{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for opera","title":"Title of the patch"},{"category":"description","text":"This update for opera fixes the following issues:\n\n- Update to 102.0.4880.40\n\n  * DNA-111203 Prepare translations for home button in settings\n\n- Changes in 102.0.4880.38\n\n  * DNA-110720 [Sidebar] Sidebar app increase size every time\n    it's reopened\n  * DNA-110723 Music logo in light mode of 'Select service'\n    unreadable on hover\n  * DNA-110821 Run-if-alive callback missing in WMFDecoderImpl\n  * DNA-110835 Search/copy popup issues\n  * DNA-111038 Disable profile migration\n  * DNA-111263 Tab island animation incorrect when tabstrip full\n\n- Update to 102.0.4880.33\n\n  * CHR-9411 Update Chromium on desktop-stable-116-4880 to\n    116.0.5845.141\n  * DNA-110172 [BUG] Images inside popup does not get rounded\n    corner\n  * DNA-110828 Update chess.com build\n  * DNA-110834 Crash at opera::component_based::\n    TabAnimationController::StartAnimatedLayout(opera::\n    component_based::TabAnimationController::AnimationInfo,\n    base::OnceCallback)\n  * DNA-111144 Enable a new version of the extension.\n\n- The update to chromium 116.0.5845.141 fixes following issues: \n  CVE-2023-4572\n\n- Update to 102.0.4880.29\n\n  * DNA-109498 Splash screen is shown on every restart of\n    the browser\n  * DNA-109698 Test Amazon Music support\n  * DNA-109840 Amazon music logo is very small and unreadable\n  * DNA-109841 Amazon music logo in player mode is too wide\n  * DNA-109842 [opauto] Add tests for Amazon Music in Player\n  * DNA-109937 Crash at opera::ComponentTabStripController::\n    SetGroupCollapsed(tab_groups::TabGroupId const&, bool)\n  * DNA-110107 Clicking roblox link on page closes the tab\n  * DNA-110110 [Tab strip][Tab island] Middle/right mouse click\n    on top of the screen have no/wrong efect\n  * DNA-110125 [Win/Lin] New design for default scrollbars on\n    web page\n  * DNA-110130 Capture mouse events on the 1-pixel edge to the\n    right of the web view\n  * DNA-110586 Shadow is clipped if first tab is selected\n  * DNA-110637 Revert removal of start page button\n  * DNA-110684 Add bookmarks permissions\n  * DNA-110702 [Scrollable] Pin group is not aligned with\n    address bar\n  * DNA-110737 [OMenu] Menu button looks weird\n  * DNA-110788 No 1-pixel edge in full screen mode\n  * DNA-110828 Update chess.com build\n  * DNA-110842 [Tab strip] Make ‘+’ button round(er) again\n  * DNA-110874 Bring back Home button\n  * DNA-110876 Search box on Start page without transparency\n  * DNA-110878 Turn on Amazon Music on developer\n  * DNA-110905 Amazon Music for all given locales\n  * DNA-110961 [WinLin] Remove 1-pixel edge in full screen mode\n  * DNA-111038 Disable profile migration\n  * DNA-111079 Improve user-profile migration\n  * DNA-111092 Disable profile migration flag for\n    desktop-stable-116-4880\n\n- Update to 102.0.4880.16\n\n  * CHR-9396 Update Chromium on desktop-stable-116-4880 to\n    116.0.5845.97\n  * DNA-110040 Crash at crash_reporter::(anonymous namespace)::\n    AbslAbortHook(char const*, int, char const*, char const*,\n    char const*)\n  * DNA-110315 O-menu opening after pressing alt on site which\n    have action for Alt press\n  * DNA-110440 [Tab strip] Tab favicon not cropped when it does\n    not fit in tab size\n  * DNA-110469 Move Shopping corner and Loomi to\n    'Special Features' section\n  * DNA-110510 [Tab strip] Mute icon displayed over tab title\n  * DNA-110526 If group is first the tab bar is not aligned\n    with address bar\n  * DNA-110828 Update chess.com build\n  * DNA-110836 Promote 102 to stable\n  * DNA-110892 Translations for O102\n  * DNA-110962 Fix ab_tests.json preferences override not working\n\n- The