Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-38021 (GCVE-0-2021-38021)
Vulnerability from cvelistv5 – Published: 2021-12-23 00:05 – Updated: 2024-08-04 01:30
VLAI?
EPSS
Summary
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- Inappropriate implementation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://chromereleases.googleblog.com/2021/11/sta… | x_refsource_MISC |
| https://crbug.com/1233375 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2022/dsa-5046 | vendor-advisoryx_refsource_DEBIAN |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/1233375"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "96.0.4664.45",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-15T14:08:18.000Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/1233375"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-38021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "96.0.4664.45"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/1233375",
"refsource": "MISC",
"url": "https://crbug.com/1233375"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2021-38021",
"datePublished": "2021-12-23T00:05:57.000Z",
"dateReserved": "2021-08-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:30:09.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-38021",
"date": "2026-05-19",
"epss": "0.00473",
"percentile": "0.64905"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"96.0.4664.45\", \"matchCriteriaId\": \"A6F5F87E-3ECB-443C-851D-E9C88E3DC6DE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.\"}, {\"lang\": \"es\", \"value\": \"Una implementaci\\u00f3n inapropiada en referrer en Google Chrome versiones anteriores a 96.0.4664.45, permit\\u00eda a un atacante remoto omitir las restricciones de navegaci\\u00f3n por medio de una p\\u00e1gina HTML dise\\u00f1ada\"}]",
"id": "CVE-2021-38021",
"lastModified": "2024-11-21T06:16:19.037",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2021-12-23T01:15:08.527",
"references": "[{\"url\": \"https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1233375\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\", \"source\": \"chrome-cve-admin@google.com\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5046\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://crbug.com/1233375\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5046\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-38021\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2021-12-23T01:15:08.527\",\"lastModified\":\"2024-11-21T06:16:19.037\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.\"},{\"lang\":\"es\",\"value\":\"Una implementaci\u00f3n inapropiada en referrer en Google Chrome versiones anteriores a 96.0.4664.45, permit\u00eda a un atacante remoto omitir las restricciones de navegaci\u00f3n por medio de una p\u00e1gina HTML dise\u00f1ada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"96.0.4664.45\",\"matchCriteriaId\":\"A6F5F87E-3ECB-443C-851D-E9C88E3DC6DE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1233375\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\",\"source\":\"chrome-cve-admin@google.com\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5046\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://crbug.com/1233375\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5046\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2021-AVI-894
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 96.0.1052.29 (Chromium-based)",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38014"
},
{
"name": "CVE-2021-38008",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38008"
},
{
"name": "CVE-2021-38019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38019"
},
{
"name": "CVE-2021-43220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43220"
},
{
"name": "CVE-2021-43221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43221"
},
{
"name": "CVE-2021-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38022"
},
{
"name": "CVE-2021-38015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38015"
},
{
"name": "CVE-2021-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38020"
},
{
"name": "CVE-2021-38016",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38016"
},
{
"name": "CVE-2021-38007",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38007"
},
{
"name": "CVE-2021-38011",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38011"
},
{
"name": "CVE-2021-38017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38017"
},
{
"name": "CVE-2021-38012",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38012"
},
{
"name": "CVE-2021-38005",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38005"
},
{
"name": "CVE-2021-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38009"
},
{
"name": "CVE-2021-38018",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38018"
},
{
"name": "CVE-2021-38021",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38021"
},
{
"name": "CVE-2021-38010",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38010"
},
{
"name": "CVE-2021-38006",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38006"
},
{
"name": "CVE-2021-38013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38013"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-894",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 19 novembre 2021",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2021-AVI-894
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 96.0.1052.29 (Chromium-based)",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-38014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38014"
},
{
"name": "CVE-2021-38008",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38008"
},
{
"name": "CVE-2021-38019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38019"
},
{
"name": "CVE-2021-43220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43220"
},
{
"name": "CVE-2021-43221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43221"
},
{
"name": "CVE-2021-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38022"
},
{
"name": "CVE-2021-38015",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38015"
},
{
"name": "CVE-2021-38020",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38020"
},
{
"name": "CVE-2021-38016",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38016"
},
{
"name": "CVE-2021-38007",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38007"
},
{
"name": "CVE-2021-38011",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38011"
},
{
"name": "CVE-2021-38017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38017"
},
{
"name": "CVE-2021-38012",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38012"
},
{
"name": "CVE-2021-38005",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38005"
},
{
"name": "CVE-2021-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38009"
},
{
"name": "CVE-2021-38018",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38018"
},
{
"name": "CVE-2021-38021",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38021"
},
{
"name": "CVE-2021-38010",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38010"
},
{
"name": "CVE-2021-38006",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38006"
},
{
"name": "CVE-2021-38013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38013"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-894",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 19 novembre 2021",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
BDU:2021-06138
Vulnerability from fstec - Published: 15.11.2021
VLAI Severity ?
Title
Уязвимость компонента Referer браузера Google Chrome, связанная с неправильно реализованной проверкой безопасности для стандартных элементов, позволяющая нарушителю раскрыть защищаемую информацию
Description
Уязвимость компонента Referer браузера Google Chrome связана с неправильно реализованной проверкой безопасности для стандартных элементов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию с помощью специально созданной веб-страницы
Severity ?
Vendor
ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Google Inc, Microsoft Corp, АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, Google Chrome, Microsoft Edge, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), до 96.0.4664.45 (Google Chrome), до 96.0.1054.29 (Microsoft Edge), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.4.2 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»)
Possible Mitigations
Использование рекомендаций производителя:
Для Google Chrome:
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
Для Microsoft Edge:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-38021
Для ОС Astra Linux:
использование рекомендаций производителя:
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
Для ОСОН Основа:
Обновление программного обеспечения chromium до версии 97.0.4692.99+repack-1osnova1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения chromium до версии 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets
Reference
https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
https://security-tracker.debian.org/tracker/CVE-2021-38021
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.2/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
CWE
CWE-358
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Google Inc, Microsoft Corp, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), \u0434\u043e 96.0.4664.45 (Google Chrome), \u0434\u043e 96.0.1054.29 (Microsoft Edge), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.4.2 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\n\n\u0414\u043b\u044f Microsoft Edge:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-38021\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 97.0.4692.99+repack-1osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 105.0.5195.125+repack2-1~deb11u1.osnova1.strelets\n\n",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.11.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.04.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.12.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-06138",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-38021",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, Google Chrome, Microsoft Edge, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Referer \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432 (CWE-358)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Referer \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Google Chrome \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html\nhttps://security-tracker.debian.org/tracker/CVE-2021-38021\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38021\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.2/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-358",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,4)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
CNVD-2021-91286
Vulnerability from cnvd - Published: 2021-11-25
VLAI Severity ?
Title
Google Chrome referrer安全绕过漏洞
Description
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。
Google Chrome存在安全漏洞,该漏洞源于产品中的某些功能存在不恰当的实现。远程攻击者可利用漏洞绕过安全限制。
Severity
高
Patch Name
Google Chrome referrer安全绕过漏洞的补丁
Patch Description
Google Chrome是美国谷歌(Google)公司的一款Web浏览器。
Google Chrome存在安全漏洞,该漏洞源于产品中的某些功能存在不恰当的实现。远程攻击者可利用漏洞绕过安全限制。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html
Reference
https://www.auscert.org.au/bulletins/ESB-2021.3933
Impacted products
| Name | Google Chrome <96.0.4664.45 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-38021"
}
},
"description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\n\nGoogle Chrome\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u4e2d\u7684\u67d0\u4e9b\u529f\u80fd\u5b58\u5728\u4e0d\u6070\u5f53\u7684\u5b9e\u73b0\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-91286",
"openTime": "2021-11-25",
"patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u4e2d\u7684\u67d0\u4e9b\u529f\u80fd\u5b58\u5728\u4e0d\u6070\u5f53\u7684\u5b9e\u73b0\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Chrome referrer\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Google Chrome \u003c96.0.4664.45"
},
"referenceLink": "https://www.auscert.org.au/bulletins/ESB-2021.3933",
"serverity": "\u9ad8",
"submitTime": "2021-11-17",
"title": "Google Chrome referrer\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
FKIE_CVE-2021-38021
Vulnerability from fkie_nvd - Published: 2021-12-23 01:15 - Updated: 2024-11-21 06:16
Severity ?
Summary
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F5F87E-3ECB-443C-851D-E9C88E3DC6DE",
"versionEndExcluding": "96.0.4664.45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page."
},
{
"lang": "es",
"value": "Una implementaci\u00f3n inapropiada en referrer en Google Chrome versiones anteriores a 96.0.4664.45, permit\u00eda a un atacante remoto omitir las restricciones de navegaci\u00f3n por medio de una p\u00e1gina HTML dise\u00f1ada"
}
],
"id": "CVE-2021-38021",
"lastModified": "2024-11-21T06:16:19.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T01:15:08.527",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1233375"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1233375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-FRRX-W5CV-62WX
Vulnerability from github – Published: 2021-12-24 00:00 – Updated: 2021-12-29 00:01
VLAI?
