": "CVE-2022-0298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0298"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0298",
"url": "https://www.suse.com/security/cve/CVE-2022-0298"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0298",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0298"
},
{
"cve": "CVE-2022-0300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0300"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0300",
"url": "https://www.suse.com/security/cve/CVE-2022-0300"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0300",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0300"
},
{
"cve": "CVE-2022-0301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0301"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0301",
"url": "https://www.suse.com/security/cve/CVE-2022-0301"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0301",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0301"
},
{
"cve": "CVE-2022-0302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0302"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0302",
"url": "https://www.suse.com/security/cve/CVE-2022-0302"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0302",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0302"
},
{
"cve": "CVE-2022-0304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0304"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0304",
"url": "https://www.suse.com/security/cve/CVE-2022-0304"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0304",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0304"
},
{
"cve": "CVE-2022-0305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0305"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0305",
"url": "https://www.suse.com/security/cve/CVE-2022-0305"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0305",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0305"
},
{
"cve": "CVE-2022-0306",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0306"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0306",
"url": "https://www.suse.com/security/cve/CVE-2022-0306"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0306",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0306"
},
{
"cve": "CVE-2022-0307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0307"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0307",
"url": "https://www.suse.com/security/cve/CVE-2022-0307"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0307",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0307"
},
{
"cve": "CVE-2022-0308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0308"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0308",
"url": "https://www.suse.com/security/cve/CVE-2022-0308"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0308",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0308"
},
{
"cve": "CVE-2022-0309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0309"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0309",
"url": "https://www.suse.com/security/cve/CVE-2022-0309"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0309",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0309"
},
{
"cve": "CVE-2022-0310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0310"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0310",
"url": "https://www.suse.com/security/cve/CVE-2022-0310"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0310",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0310"
},
{
"cve": "CVE-2022-0311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0311"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0311",
"url": "https://www.suse.com/security/cve/CVE-2022-0311"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0311",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0311"
}
]
}
OPENSUSE-SU-2022:0070-1
Vulnerability from csaf_opensuse - Published: 2022-03-03 12:42 - Updated: 2022-03-03 12:42Summary
Security update for nodejs-electron
Severity
Important
Notes
Title of the patch: Security update for nodejs-electron
Description of the patch: This update for nodejs-electron fixes the following issues:
- Fix webpack-4 with OpenSSL 3.0
Update to version 16.0.9
* https://github.com/electron/electron/releases/tag/v16.0.9
Update to version 16.0.8
* https://github.com/electron/electron/releases/tag/v16.0.8
- Add devel package with node headers (e.g. for node-gyp)
- Update to version 16.0.7
* https://github.com/electron/electron/releases/tag/v16.0.7
- Update to version 15.3.3
* https://github.com/electron/electron/releases/tag/v15.3.3
- Update to version 13.6.3
https://github.com/electron/electron/releases/tag/v13.6.3
- Update to version 13.6.2
https://github.com/electron/electron/releases/tag/v13.6.2
- Fix for CVE-2021-37998
- Fix for CVE-2021-38001
- Fix for CVE-2021-38002
- Fix for CVE-2021-38003
- Do not build with H264
- Update to version 13.6.1
https://github.com/electron/electron/releases/tag/v13.6.1
- Fix for CVE-2021-37981
- Fix for CVE-2021-37984
- Fix for CVE-2021-37987
- Fix for CVE-2021-37989
- Fix for CVE-2021-37992
- Fix for CVE-2021-37996
- Update to version 13.5.1
https://github.com/electron/electron/releases/tag/v13.5.1
- Update to version 13.5.0
https://github.com/electron/electron/releases/tag/v13.5.0
- Fix for CVE-2021-30627
- Fix for CVE-2021-30631
- Fix for CVE-2021-30632
- Fix for CVE-2021-30625
- Fix for CVE-2021-30626
- Fix for CVE-2021-30628
- Fix for CVE-2021-30630
- Fix for CVE-2021-30633
- Version 13.4.0
- Update to version 13.1.8
* https://github.com/electron/electron/releases/tag/v13.1.8
- Update to version 13.1.7
* https://github.com/electron/electron/releases/tag/v13.1.7
- Update to version 13.1.6
* https://github.com/electron/electron/releases/tag/v13.1.6
* https://github.com/electron/electron/releases/tag/v13.1.5
- Update to version 13.1.4
* https://github.com/electron/electron/releases/tag/v13.1.4
* https://github.com/electron/electron/releases/tag/v13.1.3
- Build with vaapi support
- Install missing vk_swiftshader_icd.json
- Update to version 13.1.2
* https://github.com/electron/electron/releases/tag/v13.1.2