update to chromium 116.0.5845.97 fixes following issues: \n  CVE-2023-2312, CVE-2023-4349, CVE-2023-4350, CVE-2023-4351,\n  CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355,\n  CVE-2023-4356, CVE-2023-4357, CVE-2023-4358, CVE-2023-4359,\n  CVE-2023-4360, CVE-2023-4361, CVE-2023-4362, CVE-2023-4362,\n  CVE-2023-4363, CVE-2023-4364, CVE-2023-4365, CVE-2023-4366,\n  CVE-2023-4367, CVE-2023-4368\n- Complete Opera 102 changelog at:\n  https://blogs.opera.com/desktop/changelog-for-102/\n\n- Update to 101.0.4843.43\n\n  * CHR-9381 Update Chromium on desktop-stable-115-4843 to\n    115.0.5790.171\n  * DNA-108919 Tab Island 'Move To Island' highlight color is the\n    same as island color\n  * DNA-109202 Often extension popup is not displayed\n  * DNA-109454 Wallpaper customization with remote resource\n  * DNA-109679 Fix typo in flags schema\n  * DNA-109927 Add tooltips for visual or incomplete items in\n    context menu\n  * DNA-110225 Replace Twitter logo in Sidebar with the new one X\n  * DNA-110244 Translations for O101\n  * DNA-110276 Fix race condition in DeferredInstalledWallpapers\n  * DNA-110400 teaser_event_impression counted when user closes\n    baner\n\n- The update to chromium 115.0.5790.171 fixes following issues:    \n  CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071,\n  CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075,\n  CVE-2023-4076, CVE-2023-4077, CVE-2023-4078\n\n- Update to 101.0.4843.23\n\n  * DNA-109400 Enable #adblocker-anticv on developer stream\n  * DNA-109423 Add histograms to help track \n    #platform-h264-decoder-in-gpu quality\n  * DNA-109861 Crash on expading folder on bookmark bar containing\n    unnamed subfolder\n  * DNA-109872 WMFAudioDecoder reports spurious dry run if\n    initialized during pipeline shutdown\n  * DNA-109908 Crash at opera::(anonymous namespace)::\n    AddNewTabToWorkspaceIfCurrent(Browser*, opera::WorkspaceId)\n    (.llvm.13400399341940007321)\n  * DNA-110005 Duplicated tabs indicator is not shown on tab bar\n  * DNA-110062 [Linux] QT6 dependency issue with .rpm package\n  * DNA-110210 Enable #adblocker-anticv on all streams\n  * DNA-110244 Translations for O101\n\n- Update to 101.0.4843.25\n\n  * CHR-9357 Update Chromium on desktop-stable-115-4843 to\n    115.0.5790.90\n  * CHR-9362 Update Chromium on desktop-stable-115-4843 to\n    115.0.5790.102\n  * DNA-104841 Create a smooth corner background\n  * DNA-108012 [Opera One] Misaligned inner bookmarks menu\n    in Opera Menu\n  * DNA-109129 Crash at opera::component_based::\n    OperaOneIntroductionAnimationController::AnimateHideVisibility()\n  * DNA-109209 Dragged island falls under island its being\n    dragged over\n  * DNA-109266 Crash at content::WebContentsImpl::\n    SetDelegate(content::WebContentsDelegate*)\n  * DNA-109310 Broken session files are not automatically\n    recovered\n  * DNA-109448 [AdBlock] Images from ads are missing with AA\n    enabled\n  * DNA-109587 'Show bookmarks bar' checkbox on bookmarks\n    feature(Dark Mode)\n  * DNA-109674 Closing the tabs in the workspace in the other\n    window will close Opera\n  * DNA-109694 Smooth corners on active tab\n  * DNA-109774 Log when trying to switch workspace while\n    closing browser\n  * DNA-110005 Duplicated tabs indicator is not shown on tab bar\n  * DNA-110244 Translations for O101\n- Complete Opera 101 changelog at:\n  https://blogs.opera.com/desktop/changelog-for-101/\n\n- Update to 100.0.4815.76\n\n  * DNA-109129 Crash at opera::component_based::Opera\n    OneIntroductionAnimationController::AnimateHideVisibility()\n  * DNA-109233 Crash at crash_reporter::(anonymous namespace)::\n    AbslAbortHook(char const*, int, char const*, char const*,\n    char const*)\n  * DNA-109673 Session stat event