Details
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-38021"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-23T01:15:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"id": "GHSA-frrx-w5cv-62wx",
"modified": "2021-12-29T00:01:07Z",
"published": "2021-12-24T00:00:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38021"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1233375"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2021-38021
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-38021",
"description": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"id": "GSD-2021-38021",
"references": [
"https://www.suse.com/security/cve/CVE-2021-38021.html",
"https://www.debian.org/security/2022/dsa-5046",
"https://advisories.mageia.org/CVE-2021-38021.html",
"https://security.archlinux.org/CVE-2021-38021"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-38021"
],
"details": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"id": "GSD-2021-38021",
"modified": "2023-12-13T01:23:17.713590Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-38021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "96.0.4664.45"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/1233375",
"refsource": "MISC",
"url": "https://crbug.com/1233375"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5046"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "96.0.4664.45",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2021-38021"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/1233375",
"refsource": "MISC",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1233375"
},
{
"name": "FEDORA-2021-6a292e2cf4",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744/"
},
{
"name": "DSA-5046",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5046"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-02-18T19:12Z",
"publishedDate": "2021-12-23T01:15Z"
}
}
}
OPENSUSE-SU-2021:1582-1
Vulnerability from csaf_opensuse - Published: 2021-12-13 17:50 - Updated: 2021-12-13 17:50Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
- Ensure newer libs and LLVM is used on Leap (boo#1192310)
- Explicitly BuildRequire python3-six.
Chromium 96.0.4664.93 (boo#1193519):
* CVE-2021-4052: Use after free in web apps
* CVE-2021-4053: Use after free in UI
* CVE-2021-4079: Out of bounds write in WebRTC
* CVE-2021-4054: Incorrect security UI in autofill
* CVE-2021-4078: Type confusion in V8
* CVE-2021-4055: Heap buffer overflow in extensions
* CVE-2021-4056: Type Confusion in loader
* CVE-2021-4057: Use after free in file API
* CVE-2021-4058: Heap buffer overflow in ANGLE
* CVE-2021-4059: Insufficient data validation in loader
* CVE-2021-4061: Type Confusion in V8
* CVE-2021-4062: Heap buffer overflow in BFCache
* CVE-2021-4063: Use after free in developer tools
* CVE-2021-4064: Use after free in screen capture
* CVE-2021-4065: Use after free in autofill
* CVE-2021-4066: Integer underflow in ANGLE
* CVE-2021-4067: Use after free in window manager
* CVE-2021-4068: Insufficient validation of untrusted input in new tab page
Chromium 96.0.4664.45 (boo#1192734):
* CVE-2021-38007: Type Confusion in V8
* CVE-2021-38008: Use after free in media
* CVE-2021-38009: Inappropriate implementation in cache
* CVE-2021-38006: Use after free in storage foundation
* CVE-2021-38005: Use after free in loader
* CVE-2021-38010: Inappropriate implementation in service workers
* CVE-2021-38011: Use after free in storage foundation
* CVE-2021-38012: Type Confusion in V8
* CVE-2021-38013: Heap buffer overflow in fingerprint recognition
* CVE-2021-38014: Out of bounds write in Swiftshader
* CVE-2021-38015: Inappropriate implementation in input
* CVE-2021-38016: Insufficient policy enforcement in background fetch
* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
* CVE-2021-38018: Inappropriate implementation in navigation
* CVE-2021-38019: Insufficient policy enforcement in CORS
* CVE-2021-38020: Insufficient policy enforcement in contacts picker
* CVE-2021-38021: Inappropriate implementation in referrer
* CVE-2021-38022: Inappropriate implementation in WebAuthentication
Lord of the Browsers: The Two Compilers:
* Go back to GCC
Lord of the Browsers: The Two Compilers:
* Go back to GCC
* GCC: LTO removes needed assembly symbols
* Clang: issues with libstdc++
* GCC: LTO removes needed assembly symbols
* Clang: issues with libstdc++
Patchnames: openSUSE-2021-1582
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
115 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\n- Ensure newer libs and LLVM is used on Leap (boo#1192310)\n- Explicitly BuildRequire python3-six. \n\nChromium 96.0.4664.93 (boo#1193519):\n\n* CVE-2021-4052: Use after free in web apps\n* CVE-2021-4053: Use after free in UI\n* CVE-2021-4079: Out of bounds write in WebRTC\n* CVE-2021-4054: Incorrect security UI in autofill\n* CVE-2021-4078: Type confusion in V8\n* CVE-2021-4055: Heap buffer overflow in extensions\n* CVE-2021-4056: Type Confusion in loader\n* CVE-2021-4057: Use after free in file API\n* CVE-2021-4058: Heap buffer overflow in ANGLE\n* CVE-2021-4059: Insufficient data validation in loader\n* CVE-2021-4061: Type Confusion in V8\n* CVE-2021-4062: Heap buffer overflow in BFCache\n* CVE-2021-4063: Use after free in developer tools\n* CVE-2021-4064: Use after free in screen capture\n* CVE-2021-4065: Use after free in autofill\n* CVE-2021-4066: Integer underflow in ANGLE\n* CVE-2021-4067: Use after free in window manager\n* CVE-2021-4068: Insufficient validation of untrusted input in new tab page\n\nChromium 96.0.4664.45 (boo#1192734):\n\n* CVE-2021-38007: Type Confusion in V8\n* CVE-2021-38008: Use after free in media\n* CVE-2021-38009: Inappropriate implementation in cache\n* CVE-2021-38006: Use after free in storage foundation\n* CVE-2021-38005: Use after free in loader\n* CVE-2021-38010: Inappropriate implementation in service workers\n* CVE-2021-38011: Use after free in storage foundation\n* CVE-2021-38012: Type Confusion in V8\n* CVE-2021-38013: Heap buffer overflow in fingerprint recognition\n* CVE-2021-38014: Out of bounds write in Swiftshader\n* CVE-2021-38015: Inappropriate implementation in input\n* CVE-2021-38016: Insufficient policy enforcement in background fetch\n* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox\n* CVE-2021-38018: Inappropriate implementation in navigation\n* CVE-2021-38019: Insufficient policy enforcement in CORS\n* CVE-2021-38020: Insufficient policy enforcement in contacts picker\n* CVE-2021-38021: Inappropriate implementation in referrer\n* CVE-2021-38022: Inappropriate implementation in WebAuthentication\n\nLord of the Browsers: The Two Compilers:\n\n* Go back to GCC\nLord of the Browsers: The Two Compilers:\n\n* Go back to GCC\n* GCC: LTO removes needed assembly symbols\n* Clang: issues with libstdc++\n\n* GCC: LTO removes needed assembly symbols\n* Clang: issues with libstdc++\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1582",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1582-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1582-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2H3B3VUHNFAXDEK6YLKWJWLKWC4NOIPM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1582-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2H3B3VUHNFAXDEK6YLKWJWLKWC4NOIPM/"
},
{
"category": "self",
"summary": "SUSE Bug 1192310",
"url": "https://bugzilla.suse.com/1192310"
},
{
"category": "self",
"summary": "SUSE Bug 1192734",
"url": "https://bugzilla.suse.com/1192734"
},
{
"category": "self",
"summary": "SUSE Bug 1193519",
"url": "https://bugzilla.suse.com/1193519"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38005 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38006 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38007 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38009 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38010 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38011 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38012 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38013 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38014 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38015 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38016 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38017 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38018 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38019 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38020 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38021 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38022 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4052 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4053 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4054 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4055 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4056 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4057 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4058 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4059 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4061 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4062 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4063 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4064 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4065 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4066 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4067 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4078 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4079/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-12-13T17:50:58Z",
"generator": {
"date": "2021-12-13T17:50:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1582-1",
"initial_release_date": "2021-12-13T17:50:58Z",
"revision_history": [
{
"date": "2021-12-13T17:50:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"product": {
"name": "chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"product_id": "chromedriver-96.0.4664.93-bp153.2.45.2.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"product": {
"name": "chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"product_id": "chromium-96.0.4664.93-bp153.2.45.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64"
},
"product_reference": "chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-96.0.4664.93-bp153.2.45.2.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
},
"product_reference": "chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-96.0.4664.93-bp153.2.45.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64"
},
"product_reference": "chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-96.0.4664.93-bp153.2.45.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
},
"product_reference": "chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38005"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38005",
"url": "https://www.suse.com/security/cve/CVE-2021-38005"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38005",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38005"
},
{
"cve": "CVE-2021-38006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38006"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38006",
"url": "https://www.suse.com/security/cve/CVE-2021-38006"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38006",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38006"
},
{
"cve": "CVE-2021-38007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38007"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38007",
"url": "https://www.suse.com/security/cve/CVE-2021-38007"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38007",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38007"
},
{
"cve": "CVE-2021-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38008"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38008",
"url": "https://www.suse.com/security/cve/CVE-2021-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38008",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38008"
},
{
"cve": "CVE-2021-38009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38009"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38009",
"url": "https://www.suse.com/security/cve/CVE-2021-38009"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38009",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38009"
},
{
"cve": "CVE-2021-38010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38010"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38010",
"url": "https://www.suse.com/security/cve/CVE-2021-38010"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38010",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38010"
},
{
"cve": "CVE-2021-38011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38011"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38011",
"url": "https://www.suse.com/security/cve/CVE-2021-38011"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38011",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38011"
},
{
"cve": "CVE-2021-38012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38012"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38012",
"url": "https://www.suse.com/security/cve/CVE-2021-38012"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38012",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38012"
},
{
"cve": "CVE-2021-38013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38013"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38013",
"url": "https://www.suse.com/security/cve/CVE-2021-38013"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38013",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38013"
},
{
"cve": "CVE-2021-38014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38014"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38014",
"url": "https://www.suse.com/security/cve/CVE-2021-38014"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38014",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38014"
},
{
"cve": "CVE-2021-38015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38015"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38015",
"url": "https://www.suse.com/security/cve/CVE-2021-38015"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38015",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38015"
},
{
"cve": "CVE-2021-38016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38016"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38016",