Patchnames: openSUSE-2022-70
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
58 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs-electron",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs-electron fixes the following issues:\n\n- Fix webpack-4 with OpenSSL 3.0\n\nUpdate to version 16.0.9\n\n* https://github.com/electron/electron/releases/tag/v16.0.9\n\nUpdate to version 16.0.8\n\n* https://github.com/electron/electron/releases/tag/v16.0.8\n\n- Add devel package with node headers (e.g. for node-gyp)\n\n- Update to version 16.0.7\n\n * https://github.com/electron/electron/releases/tag/v16.0.7\n\n- Update to version 15.3.3\n\n * https://github.com/electron/electron/releases/tag/v15.3.3\n\n- Update to version 13.6.3\n https://github.com/electron/electron/releases/tag/v13.6.3\n\n- Update to version 13.6.2\n https://github.com/electron/electron/releases/tag/v13.6.2\n- Fix for CVE-2021-37998\n- Fix for CVE-2021-38001\n- Fix for CVE-2021-38002\n- Fix for CVE-2021-38003\n\n- Do not build with H264\n\n- Update to version 13.6.1\n https://github.com/electron/electron/releases/tag/v13.6.1\n- Fix for CVE-2021-37981\n- Fix for CVE-2021-37984\n- Fix for CVE-2021-37987\n- Fix for CVE-2021-37989\n- Fix for CVE-2021-37992\n- Fix for CVE-2021-37996\n\n- Update to version 13.5.1\n https://github.com/electron/electron/releases/tag/v13.5.1\n\n- Update to version 13.5.0\n https://github.com/electron/electron/releases/tag/v13.5.0\n- Fix for CVE-2021-30627\n- Fix for CVE-2021-30631\n- Fix for CVE-2021-30632\n- Fix for CVE-2021-30625\n- Fix for CVE-2021-30626\n- Fix for CVE-2021-30628\n- Fix for CVE-2021-30630\n- Fix for CVE-2021-30633\n\n- Version 13.4.0\n\n- Update to version 13.1.8\n * https://github.com/electron/electron/releases/tag/v13.1.8\n\n- Update to version 13.1.7\n * https://github.com/electron/electron/releases/tag/v13.1.7\n\n- Update to version 13.1.6\n * https://github.com/electron/electron/releases/tag/v13.1.6\n * https://github.com/electron/electron/releases/tag/v13.1.5\n\n- Update to version 13.1.4\n * https://github.com/electron/electron/releases/tag/v13.1.4\n * https://github.com/electron/electron/releases/tag/v13.1.3\n\n- Build with vaapi support\n\n- Install missing vk_swiftshader_icd.json\n\n- Update to version 13.1.2\n * https://github.com/electron/electron/releases/tag/v13.1.2\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-70",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0070-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0070-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G2JZKFAH5MWINMQLTSYZ2GQCLX5UGIGE/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0070-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G2JZKFAH5MWINMQLTSYZ2GQCLX5UGIGE/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30625 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30626 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30627 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30628 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30630 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30631 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30632 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30633 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37981 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37984 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37987 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37989 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37989/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37992 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37996 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37998 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38001 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38002 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38003 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38003/"
}
],
"title": "Security update for nodejs-electron",
"tracking": {
"current_release_date": "2022-03-03T12:42:04Z",
"generator": {
"date": "2022-03-03T12:42:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0070-1",
"initial_release_date": "2022-03-03T12:42:04Z",
"revision_history": [
{
"date": "2022-03-03T12:42:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs-electron-16.0.9-bp153.2.1.x86_64",
"product": {
"name": "nodejs-electron-16.0.9-bp153.2.1.x86_64",
"product_id": "nodejs-electron-16.0.9-bp153.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"product": {
"name": "nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"product_id": "nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-16.0.9-bp153.2.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64"
},
"product_reference": "nodejs-electron-16.0.9-bp153.2.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
},
"product_reference": "nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-16.0.9-bp153.2.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64"
},
"product_reference": "nodejs-electron-16.0.9-bp153.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-electron-devel-16.0.9-bp153.2.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
},
"product_reference": "nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30625"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30625",
"url": "https://www.suse.com/security/cve/CVE-2021-30625"
},
{
"category": "external",
"summary": "SUSE Bug 1190476 for CVE-2021-30625",
"url": "https://bugzilla.suse.com/1190476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-30625"
},
{
"cve": "CVE-2021-30626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30626"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30626",
"url": "https://www.suse.com/security/cve/CVE-2021-30626"
},
{
"category": "external",
"summary": "SUSE Bug 1190476 for CVE-2021-30626",
"url": "https://bugzilla.suse.com/1190476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-30626"
},
{
"cve": "CVE-2021-30627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30627"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30627",
"url": "https://www.suse.com/security/cve/CVE-2021-30627"