teaser_tile_click is not sent\n  * DNA-109897 Session is lost when new session file is created\n\n- Changes in 100.0.4815.54\n\n  * DNA-109148 Allow AI extension to change permissions during\n    update\n  * DNA-109172 WMFAudioDecoder fails with\n    #platform-aac-decoder-in-gpu enabled\n  * DNA-109633 Do not send TabStripEmpty multiple times\n  * DNA-109674 Closing the tabs in the workspace in the other\n    window will close Opera\n  * DNA-109774 Log when trying to switch workspace while\n    closing browser\n\n- Changes in 100.0.4815.47\n\n  * DNA-108456 WMFAudioDecoder dry run should include decoding\n    one buffer\n  * DNA-108478 Disable extension icon on the right side\n    (where all normal extensions are)\n  * DNA-108791 Give access to feedbackPopupPrivate\n  * DNA-109134 Crash at media::FFmpegDemuxer::\n    OnFindStreamInfoDone(int) if LD_PRELOAD set by user\n  * DNA-109137 SD images/icons/logo not loading or loading\n    really slow\n  * DNA-109182 Please add an event when popup closes\n  * DNA-109231 Extended click area does not work for groups\n  * DNA-109242 Session unload kDisablePageLoadsOnStartup\n    not working\n  * DNA-109310 Broken session files are not automatically recovered\n  * DNA-109618 Crash logger RestartAction should be set only\n    after crash\n  \n\n- Update to 100.0.4815.30\n\n  * CHR-9339 Update Chromium on desktop-stable-114-4815 to \n    114.0.5735.199\n  * DNA-106986 [Tab strip][Tab islands] Reduce size of tab island\n    handle\n  * DNA-107205 Disable banner on fresh installation\n    'Back up your Opera Browser'\n  * DNA-107306 Update Contributors list Opera One\n  * DNA-107337 NotReached in Browser::CloseContents\n  * DNA-107673 Crash at static void \n    opera::ComponentTabStripController::ShowHoverCardForGroup()\n  * DNA-108461 Distribute Aria with the Opera build\n  * DNA-108540 [Rich Hints] Tab islands – a trigger and anchor\n  * DNA-108545 Track accelerated video decoding support\n  * DNA-108606 [Mac] Opening context menu closes subfolders menu\n    on bookmark bar\n  * DNA-108664 Set minimum and maximum width for Aria extension\n  * DNA-108702 Tab falls outside island with specific number of\n    tabs on tab strip\n  * DNA-108731 Add 'aria' stat to the schema\n  * DNA-108760 Record tab islands events\n  * DNA-108761 Implement ‘Later' functionality\n  * DNA-108763 Implement ‘Quit while showing onboarding'\n  * DNA-108806 Command Line not activated when sidebar panel\n    is opened\n  * DNA-108858 [Linux] Browser window corners are not rounded\n    perfectly\n  * DNA-108863 Sidebar panel isn't properly aligned with sidebar\n  * DNA-108882 [Icon change] Sync icon without custom image\n  * DNA-108898 [Autohide] Sidebar panel title bar is not tall\n    enough\n  * DNA-108906 Turn on #component-based-context-menu on all streams\n  * DNA-108907 Empty text (button inactive) button color is wrong\n  * DNA-108912 Implement rotating animation for Aria command line\n  * DNA-108921 Enable #opera-one-introduction on all streams\n  * DNA-108928 Show overlay only if command-line parameter was\n    given\n  * DNA-108933 Update repack script to handle introduction\n    extension\n  * DNA-108938 Translations for O100\n  * DNA-108942 Remove Shopping Corner from the sidebar by default\n  * DNA-108943 Crash at \n    opera::AriaCommandLineController::~AriaCommandLineController()\n  * DNA-108949 Make opera://intro display introduction page from\n    extension\n  * DNA-108952 Implement splash screen\n  * DNA-108955 Aria extension is moved to the right after sending\n    prompt from Command Line when sidebar is set to autohide\n  * DNA-108957 Opera crashes during shutdown after\n    opera-one-introduction hid\n  * DNA-108958 Commandline disappears after clicking Aria\n    logo