"url": "https://www.suse.com/security/cve/CVE-2021-38016"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38016",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38016"
},
{
"cve": "CVE-2021-38017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38017"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38017",
"url": "https://www.suse.com/security/cve/CVE-2021-38017"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38017",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38017"
},
{
"cve": "CVE-2021-38018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38018"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38018",
"url": "https://www.suse.com/security/cve/CVE-2021-38018"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38018",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38018"
},
{
"cve": "CVE-2021-38019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38019"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38019",
"url": "https://www.suse.com/security/cve/CVE-2021-38019"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38019",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38019"
},
{
"cve": "CVE-2021-38020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38020"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38020",
"url": "https://www.suse.com/security/cve/CVE-2021-38020"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38020",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38020"
},
{
"cve": "CVE-2021-38021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38021"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38021",
"url": "https://www.suse.com/security/cve/CVE-2021-38021"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38021",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38021"
},
{
"cve": "CVE-2021-38022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38022"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38022",
"url": "https://www.suse.com/security/cve/CVE-2021-38022"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38022",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "critical"
}
],
"title": "CVE-2021-38022"
},
{
"cve": "CVE-2021-4052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4052"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4052",
"url": "https://www.suse.com/security/cve/CVE-2021-4052"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4052",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4052"
},
{
"cve": "CVE-2021-4053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4053"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4053",
"url": "https://www.suse.com/security/cve/CVE-2021-4053"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4053",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4053"
},
{
"cve": "CVE-2021-4054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4054"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4054",
"url": "https://www.suse.com/security/cve/CVE-2021-4054"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4054",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4054"
},
{
"cve": "CVE-2021-4055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4055"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4055",
"url": "https://www.suse.com/security/cve/CVE-2021-4055"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4055",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4055"
},
{
"cve": "CVE-2021-4056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4056"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4056",
"url": "https://www.suse.com/security/cve/CVE-2021-4056"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4056",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4056"
},
{
"cve": "CVE-2021-4057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4057"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4057",
"url": "https://www.suse.com/security/cve/CVE-2021-4057"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4057",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4057"
},
{
"cve": "CVE-2021-4058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4058"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4058",
"url": "https://www.suse.com/security/cve/CVE-2021-4058"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4058",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4058"
},
{
"cve": "CVE-2021-4059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4059"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4059",
"url": "https://www.suse.com/security/cve/CVE-2021-4059"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4059",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4059"
},
{
"cve": "CVE-2021-4061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4061"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4061",
"url": "https://www.suse.com/security/cve/CVE-2021-4061"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4061",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4061"
},
{
"cve": "CVE-2021-4062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4062"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4062",
"url": "https://www.suse.com/security/cve/CVE-2021-4062"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4062",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4062"
},
{
"cve": "CVE-2021-4063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4063"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4063",
"url": "https://www.suse.com/security/cve/CVE-2021-4063"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4063",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4063"
},
{
"cve": "CVE-2021-4064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4064"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4064",
"url": "https://www.suse.com/security/cve/CVE-2021-4064"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4064",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4064"
},
{
"cve": "CVE-2021-4065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4065"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4065",
"url": "https://www.suse.com/security/cve/CVE-2021-4065"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4065",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4065"
},
{
"cve": "CVE-2021-4066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4066"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4066",
"url": "https://www.suse.com/security/cve/CVE-2021-4066"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4066",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4066"
},
{
"cve": "CVE-2021-4067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4067"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4067",
"url": "https://www.suse.com/security/cve/CVE-2021-4067"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4067",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4067"
},
{
"cve": "CVE-2021-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4068"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4068",
"url": "https://www.suse.com/security/cve/CVE-2021-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4068",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4068"
},
{
"cve": "CVE-2021-4078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4078"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4078",
"url": "https://www.suse.com/security/cve/CVE-2021-4078"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4078",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4078"
},
{
"cve": "CVE-2021-4079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4079"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4079",
"url": "https://www.suse.com/security/cve/CVE-2021-4079"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4079",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"SUSE Package Hub 15 SP3:chromium-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromedriver-96.0.4664.93-bp153.2.45.2.x86_64",
"openSUSE Leap 15.3:chromium-96.0.4664.93-bp153.2.45.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-13T17:50:58Z",
"details": "important"
}
],
"title": "CVE-2021-4079"
}
]
}
OPENSUSE-SU-2021:1632-1
Vulnerability from csaf_opensuse - Published: 2021-12-28 07:45 - Updated: 2021-12-28 07:45Summary
Security update for chromium
Severity
Important
Notes
Title of the patch: Security update for chromium
Description of the patch: This update for chromium fixes the following issues:
Chromium 96.0.4664.110 (boo#1193713):
* CVE-2021-4098: Insufficient data validation in Mojo
* CVE-2021-4099: Use after free in Swiftshader
* CVE-2021-4100: Object lifecycle issue in ANGLE
* CVE-2021-4101: Heap buffer overflow in Swiftshader
* CVE-2021-4102: Use after free in V8
Lord of the Browsers: The Two Compilers:
* Go back to GCC
* GCC: LTO removes needed assembly symbols
* Clang: issues with libstdc++
Chromium 96.0.4664.93 (boo#1193519):
* CVE-2021-4052: Use after free in web apps
* CVE-2021-4053: Use after free in UI
* CVE-2021-4079: Out of bounds write in WebRTC
* CVE-2021-4054: Incorrect security UI in autofill
* CVE-2021-4078: Type confusion in V8
* CVE-2021-4055: Heap buffer overflow in extensions
* CVE-2021-4056: Type Confusion in loader
* CVE-2021-4057: Use after free in file API
* CVE-2021-4058: Heap buffer overflow in ANGLE
* CVE-2021-4059: Insufficient data validation in loader
* CVE-2021-4061: Type Confusion in V8
* CVE-2021-4062: Heap buffer overflow in BFCache
* CVE-2021-4063: Use after free in developer tools
* CVE-2021-4064: Use after free in screen capture
* CVE-2021-4065: Use after free in autofill
* CVE-2021-4066: Integer underflow in ANGLE
* CVE-2021-4067: Use after free in window manager
* CVE-2021-4068: Insufficient validation of untrusted input in new tab page
Chromium 96.0.4664.45 (boo#1192734):
* CVE-2021-38007: Type Confusion in V8
* CVE-2021-38008: Use after free in media
* CVE-2021-38009: Inappropriate implementation in cache
* CVE-2021-38006: Use after free in storage foundation
* CVE-2021-38005: Use after free in loader
* CVE-2021-38010: Inappropriate implementation in service workers
* CVE-2021-38011: Use after free in storage foundation
* CVE-2021-38012: Type Confusion in V8
* CVE-2021-38013: Heap buffer overflow in fingerprint recognition
* CVE-2021-38014: Out of bounds write in Swiftshader
* CVE-2021-38015: Inappropriate implementation in input
* CVE-2021-38016: Insufficient policy enforcement in background fetch
* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
* CVE-2021-38018: Inappropriate implementation in navigation
* CVE-2021-38019: Insufficient policy enforcement in CORS
* CVE-2021-38020: Insufficient policy enforcement in contacts picker
* CVE-2021-38021: Inappropriate implementation in referrer
* CVE-2021-38022: Inappropriate implementation in WebAuthentication
Patchnames: openSUSE-2021-1632
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
131 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium 96.0.4664.110 (boo#1193713):\n\n* CVE-2021-4098: Insufficient data validation in Mojo\n* CVE-2021-4099: Use after free in Swiftshader\n* CVE-2021-4100: Object lifecycle issue in ANGLE\n* CVE-2021-4101: Heap buffer overflow in Swiftshader\n* CVE-2021-4102: Use after free in V8\n\nLord of the Browsers: The Two Compilers:\n\n* Go back to GCC\n* GCC: LTO removes needed assembly symbols\n* Clang: issues with libstdc++\n\nChromium 96.0.4664.93 (boo#1193519):\n\n* CVE-2021-4052: Use after free in web apps\n* CVE-2021-4053: Use after free in UI\n* CVE-2021-4079: Out of bounds write in WebRTC\n* CVE-2021-4054: Incorrect security UI in autofill\n* CVE-2021-4078: Type confusion in V8\n* CVE-2021-4055: Heap buffer overflow in extensions\n* CVE-2021-4056: Type Confusion in loader\n* CVE-2021-4057: Use after free in file API\n* CVE-2021-4058: Heap buffer overflow in ANGLE\n* CVE-2021-4059: Insufficient data validation in loader\n* CVE-2021-4061: Type Confusion in V8\n* CVE-2021-4062: Heap buffer overflow in BFCache\n* CVE-2021-4063: Use after free in developer tools\n* CVE-2021-4064: Use after free in screen capture\n* CVE-2021-4065: Use after free in autofill\n* CVE-2021-4066: Integer underflow in ANGLE\n* CVE-2021-4067: Use after free in window manager\n* CVE-2021-4068: Insufficient validation of untrusted input in new tab page\n\nChromium 96.0.4664.45 (boo#1192734):\n\n* CVE-2021-38007: Type Confusion in V8\n* CVE-2021-38008: Use after free in media\n* CVE-2021-38009: Inappropriate implementation in cache\n* CVE-2021-38006: Use after free in storage foundation\n* CVE-2021-38005: Use after free in loader\n* CVE-2021-38010: Inappropriate implementation in service workers\n* CVE-2021-38011: Use after free in storage foundation\n* CVE-2021-38012: Type Confusion in V8\n* CVE-2021-38013: Heap buffer overflow in fingerprint recognition\n* CVE-2021-38014: Out of bounds write in Swiftshader\n* CVE-2021-38015: Inappropriate implementation in input\n* CVE-2021-38016: Insufficient policy enforcement in background fetch\n* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox\n* CVE-2021-38018: Inappropriate implementation in navigation\n* CVE-2021-38019: Insufficient policy enforcement in CORS\n* CVE-2021-38020: Insufficient policy enforcement in contacts picker\n* CVE-2021-38021: Inappropriate implementation in referrer\n* CVE-2021-38022: Inappropriate implementation in WebAuthentication\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-1632",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1632-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:1632-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DUJZLITO4GTLR5FP75FBCLDYZMUY2AFI/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:1632-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DUJZLITO4GTLR5FP75FBCLDYZMUY2AFI/"
},
{
"category": "self",
"summary": "SUSE Bug 1192310",
"url": "https://bugzilla.suse.com/1192310"
},
{
"category": "self",
"summary": "SUSE Bug 1192734",
"url": "https://bugzilla.suse.com/1192734"
},
{
"category": "self",
"summary": "SUSE Bug 1193519",
"url": "https://bugzilla.suse.com/1193519"
},
{
"category": "self",
"summary": "SUSE Bug 1193713",