},
{
"category": "external",
"summary": "SUSE Bug 1190476 for CVE-2021-30627",
"url": "https://bugzilla.suse.com/1190476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-30627"
},
{
"cve": "CVE-2021-30628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30628"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30628",
"url": "https://www.suse.com/security/cve/CVE-2021-30628"
},
{
"category": "external",
"summary": "SUSE Bug 1190476 for CVE-2021-30628",
"url": "https://bugzilla.suse.com/1190476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-30628"
},
{
"cve": "CVE-2021-30630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30630"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30630",
"url": "https://www.suse.com/security/cve/CVE-2021-30630"
},
{
"category": "external",
"summary": "SUSE Bug 1190476 for CVE-2021-30630",
"url": "https://bugzilla.suse.com/1190476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-30630"
},
{
"cve": "CVE-2021-30631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30631"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30631",
"url": "https://www.suse.com/security/cve/CVE-2021-30631"
},
{
"category": "external",
"summary": "SUSE Bug 1190476 for CVE-2021-30631",
"url": "https://bugzilla.suse.com/1190476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-30631"
},
{
"cve": "CVE-2021-30632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30632"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30632",
"url": "https://www.suse.com/security/cve/CVE-2021-30632"
},
{
"category": "external",
"summary": "SUSE Bug 1190476 for CVE-2021-30632",
"url": "https://bugzilla.suse.com/1190476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-30632"
},
{
"cve": "CVE-2021-30633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30633"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30633",
"url": "https://www.suse.com/security/cve/CVE-2021-30633"
},
{
"category": "external",
"summary": "SUSE Bug 1190476 for CVE-2021-30633",
"url": "https://bugzilla.suse.com/1190476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-30633"
},
{
"cve": "CVE-2021-37981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37981"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37981",
"url": "https://www.suse.com/security/cve/CVE-2021-37981"
},
{
"category": "external",
"summary": "SUSE Bug 1191844 for CVE-2021-37981",
"url": "https://bugzilla.suse.com/1191844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-37981"
},
{
"cve": "CVE-2021-37984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37984"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37984",
"url": "https://www.suse.com/security/cve/CVE-2021-37984"
},
{
"category": "external",
"summary": "SUSE Bug 1191844 for CVE-2021-37984",
"url": "https://bugzilla.suse.com/1191844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-37984"
},
{
"cve": "CVE-2021-37987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37987"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37987",
"url": "https://www.suse.com/security/cve/CVE-2021-37987"
},
{
"category": "external",
"summary": "SUSE Bug 1191844 for CVE-2021-37987",
"url": "https://bugzilla.suse.com/1191844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-37987"
},
{
"cve": "CVE-2021-37989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37989"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37989",
"url": "https://www.suse.com/security/cve/CVE-2021-37989"
},
{
"category": "external",
"summary": "SUSE Bug 1191844 for CVE-2021-37989",
"url": "https://bugzilla.suse.com/1191844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-37989"
},
{
"cve": "CVE-2021-37992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37992"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37992",
"url": "https://www.suse.com/security/cve/CVE-2021-37992"
},
{
"category": "external",
"summary": "SUSE Bug 1191844 for CVE-2021-37992",
"url": "https://bugzilla.suse.com/1191844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-37992"
},
{
"cve": "CVE-2021-37996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37996"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37996",
"url": "https://www.suse.com/security/cve/CVE-2021-37996"
},
{
"category": "external",
"summary": "SUSE Bug 1191844 for CVE-2021-37996",
"url": "https://bugzilla.suse.com/1191844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "moderate"
}
],
"title": "CVE-2021-37996"
},
{
"cve": "CVE-2021-37998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37998"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37998",
"url": "https://www.suse.com/security/cve/CVE-2021-37998"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37998",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-37998"
},
{
"cve": "CVE-2021-38001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38001"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38001",
"url": "https://www.suse.com/security/cve/CVE-2021-38001"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38001",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-38001"
},
{
"cve": "CVE-2021-38002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38002"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38002",
"url": "https://www.suse.com/security/cve/CVE-2021-38002"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38002",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-38002"
},
{
"cve": "CVE-2021-38003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38003"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38003",
"url": "https://www.suse.com/security/cve/CVE-2021-38003"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38003",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"SUSE Package Hub 15 SP3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-16.0.9-bp153.2.1.x86_64",
"openSUSE Leap 15.3:nodejs-electron-devel-16.0.9-bp153.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-03T12:42:04Z",
"details": "critical"
}
],
"title": "CVE-2021-38003"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…