on Commandline bar\n  * DNA-108959 Commandline does not have hover effect on Send\n    button\n  * DNA-108980 Add Control+Shift+7 / Command+Shift+7 as alternative\n    shortcut for Aria command line\n  * DNA-108992 Opera One introduction appears in every New Window\n  * DNA-109009 Crash at\n    opera::component_based::ComponentTabGroup::UpdateTabAppearances()\n  * DNA-109021 [Stable] No Shopping corner icon in sidebar setup\n  * DNA-109031 [Tab islands] Island can automatically re-collapse\n    when clicking handle button to expand it\n  * DNA-109036 [Private Mode] [Light Team] Icons in address bar\n    flashed white when pressed\n  * DNA-109037 [Private Mode][Light] Folders name are not\n    readable in BB when highlighted\n  * DNA-109085 Two separators after ‘Search with' option\n  * DNA-109091 Can't change tab when window is maximized on second\n    display\n  * DNA-109096 'Move to workspaces” doesn't fit all workspaces\n  * DNA-109099 [WinLin] Add Aria command line to Opera menu\n  * DNA-109102 [O-menu][History] Wrong layout of elements without\n    icon in history submenu\n  * DNA-109129 Crash at opera::component_based::OperaOneIntroduction\n    AnimationController::AnimateHideVisibility()\n  * DNA-109199 DCHECK when pinning tabs\n  * DNA-108893 Promote 100 to stable\n- Complete Opera 100 changelog at:\n  https://blogs.opera.com/desktop/changelog-for-100/\n- The update to chromium 114.0.5735.199 fixes following issues:\n  CVE-2023-3420, CVE-2023-3421, CVE-2023-3422\n\n- Update to 99.0.4788.31\n\n  * DNA-107338 NotReached in SadTabView::OnPaint\n  * DNA-107689 Crash at extensions::\n    ShodanPrivateShowPopupForSelectedTextFunction::Run()\n    \n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2023-251","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0251-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2023:0251-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OZ42BLWF46DJIINWQUMWAD3MX5OLXGUI/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2023:0251-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OZ42BLWF46DJIINWQUMWAD3MX5OLXGUI/"},{"category":"self","summary":"SUSE CVE CVE-2023-2312 page","url":"https://www.suse.com/security/cve/CVE-2023-2312/"},{"category":"self","summary":"SUSE CVE CVE-2023-3420 page","url":"https://www.suse.com/security/cve/CVE-2023-3420/"},{"category":"self","summary":"SUSE CVE CVE-2023-3421 page","url":"https://www.suse.com/security/cve/CVE-2023-3421/"},{"category":"self","summary":"SUSE CVE CVE-2023-3422 page","url":"https://www.suse.com/security/cve/CVE-2023-3422/"},{"category":"self","summary":"SUSE CVE CVE-2023-4068 page","url":"https://www.suse.com/security/cve/CVE-2023-4068/"},{"category":"self","summary":"SUSE CVE CVE-2023-4069 page","url":"https://www.suse.com/security/cve/CVE-2023-4069/"},{"category":"self","summary":"SUSE CVE CVE-2023-4070 page","url":"https://www.suse.com/security/cve/CVE-2023-4070/"},{"category":"self","summary":"SUSE CVE CVE-2023-4071 page","url":"https://www.suse.com/security/cve/CVE-2023-4071/"},{"category":"self","summary":"SUSE CVE CVE-2023-4072 page","url":"https://www.suse.com/security/cve/CVE-2023-4072/"},{"category":"self","summary":"SUSE CVE CVE-2023-4073 page","url":"https://www.suse.com/security/cve/CVE-2023-4073/"},{"category":"self","summary":"SUSE CVE CVE-2023-4074 page","url":"https://www.suse.com/security/cve/CVE-2023-4074/"},{"category":"self","summary":"SUSE CVE CVE-2023-4075 page","url":"https://www.suse.com/security/cve/CVE-2023-4075/"},{"category":"self","summary":"SUSE CVE CVE-2023-4076 page","url":"https://www.suse.com/security/cve/CVE-2023-4076/"},{"category":"self","summary":"SUSE CVE CVE-2023-4077 page","url":"https://www.suse.com/security/cve/CVE-2023-4077/"},{"category":"self","summary":"SUSE