"url": "https://bugzilla.suse.com/1193713"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38005 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38006 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38007 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38009 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38010 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38011 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38012 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38013 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38014 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38015 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38016 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38017 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38018 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38018/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38019 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38020 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38021 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38022 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4052 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4053 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4054 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4055 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4056 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4057 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4058 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4059 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4061 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4062 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4063 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4064 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4065 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4066 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4067 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4078 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4098 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4099 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4100 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4101 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4102 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4102/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2021-12-28T07:45:13Z",
"generator": {
"date": "2021-12-28T07:45:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:1632-1",
"initial_release_date": "2021-12-28T07:45:13Z",
"revision_history": [
{
"date": "2021-12-28T07:45:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"product": {
"name": "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"product_id": "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-96.0.4664.110-lp152.2.143.1.x86_64",
"product": {
"name": "chromium-96.0.4664.110-lp152.2.143.1.x86_64",
"product_id": "chromium-96.0.4664.110-lp152.2.143.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64"
},
"product_reference": "chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-96.0.4664.110-lp152.2.143.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
},
"product_reference": "chromium-96.0.4664.110-lp152.2.143.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-38005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38005"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38005",
"url": "https://www.suse.com/security/cve/CVE-2021-38005"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38005",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38005"
},
{
"cve": "CVE-2021-38006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38006"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38006",
"url": "https://www.suse.com/security/cve/CVE-2021-38006"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38006",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38006"
},
{
"cve": "CVE-2021-38007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38007"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38007",
"url": "https://www.suse.com/security/cve/CVE-2021-38007"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38007",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38007"
},
{
"cve": "CVE-2021-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38008"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38008",
"url": "https://www.suse.com/security/cve/CVE-2021-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38008",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38008"
},
{
"cve": "CVE-2021-38009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38009"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38009",
"url": "https://www.suse.com/security/cve/CVE-2021-38009"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38009",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38009"
},
{
"cve": "CVE-2021-38010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38010"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38010",
"url": "https://www.suse.com/security/cve/CVE-2021-38010"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38010",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38010"
},
{
"cve": "CVE-2021-38011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38011"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38011",
"url": "https://www.suse.com/security/cve/CVE-2021-38011"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38011",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38011"
},
{
"cve": "CVE-2021-38012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38012"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38012",
"url": "https://www.suse.com/security/cve/CVE-2021-38012"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38012",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38012"
},
{
"cve": "CVE-2021-38013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38013"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38013",
"url": "https://www.suse.com/security/cve/CVE-2021-38013"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38013",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38013"
},
{
"cve": "CVE-2021-38014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38014"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38014",
"url": "https://www.suse.com/security/cve/CVE-2021-38014"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38014",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38014"
},
{
"cve": "CVE-2021-38015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38015"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38015",
"url": "https://www.suse.com/security/cve/CVE-2021-38015"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38015",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38015"
},
{
"cve": "CVE-2021-38016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38016"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38016",
"url": "https://www.suse.com/security/cve/CVE-2021-38016"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38016",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38016"
},
{
"cve": "CVE-2021-38017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38017"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38017",
"url": "https://www.suse.com/security/cve/CVE-2021-38017"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38017",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38017"
},
{
"cve": "CVE-2021-38018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38018"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38018",
"url": "https://www.suse.com/security/cve/CVE-2021-38018"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38018",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38018"
},
{
"cve": "CVE-2021-38019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38019"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38019",
"url": "https://www.suse.com/security/cve/CVE-2021-38019"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38019",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38019"
},
{
"cve": "CVE-2021-38020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38020"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38020",
"url": "https://www.suse.com/security/cve/CVE-2021-38020"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38020",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38020"
},
{
"cve": "CVE-2021-38021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38021"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38021",
"url": "https://www.suse.com/security/cve/CVE-2021-38021"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38021",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38021"
},
{
"cve": "CVE-2021-38022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38022"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38022",
"url": "https://www.suse.com/security/cve/CVE-2021-38022"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38022",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "critical"
}
],
"title": "CVE-2021-38022"
},
{
"cve": "CVE-2021-4052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4052"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4052",
"url": "https://www.suse.com/security/cve/CVE-2021-4052"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4052",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4052"
},
{
"cve": "CVE-2021-4053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4053"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4053",
"url": "https://www.suse.com/security/cve/CVE-2021-4053"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4053",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4053"
},
{
"cve": "CVE-2021-4054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4054"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4054",
"url": "https://www.suse.com/security/cve/CVE-2021-4054"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4054",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4054"
},
{
"cve": "CVE-2021-4055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4055"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4055",
"url": "https://www.suse.com/security/cve/CVE-2021-4055"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4055",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4055"
},
{
"cve": "CVE-2021-4056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4056"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4056",
"url": "https://www.suse.com/security/cve/CVE-2021-4056"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4056",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4056"
},
{
"cve": "CVE-2021-4057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4057"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4057",
"url": "https://www.suse.com/security/cve/CVE-2021-4057"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4057",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4057"
},
{
"cve": "CVE-2021-4058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4058"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4058",
"url": "https://www.suse.com/security/cve/CVE-2021-4058"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4058",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4058"
},
{
"cve": "CVE-2021-4059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4059"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4059",
"url": "https://www.suse.com/security/cve/CVE-2021-4059"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4059",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4059"
},
{
"cve": "CVE-2021-4061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4061"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4061",
"url": "https://www.suse.com/security/cve/CVE-2021-4061"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4061",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4061"
},
{
"cve": "CVE-2021-4062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4062"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4062",
"url": "https://www.suse.com/security/cve/CVE-2021-4062"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4062",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4062"
},
{
"cve": "CVE-2021-4063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4063"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4063",
"url": "https://www.suse.com/security/cve/CVE-2021-4063"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4063",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4063"
},
{
"cve": "CVE-2021-4064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4064"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4064",
"url": "https://www.suse.com/security/cve/CVE-2021-4064"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4064",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4064"
},
{
"cve": "CVE-2021-4065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4065"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4065",
"url": "https://www.suse.com/security/cve/CVE-2021-4065"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4065",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4065"
},
{
"cve": "CVE-2021-4066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4066"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4066",
"url": "https://www.suse.com/security/cve/CVE-2021-4066"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4066",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4066"
},
{
"cve": "CVE-2021-4067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4067"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4067",
"url": "https://www.suse.com/security/cve/CVE-2021-4067"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4067",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4067"
},
{
"cve": "CVE-2021-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4068"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4068",
"url": "https://www.suse.com/security/cve/CVE-2021-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4068",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4068"
},
{
"cve": "CVE-2021-4078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4078"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4078",
"url": "https://www.suse.com/security/cve/CVE-2021-4078"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4078",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4078"
},
{
"cve": "CVE-2021-4079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4079"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4079",
"url": "https://www.suse.com/security/cve/CVE-2021-4079"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4079",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4079"
},
{
"cve": "CVE-2021-4098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4098"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4098",
"url": "https://www.suse.com/security/cve/CVE-2021-4098"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4098",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4098"
},
{
"cve": "CVE-2021-4099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4099"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4099",
"url": "https://www.suse.com/security/cve/CVE-2021-4099"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4099",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4099"
},
{
"cve": "CVE-2021-4100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4100"
}
],
"notes": [
{
"category": "general",
"text": "Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4100",
"url": "https://www.suse.com/security/cve/CVE-2021-4100"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4100",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4100"
},
{
"cve": "CVE-2021-4101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4101"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4101",
"url": "https://www.suse.com/security/cve/CVE-2021-4101"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4101",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4101"
},
{
"cve": "CVE-2021-4102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4102"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4102",
"url": "https://www.suse.com/security/cve/CVE-2021-4102"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4102",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:chromedriver-96.0.4664.110-lp152.2.143.1.x86_64",
"openSUSE Leap 15.2:chromium-96.0.4664.110-lp152.2.143.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-28T07:45:13Z",
"details": "important"
}
],
"title": "CVE-2021-4102"
}
]
}
OPENSUSE-SU-2022:0047-1
Vulnerability from csaf_opensuse - Published: 2022-02-20 17:01 - Updated: 2022-02-20 17:01Summary
Security update for opera
Severity
Important
Notes
Title of the patch: Security update for opera
Description of the patch: This update for opera fixes the following issues:
Update to 83.0.4254.27
- CHR-8737 Update chromium on desktop-stable-97-4254 to
97.0.4692.99
- DNA-96336 [Mac] Translate new network installer slogan
- DNA-96678 Add battery level monitoring capability to
powerSavePrivate
- DNA-96939 Crash at
opera::ExternalVideoService::MarkAsManuallyClosed()
- DNA-97276 Enable #static-tab-audio-indicator on all streams
- The update to chromium 97.0.4692.99 fixes following issues:
CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292,
CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296,
CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301,
CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306,
CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310,
CVE-2022-0311
Update to 83.0.4254.19
- DNA-96079 Turn on #automatic-video-popout on developer
- DNA-97070 Opera 83 translations
- DNA-97119 [LastCard] Stop showing used burner cards
- DNA-97131 Enable automatic-video-popout on all streams from
O84 on
- DNA-97257 Crash at
views::ImageButton::SetMinimumImageSize(gfx::Size const&)
- DNA-97259 Promote O83 to stable
- Complete Opera 83.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-83/
- Update to 83.0.4254.16
- DNA-96968 Fix alignment of the 'Advanced' button in Settings
- Update to 83.0.4254.14
- CHR-8701 Update chromium on desktop-stable-97-4254 to
97.0.4692.45
- CHR-8713 Update chromium on desktop-stable-97-4254 to
97.0.4692.56
- CHR-8723 Update chromium on desktop-stable-97-4254 to
97.0.4692.71
- DNA-96780 Crash at
ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)
- DNA-96822 Tab close resize behavior change
- DNA-96861 Create Loomi Options menu
- DNA-96904 Support Win11 snap layout popup
- DNA-96951 Tab close animation broken
- DNA-96991 Tab X button doesn’t work correctly
- DNA-97027 Incorrect tab size after tab close
- The update to chromium 97.0.4692.71 fixes following issues:
CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099,
CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103,
CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106,
CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110,
CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113,
CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117,
CVE-2022-0118, CVE-2022-0120
- Update to version 82.0.4227.58
- DNA-96780 Crash at
ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)
- DNA-96890 Settings default browser not working for current
user on Windows 7
- Update to version 82.0.4227.43
- CHR-8705 Update chromium on desktop-stable-96-4227 to
96.0.4664.110
- DNA-93284 Unstable
obj/opera/desktop/common/installer_rc_generated/installer.res
- DNA-95908 Interstitial/internal pages shown as NOT SECURE
after visiting http site
- DNA-96404 Opera doesn’t show on main screen when second screen
is abruptly disconnected
- The update to chromium 96.0.4664.110 fixes following issues:
CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101,
CVE-2021-4102
- Update to version 82.0.4227.33
- CHR-8689 Update chromium on desktop-stable-96-4227 to
96.0.4664.93
- DNA-96559 Tooltip popup looks bad in dark theme
- DNA-96570 [Player] Tidal logging in via PLAY doesn’t work
- DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks
- DNA-96649 Update Meme button
- DNA-96676 Add Icon in the Sidebar Setup
- DNA-96677 Add default URL
- The update to chromium 96.0.4664.93 fixes following issues:
CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054,
CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057,
CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062,
CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066,
CVE-2021-4067, CVE-2021-4068
- Update to version 82.0.4227.23
- DNA-95632 With new au-logic UUID is set with delay and may be
not set for pb-builds (when closing fast)
- DNA-96349 Laggy tooltip animation
- DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap
version for Opera 82
- DNA-96493 Create 'small' enticement in credit card autofill
- DNA-96533 Opera 82 translations
- DNA-96535 Make the URL configurable
- DNA-96553 Add switch to whitelist test pages
- DNA-96557 Links not opened from panel
- DNA-96558 AdBlock bloks some trackers inside the panel
- DNA-96568 [Player] Tidal in sidebar Player opens wrong site
when logging in
- DNA-96659 Siteprefs not applied after network service crash
- DNA-96593 Promote O82 to stable
- Complete Opera 82.0 changelog at:
https://blogs.opera.com/desktop/changelog-for-82/
- Update to version 82.0.4227.13
- CHR-8668 Update chromium on desktop-stable-96-4227 to
96.0.4664.45
- DNA-76987 [Mac] Update desktop EULA with geolocation split
- DNA-93388 Problem with symlinks on windows when creating
file list
- DNA-95734 Discarded Recently Closed items get revived
after restart
- DNA-96134 'Your profile has been updated' does not disappear
- DNA-96190 Opera freezes when trying to drag expanded
bookmark folder with nested subfolders
- DNA-96223 Easy Files not working in Full Screen
- DNA-96274 Checkout autofill shouldn't show used burner card
- DNA-96275 Change the notification message for pausing
multi-use cards
- DNA-96295 'Video pop out' setting doesn't sync
- DNA-96316 Highlight text wrong colour on dark mode
- DNA-96326 Wrong translation Private Mode > Turkish
- DNA-96351 macOS window controls are missing in full screen
- DNA-96440 Update video URL
- DNA-96448 add option to pin extension via rich hints
- DNA-96453 Register user-chosen option on client-side, read on
hint side
- DNA-96454 Choosing an option from the settings menu should
close the popup
- DNA-96484 Enable AB test for a new autoupdater logic (for 50%)
- DNA-96500 Add 'don't show me again' prefs to allowed whitelist
- DNA-96538 Inline audiocomplete for www.mediaexpert.pl
incorrectly suggested
- The update to chromium 96.0.4664.45 fixes following issues:
CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008,
CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012,
CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016,
CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021,
CVE-2021-38022
- Update to version 81.0.4196.54
- CHR-8644 Update chromium on desktop-stable-95-4196 to
95.0.4638.69
- DNA-95773 ExtensionWebRequestApiTest crashes on mac
- DNA-96062 Opera 81 translations
- DNA-96134 “Your profile has been updated’ does not disappear
- DNA-96274 Checkout autofill shouldn’t show used burner card
- DNA-96275 Change the notification message for pausing
multi-use cards
- DNA-96440 Update video URL
- The update to chromium 95.0.4638.69 fixes following issues:
CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980,
CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004
- Update to version 81.0.4196.37
- DNA-96008 Crash at
content::WebContentsImpl::OpenURL(content::OpenURLParams const&)
- DNA-96032 Closing the videoconference pop-up force leaving
the meeting
- DNA-96092 Crash at void
opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result)
- DNA-96142 [Yat] Emoji icon cut off in URL for Yat
Patchnames: openSUSE-2022-47
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.1 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
4.3 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.6 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
307 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opera",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opera fixes the following issues:\n\nUpdate to 83.0.4254.27\n\n - CHR-8737 Update chromium on desktop-stable-97-4254 to\n 97.0.4692.99\n - DNA-96336 [Mac] Translate new network installer slogan\n - DNA-96678 Add battery level monitoring capability to\n powerSavePrivate\n - DNA-96939 Crash at \n opera::ExternalVideoService::MarkAsManuallyClosed()\n - DNA-97276 Enable #static-tab-audio-indicator on all streams\n\n- The update to chromium 97.0.4692.99 fixes following issues:\n CVE-2022-0289, CVE-2022-0290, CVE-2022-0291, CVE-2022-0292,\n CVE-2022-0293, CVE-2022-0294, CVE-2022-0295, CVE-2022-0296,\n CVE-2022-0297, CVE-2022-0298, CVE-2022-0300, CVE-2022-0301,\n CVE-2022-0302, CVE-2022-0304, CVE-2022-0305, CVE-2022-0306,\n CVE-2022-0307, CVE-2022-0308, CVE-2022-0309, CVE-2022-0310,\n CVE-2022-0311\n\nUpdate to 83.0.4254.19\n\n - DNA-96079 Turn on #automatic-video-popout on developer\n - DNA-97070 Opera 83 translations\n - DNA-97119 [LastCard] Stop showing used burner cards\n - DNA-97131 Enable automatic-video-popout on all streams from\n O84 on\n - DNA-97257 Crash at \n views::ImageButton::SetMinimumImageSize(gfx::Size const\u0026)\n - DNA-97259 Promote O83 to stable\n\n- Complete Opera 83.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-83/\n\n- Update to 83.0.4254.16\n\n - DNA-96968 Fix alignment of the \u0027Advanced\u0027 button in Settings\n\n- Update to 83.0.4254.14\n\n - CHR-8701 Update chromium on desktop-stable-97-4254 to\n 97.0.4692.45\n - CHR-8713 Update chromium on desktop-stable-97-4254 to\n 97.0.4692.56\n - CHR-8723 Update chromium on desktop-stable-97-4254 to\n 97.0.4692.71\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96822 Tab close resize behavior change\n - DNA-96861 Create Loomi Options menu\n - DNA-96904 Support Win11 snap layout popup\n - DNA-96951 Tab close animation broken\n - DNA-96991 Tab X button doesn\u2019t work correctly\n - DNA-97027 Incorrect tab size after tab close\n- The update to chromium 97.0.4692.71 fixes following issues:\n CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099,\n CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103,\n CVE-2022-0104, CVE-2022-0105, CVE-2022-0105, CVE-2022-0106,\n CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110,\n CVE-2022-0111, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113,\n CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117,\n CVE-2022-0118, CVE-2022-0120\n\n- Update to version 82.0.4227.58\n\n - DNA-96780 Crash at\n ui::NativeTheme::RemoveObserver(ui::NativeThemeObserver*)\n - DNA-96890 Settings default browser not working for current\n user on Windows 7\n\n- Update to version 82.0.4227.43\n\n - CHR-8705 Update chromium on desktop-stable-96-4227 to\n 96.0.4664.110\n - DNA-93284 Unstable\n obj/opera/desktop/common/installer_rc_generated/installer.res\n - DNA-95908 Interstitial/internal pages shown as NOT SECURE\n after visiting http site\n - DNA-96404 Opera doesn\u2019t show on main screen when second screen\n is abruptly disconnected\n\n- The update to chromium 96.0.4664.110 fixes following issues:\n CVE-2021-4098, CVE-2021-4099, CVE-2021-4100, CVE-2021-4101,\n CVE-2021-4102\n\n- Update to version 82.0.4227.33\n\n - CHR-8689 Update chromium on desktop-stable-96-4227 to\n 96.0.4664.93\n - DNA-96559 Tooltip popup looks bad in dark theme\n - DNA-96570 [Player] Tidal logging in via PLAY doesn\u2019t work\n - DNA-96594 Unnecessary extra space in fullscreen mode on M1 Pro MacBooks\n - DNA-96649 Update Meme button\n - DNA-96676 Add Icon in the Sidebar Setup\n - DNA-96677 Add default URL\n- The update to chromium 96.0.4664.93 fixes following issues:\n CVE-2021-4052, CVE-2021-4053, CVE-2021-4079, CVE-2021-4054,\n CVE-2021-4078, CVE-2021-4055, CVE-2021-4056, CVE-2021-4057,\n CVE-2021-4058, CVE-2021-4059, CVE-2021-4061, CVE-2021-4062,\n CVE-2021-4063, CVE-2021-4064, CVE-2021-4065, CVE-2021-4066,\n CVE-2021-4067, CVE-2021-4068\n\n- Update to version 82.0.4227.23\n\n - DNA-95632 With new au-logic UUID is set with delay and may be\n not set for pb-builds (when closing fast)\n - DNA-96349 Laggy tooltip animation\n - DNA-96483 [Snap][Linux] Video not working / wrong ffmpeg snap\n version for Opera 82\n - DNA-96493 Create \u0027small\u0027 enticement in credit card autofill\n - DNA-96533 Opera 82 translations\n - DNA-96535 Make the URL configurable\n - DNA-96553 Add switch to whitelist test pages\n - DNA-96557 Links not opened from panel\n - DNA-96558 AdBlock bloks some trackers inside the panel\n - DNA-96568 [Player] Tidal in sidebar Player opens wrong site\n when logging in\n - DNA-96659 Siteprefs not applied after network service crash\n - DNA-96593 Promote O82 to stable\n\n- Complete Opera 82.0 changelog at:\n https://blogs.opera.com/desktop/changelog-for-82/\n\n- Update to version 82.0.4227.13\n\n - CHR-8668 Update chromium on desktop-stable-96-4227 to\n 96.0.4664.45\n - DNA-76987 [Mac] Update desktop EULA with geolocation split\n - DNA-93388 Problem with symlinks on windows when creating\n file list\n - DNA-95734 Discarded Recently Closed items get revived\n after restart\n - DNA-96134 \u0027Your profile has been updated\u0027 does not disappear\n - DNA-96190 Opera freezes when trying to drag expanded\n bookmark folder with nested subfolders\n - DNA-96223 Easy Files not working in Full Screen\n - DNA-96274 Checkout autofill shouldn\u0027t show used burner card\n - DNA-96275 Change the notification message for pausing\n multi-use cards\n - DNA-96295 \u0027Video pop out\u0027 setting doesn\u0027t sync\n - DNA-96316 Highlight text wrong colour on dark mode\n - DNA-96326 Wrong translation Private Mode \u003e Turkish\n - DNA-96351 macOS window controls are missing in full screen\n - DNA-96440 Update video URL\n - DNA-96448 add option to pin extension via rich hints\n - DNA-96453 Register user-chosen option on client-side, read on\n hint side\n - DNA-96454 Choosing an option from the settings menu should\n close the popup\n - DNA-96484 Enable AB test for a new autoupdater logic (for 50%)\n - DNA-96500 Add \u0027don\u0027t show me again\u0027 prefs to allowed whitelist\n - DNA-96538 Inline audiocomplete for www.mediaexpert.pl\n incorrectly suggested\n- The update to chromium 96.0.4664.45 fixes following issues:\n CVE-2021-38005, CVE-2021-38006, CVE-2021-38007, CVE-2021-38008,\n CVE-2021-38009, CVE-2021-38010, CVE-2021-38011, CVE-2021-38012,\n CVE-2021-38013, CVE-2021-38014, CVE-2021-38015, CVE-2021-38016,\n CVE-2021-38017, CVE-2021-38019, CVE-2021-38020, CVE-2021-38021,\n CVE-2021-38022\n \n\n- Update to version 81.0.4196.54\n\n - CHR-8644 Update chromium on desktop-stable-95-4196 to\n 95.0.4638.69\n - DNA-95773 ExtensionWebRequestApiTest crashes on mac\n - DNA-96062 Opera 81 translations\n - DNA-96134 \u201cYour profile has been updated\u2019 does not disappear\n - DNA-96274 Checkout autofill shouldn\u2019t show used burner card\n - DNA-96275 Change the notification message for pausing\n multi-use cards\n - DNA-96440 Update video URL\n\n- The update to chromium 95.0.4638.69 fixes following issues:\n CVE-2021-37997, CVE-2021-37998, CVE-2021-37999, CVE-2021-37980,\n CVE-2021-38001, CVE-2021-38002, CVE-2021-38003, CVE-2021-38004 \n\n- Update to version 81.0.4196.37\n\n - DNA-96008 Crash at\n content::WebContentsImpl::OpenURL(content::OpenURLParams const\u0026)\n - DNA-96032 Closing the videoconference pop-up force leaving\n the meeting\n - DNA-96092 Crash at void\n opera::ModalDialogViews::OnWidgetClosing(opera::ModalDialog::Result)\n - DNA-96142 [Yat] Emoji icon cut off in URL for Yat\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-47",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0047-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0047-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JVEGWNKSSGZPVVLVJKNT5ZEY54Z5RLV4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0047-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JVEGWNKSSGZPVVLVJKNT5ZEY54Z5RLV4/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37980 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37980/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37997 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37998 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37999 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38001 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38002 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38003 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38004 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38005 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38006 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38007 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38007/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38008 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38008/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38009 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38009/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38010 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38010/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38011 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38012 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38013 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38014 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38015 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38016 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38017 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38019 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38019/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38020 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38020/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38021 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38022 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4052 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4052/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4053 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4054 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4055 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4055/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4056 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4057 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4058 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4059 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4061 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4062 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4062/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4063 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4064 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4065 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4066 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4067 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4067/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4068 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4078 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4079 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4098 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4099 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4100 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4101 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4102 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0096 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0097 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0098 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0099 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0100 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0101 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0102 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0103 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0104 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0105 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0106 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0107 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0108 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0109 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0109/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0110 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0111 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0112 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0113 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0114 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0115 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0115/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0116 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0117 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0118 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0120 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0289 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0289/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0290 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0291 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0292 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0293 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0294 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0294/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0295 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0296 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0296/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0297 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0298 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0300 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0301 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0302 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0302/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0304 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0305 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0306 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0306/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0307 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0307/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0308 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0309 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0309/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0310 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0311 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0311/"
}
],
"title": "Security update for opera",
"tracking": {
"current_release_date": "2022-02-20T17:01:21Z",
"generator": {
"date": "2022-02-20T17:01:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0047-1",
"initial_release_date": "2022-02-20T17:01:21Z",
"revision_history": [
{
"date": "2022-02-20T17:01:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opera-83.0.4254.27-lp153.2.33.1.x86_64",
"product": {
"name": "opera-83.0.4254.27-lp153.2.33.1.x86_64",
"product_id": "opera-83.0.4254.27-lp153.2.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3 NonFree",
"product": {
"name": "openSUSE Leap 15.3 NonFree",
"product_id": "openSUSE Leap 15.3 NonFree",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opera-83.0.4254.27-lp153.2.33.1.x86_64 as component of openSUSE Leap 15.3 NonFree",
"product_id": "openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
},
"product_reference": "opera-83.0.4254.27-lp153.2.33.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3 NonFree"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-37980",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37980"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37980",
"url": "https://www.suse.com/security/cve/CVE-2021-37980"
},
{
"category": "external",
"summary": "SUSE Bug 1191463 for CVE-2021-37980",
"url": "https://bugzilla.suse.com/1191463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "moderate"
}
],
"title": "CVE-2021-37980"
},
{
"cve": "CVE-2021-37997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37997"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37997",
"url": "https://www.suse.com/security/cve/CVE-2021-37997"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37997",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-37997"
},
{
"cve": "CVE-2021-37998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37998"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37998",
"url": "https://www.suse.com/security/cve/CVE-2021-37998"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37998",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-37998"
},
{
"cve": "CVE-2021-37999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37999"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37999",
"url": "https://www.suse.com/security/cve/CVE-2021-37999"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-37999",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-37999"
},
{
"cve": "CVE-2021-38001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38001"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38001",
"url": "https://www.suse.com/security/cve/CVE-2021-38001"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38001",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38001"
},
{
"cve": "CVE-2021-38002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38002"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38002",
"url": "https://www.suse.com/security/cve/CVE-2021-38002"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38002",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38002"
},
{
"cve": "CVE-2021-38003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38003"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38003",
"url": "https://www.suse.com/security/cve/CVE-2021-38003"
},
{
"category": "external",
"summary": "SUSE Bug 1192184 for CVE-2021-38003",
"url": "https://bugzilla.suse.com/1192184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38003"
},
{
"cve": "CVE-2021-38004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38004"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38004",
"url": "https://www.suse.com/security/cve/CVE-2021-38004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "moderate"
}
],
"title": "CVE-2021-38004"
},
{
"cve": "CVE-2021-38005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38005"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38005",
"url": "https://www.suse.com/security/cve/CVE-2021-38005"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38005",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38005"
},
{
"cve": "CVE-2021-38006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38006"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38006",
"url": "https://www.suse.com/security/cve/CVE-2021-38006"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38006",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38006"
},
{
"cve": "CVE-2021-38007",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38007"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38007",
"url": "https://www.suse.com/security/cve/CVE-2021-38007"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38007",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38007"
},
{
"cve": "CVE-2021-38008",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38008"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38008",
"url": "https://www.suse.com/security/cve/CVE-2021-38008"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38008",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38008"
},
{
"cve": "CVE-2021-38009",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38009"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38009",
"url": "https://www.suse.com/security/cve/CVE-2021-38009"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38009",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38009"
},
{
"cve": "CVE-2021-38010",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38010"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38010",
"url": "https://www.suse.com/security/cve/CVE-2021-38010"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38010",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38010"
},
{
"cve": "CVE-2021-38011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38011"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38011",
"url": "https://www.suse.com/security/cve/CVE-2021-38011"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38011",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38011"
},
{
"cve": "CVE-2021-38012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38012"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38012",
"url": "https://www.suse.com/security/cve/CVE-2021-38012"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38012",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38012"
},
{
"cve": "CVE-2021-38013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38013"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38013",
"url": "https://www.suse.com/security/cve/CVE-2021-38013"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38013",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38013"
},
{
"cve": "CVE-2021-38014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38014"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38014",
"url": "https://www.suse.com/security/cve/CVE-2021-38014"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38014",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38014"
},
{
"cve": "CVE-2021-38015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38015"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38015",
"url": "https://www.suse.com/security/cve/CVE-2021-38015"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38015",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38015"
},
{
"cve": "CVE-2021-38016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38016"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38016",
"url": "https://www.suse.com/security/cve/CVE-2021-38016"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38016",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38016"
},
{
"cve": "CVE-2021-38017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38017"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38017",
"url": "https://www.suse.com/security/cve/CVE-2021-38017"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38017",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38017"
},
{
"cve": "CVE-2021-38019",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38019"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38019",
"url": "https://www.suse.com/security/cve/CVE-2021-38019"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38019",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38019"
},
{
"cve": "CVE-2021-38020",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38020"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38020",
"url": "https://www.suse.com/security/cve/CVE-2021-38020"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38020",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38020"
},
{
"cve": "CVE-2021-38021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38021"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38021",
"url": "https://www.suse.com/security/cve/CVE-2021-38021"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38021",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38021"
},
{
"cve": "CVE-2021-38022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38022"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38022",
"url": "https://www.suse.com/security/cve/CVE-2021-38022"
},
{
"category": "external",
"summary": "SUSE Bug 1192734 for CVE-2021-38022",
"url": "https://bugzilla.suse.com/1192734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2021-38022"
},
{
"cve": "CVE-2021-4052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4052"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4052",
"url": "https://www.suse.com/security/cve/CVE-2021-4052"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4052",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4052"
},
{
"cve": "CVE-2021-4053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4053"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4053",
"url": "https://www.suse.com/security/cve/CVE-2021-4053"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4053",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4053"
},
{
"cve": "CVE-2021-4054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4054"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4054",
"url": "https://www.suse.com/security/cve/CVE-2021-4054"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4054",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4054"
},
{
"cve": "CVE-2021-4055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4055"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4055",
"url": "https://www.suse.com/security/cve/CVE-2021-4055"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4055",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4055"
},
{
"cve": "CVE-2021-4056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4056"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4056",
"url": "https://www.suse.com/security/cve/CVE-2021-4056"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4056",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4056"
},
{
"cve": "CVE-2021-4057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4057"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4057",
"url": "https://www.suse.com/security/cve/CVE-2021-4057"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4057",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4057"
},
{
"cve": "CVE-2021-4058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4058"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4058",
"url": "https://www.suse.com/security/cve/CVE-2021-4058"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4058",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4058"
},
{
"cve": "CVE-2021-4059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4059"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4059",
"url": "https://www.suse.com/security/cve/CVE-2021-4059"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4059",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4059"
},
{
"cve": "CVE-2021-4061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4061"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4061",
"url": "https://www.suse.com/security/cve/CVE-2021-4061"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4061",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4061"
},
{
"cve": "CVE-2021-4062",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4062"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4062",
"url": "https://www.suse.com/security/cve/CVE-2021-4062"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4062",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4062"
},
{
"cve": "CVE-2021-4063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4063"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4063",
"url": "https://www.suse.com/security/cve/CVE-2021-4063"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4063",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4063"
},
{
"cve": "CVE-2021-4064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4064"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4064",
"url": "https://www.suse.com/security/cve/CVE-2021-4064"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4064",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4064"
},
{
"cve": "CVE-2021-4065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4065"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4065",
"url": "https://www.suse.com/security/cve/CVE-2021-4065"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4065",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4065"
},
{
"cve": "CVE-2021-4066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4066"
}
],
"notes": [
{
"category": "general",
"text": "Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4066",
"url": "https://www.suse.com/security/cve/CVE-2021-4066"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4066",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4066"
},
{
"cve": "CVE-2021-4067",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4067"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4067",
"url": "https://www.suse.com/security/cve/CVE-2021-4067"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4067",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4067"
},
{
"cve": "CVE-2021-4068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4068"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4068",
"url": "https://www.suse.com/security/cve/CVE-2021-4068"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4068",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4068"
},
{
"cve": "CVE-2021-4078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4078"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4078",
"url": "https://www.suse.com/security/cve/CVE-2021-4078"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4078",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4078"
},
{
"cve": "CVE-2021-4079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4079"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4079",
"url": "https://www.suse.com/security/cve/CVE-2021-4079"
},
{
"category": "external",
"summary": "SUSE Bug 1193519 for CVE-2021-4079",
"url": "https://bugzilla.suse.com/1193519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4079"
},
{
"cve": "CVE-2021-4098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4098"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4098",
"url": "https://www.suse.com/security/cve/CVE-2021-4098"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4098",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4098"
},
{
"cve": "CVE-2021-4099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4099"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4099",
"url": "https://www.suse.com/security/cve/CVE-2021-4099"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4099",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4099"
},
{
"cve": "CVE-2021-4100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4100"
}
],
"notes": [
{
"category": "general",
"text": "Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4100",
"url": "https://www.suse.com/security/cve/CVE-2021-4100"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4100",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4100"
},
{
"cve": "CVE-2021-4101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4101"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4101",
"url": "https://www.suse.com/security/cve/CVE-2021-4101"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4101",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4101"
},
{
"cve": "CVE-2021-4102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4102"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4102",
"url": "https://www.suse.com/security/cve/CVE-2021-4102"
},
{
"category": "external",
"summary": "SUSE Bug 1193713 for CVE-2021-4102",
"url": "https://bugzilla.suse.com/1193713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "important"
}
],
"title": "CVE-2021-4102"
},
{
"cve": "CVE-2022-0096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0096"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0096",
"url": "https://www.suse.com/security/cve/CVE-2022-0096"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0096",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0096",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0096"
},
{
"cve": "CVE-2022-0097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0097"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0097",
"url": "https://www.suse.com/security/cve/CVE-2022-0097"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0097",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0097",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0097"
},
{
"cve": "CVE-2022-0098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0098"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0098",
"url": "https://www.suse.com/security/cve/CVE-2022-0098"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0098",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0098",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0098"
},
{
"cve": "CVE-2022-0099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0099"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0099",
"url": "https://www.suse.com/security/cve/CVE-2022-0099"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0099",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0099",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0099"
},
{
"cve": "CVE-2022-0100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0100"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0100",
"url": "https://www.suse.com/security/cve/CVE-2022-0100"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0100",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0100",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0100"
},
{
"cve": "CVE-2022-0101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0101"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0101",
"url": "https://www.suse.com/security/cve/CVE-2022-0101"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0101",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0101",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0101"
},
{
"cve": "CVE-2022-0102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0102"
}
],
"notes": [
{
"category": "general",
"text": "Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0102",
"url": "https://www.suse.com/security/cve/CVE-2022-0102"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0102",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0102",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0102"
},
{
"cve": "CVE-2022-0103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0103"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0103",
"url": "https://www.suse.com/security/cve/CVE-2022-0103"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0103",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0103",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0103"
},
{
"cve": "CVE-2022-0104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0104"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0104",
"url": "https://www.suse.com/security/cve/CVE-2022-0104"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0104",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0104",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0104"
},
{
"cve": "CVE-2022-0105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0105"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0105",
"url": "https://www.suse.com/security/cve/CVE-2022-0105"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0105",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0105",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0105"
},
{
"cve": "CVE-2022-0106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0106"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0106",
"url": "https://www.suse.com/security/cve/CVE-2022-0106"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0106",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0106",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0106"
},
{
"cve": "CVE-2022-0107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0107"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0107",
"url": "https://www.suse.com/security/cve/CVE-2022-0107"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0107",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0107",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0107"
},
{
"cve": "CVE-2022-0108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0108"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0108",
"url": "https://www.suse.com/security/cve/CVE-2022-0108"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0108",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1210731 for CVE-2022-0108",
"url": "https://bugzilla.suse.com/1210731"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0108",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0108"
},
{
"cve": "CVE-2022-0109",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0109"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0109",
"url": "https://www.suse.com/security/cve/CVE-2022-0109"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0109",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0109",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0109"
},
{
"cve": "CVE-2022-0110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0110"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0110",
"url": "https://www.suse.com/security/cve/CVE-2022-0110"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0110",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0110",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0110"
},
{
"cve": "CVE-2022-0111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0111"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0111",
"url": "https://www.suse.com/security/cve/CVE-2022-0111"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0111",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0111",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0111"
},
{
"cve": "CVE-2022-0112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0112"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0112",
"url": "https://www.suse.com/security/cve/CVE-2022-0112"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0112",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0112",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0112"
},
{
"cve": "CVE-2022-0113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0113"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0113",
"url": "https://www.suse.com/security/cve/CVE-2022-0113"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0113",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0113",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0113"
},
{
"cve": "CVE-2022-0114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0114"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0114",
"url": "https://www.suse.com/security/cve/CVE-2022-0114"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0114",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0114",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0114"
},
{
"cve": "CVE-2022-0115",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0115"
}
],
"notes": [
{
"category": "general",
"text": "Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0115",
"url": "https://www.suse.com/security/cve/CVE-2022-0115"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0115",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0115",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0115"
},
{
"cve": "CVE-2022-0116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0116"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0116",
"url": "https://www.suse.com/security/cve/CVE-2022-0116"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0116",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0116",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0116"
},
{
"cve": "CVE-2022-0117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0117"
}
],
"notes": [
{
"category": "general",
"text": "Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0117",
"url": "https://www.suse.com/security/cve/CVE-2022-0117"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0117",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0117",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0117"
},
{
"cve": "CVE-2022-0118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0118"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0118",
"url": "https://www.suse.com/security/cve/CVE-2022-0118"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0118",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0118",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0118"
},
{
"cve": "CVE-2022-0120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0120"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0120",
"url": "https://www.suse.com/security/cve/CVE-2022-0120"
},
{
"category": "external",
"summary": "SUSE Bug 1194331 for CVE-2022-0120",
"url": "https://bugzilla.suse.com/1194331"
},
{
"category": "external",
"summary": "SUSE Bug 1213802 for CVE-2022-0120",
"url": "https://bugzilla.suse.com/1213802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0120"
},
{
"cve": "CVE-2022-0289",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0289"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0289",
"url": "https://www.suse.com/security/cve/CVE-2022-0289"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0289",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0289"
},
{
"cve": "CVE-2022-0290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0290"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0290",
"url": "https://www.suse.com/security/cve/CVE-2022-0290"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0290",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0290"
},
{
"cve": "CVE-2022-0291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0291"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0291",
"url": "https://www.suse.com/security/cve/CVE-2022-0291"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0291",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0291"
},
{
"cve": "CVE-2022-0292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0292"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0292",
"url": "https://www.suse.com/security/cve/CVE-2022-0292"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0292",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0292"
},
{
"cve": "CVE-2022-0293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0293"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0293",
"url": "https://www.suse.com/security/cve/CVE-2022-0293"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0293",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0293"
},
{
"cve": "CVE-2022-0294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0294"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0294",
"url": "https://www.suse.com/security/cve/CVE-2022-0294"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0294",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0294"
},
{
"cve": "CVE-2022-0295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0295"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0295",
"url": "https://www.suse.com/security/cve/CVE-2022-0295"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0295",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0295"
},
{
"cve": "CVE-2022-0296",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0296"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0296",
"url": "https://www.suse.com/security/cve/CVE-2022-0296"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0296",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0296"
},
{
"cve": "CVE-2022-0297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0297"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0297",
"url": "https://www.suse.com/security/cve/CVE-2022-0297"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0297",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0297"
},
{
"cve": "CVE-2022-0298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0298"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0298",
"url": "https://www.suse.com/security/cve/CVE-2022-0298"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0298",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0298"
},
{
"cve": "CVE-2022-0300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0300"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0300",
"url": "https://www.suse.com/security/cve/CVE-2022-0300"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0300",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0300"
},
{
"cve": "CVE-2022-0301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0301"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0301",
"url": "https://www.suse.com/security/cve/CVE-2022-0301"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0301",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0301"
},
{
"cve": "CVE-2022-0302",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0302"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0302",
"url": "https://www.suse.com/security/cve/CVE-2022-0302"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0302",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0302"
},
{
"cve": "CVE-2022-0304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0304"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0304",
"url": "https://www.suse.com/security/cve/CVE-2022-0304"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0304",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0304"
},
{
"cve": "CVE-2022-0305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0305"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0305",
"url": "https://www.suse.com/security/cve/CVE-2022-0305"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0305",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0305"
},
{
"cve": "CVE-2022-0306",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0306"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0306",
"url": "https://www.suse.com/security/cve/CVE-2022-0306"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0306",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0306"
},
{
"cve": "CVE-2022-0307",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0307"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0307",
"url": "https://www.suse.com/security/cve/CVE-2022-0307"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0307",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0307"
},
{
"cve": "CVE-2022-0308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0308"
}
],
"notes": [
{
"category": "general",
"text": "Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0308",
"url": "https://www.suse.com/security/cve/CVE-2022-0308"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0308",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0308"
},
{
"cve": "CVE-2022-0309",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0309"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0309",
"url": "https://www.suse.com/security/cve/CVE-2022-0309"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0309",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0309"
},
{
"cve": "CVE-2022-0310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0310"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0310",
"url": "https://www.suse.com/security/cve/CVE-2022-0310"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0310",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0310"
},
{
"cve": "CVE-2022-0311",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0311"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0311",
"url": "https://www.suse.com/security/cve/CVE-2022-0311"
},
{
"category": "external",
"summary": "SUSE Bug 1194919 for CVE-2022-0311",
"url": "https://bugzilla.suse.com/1194919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3 NonFree:opera-83.0.4254.27-lp153.2.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-20T17:01:21Z",
"details": "critical"
}
],
"title": "CVE-2022-0311"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…