CVE CVE-2023-4078 page","url":"https://www.suse.com/security/cve/CVE-2023-4078/"},{"category":"self","summary":"SUSE CVE CVE-2023-4349 page","url":"https://www.suse.com/security/cve/CVE-2023-4349/"},{"category":"self","summary":"SUSE CVE CVE-2023-4350 page","url":"https://www.suse.com/security/cve/CVE-2023-4350/"},{"category":"self","summary":"SUSE CVE CVE-2023-4351 page","url":"https://www.suse.com/security/cve/CVE-2023-4351/"},{"category":"self","summary":"SUSE CVE CVE-2023-4352 page","url":"https://www.suse.com/security/cve/CVE-2023-4352/"},{"category":"self","summary":"SUSE CVE CVE-2023-4353 page","url":"https://www.suse.com/security/cve/CVE-2023-4353/"},{"category":"self","summary":"SUSE CVE CVE-2023-4354 page","url":"https://www.suse.com/security/cve/CVE-2023-4354/"},{"category":"self","summary":"SUSE CVE CVE-2023-4355 page","url":"https://www.suse.com/security/cve/CVE-2023-4355/"},{"category":"self","summary":"SUSE CVE CVE-2023-4356 page","url":"https://www.suse.com/security/cve/CVE-2023-4356/"},{"category":"self","summary":"SUSE CVE CVE-2023-4357 page","url":"https://www.suse.com/security/cve/CVE-2023-4357/"},{"category":"self","summary":"SUSE CVE CVE-2023-4358 page","url":"https://www.suse.com/security/cve/CVE-2023-4358/"},{"category":"self","summary":"SUSE CVE CVE-2023-4359 page","url":"https://www.suse.com/security/cve/CVE-2023-4359/"},{"category":"self","summary":"SUSE CVE CVE-2023-4360 page","url":"https://www.suse.com/security/cve/CVE-2023-4360/"},{"category":"self","summary":"SUSE CVE CVE-2023-4361 page","url":"https://www.suse.com/security/cve/CVE-2023-4361/"},{"category":"self","summary":"SUSE CVE CVE-2023-4362 page","url":"https://www.suse.com/security/cve/CVE-2023-4362/"},{"category":"self","summary":"SUSE CVE CVE-2023-4363 page","url":"https://www.suse.com/security/cve/CVE-2023-4363/"},{"category":"self","summary":"SUSE CVE CVE-2023-4364 page","url":"https://www.suse.com/security/cve/CVE-2023-4364/"},{"category":"self","summary":"SUSE CVE CVE-2023-4365 page","url":"https://www.suse.com/security/cve/CVE-2023-4365/"},{"category":"self","summary":"SUSE CVE CVE-2023-4366 page","url":"https://www.suse.com/security/cve/CVE-2023-4366/"},{"category":"self","summary":"SUSE CVE CVE-2023-4367 page","url":"https://www.suse.com/security/cve/CVE-2023-4367/"},{"category":"self","summary":"SUSE CVE CVE-2023-4368 page","url":"https://www.suse.com/security/cve/CVE-2023-4368/"},{"category":"self","summary":"SUSE CVE CVE-2023-4572 page","url":"https://www.suse.com/security/cve/CVE-2023-4572/"}],"title":"Security update for opera","tracking":{"current_release_date":"2023-09-23T12:02:01Z","generator":{"date":"2023-09-23T12:02:01Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2023:0251-1","initial_release_date":"2023-09-23T12:02:01Z","revision_history":[{"date":"2023-09-23T12:02:01Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"opera-102.0.4880.40-lp154.2.50.1.x86_64","product":{"name":"opera-102.0.4880.40-lp154.2.50.1.x86_64","product_id":"opera-102.0.4880.40-lp154.2.50.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.4 NonFree","product":{"name":"openSUSE Leap 15.4 NonFree","product_id":"openSUSE Leap 15.4 NonFree","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"opera-102.0.4880.40-lp154.2.50.1.x86_64 as component of openSUSE Leap 15.4 NonFree","product_id":"openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"},"product_reference":"opera-102.0.4880.40-lp154.2.50.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.4 NonFree"}]},"vulnerabilities":[{"cve":"CVE-2023-2312","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-2312"}],"notes":[{"category":"general","text":"Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-2312","url":"https://www.suse.com/security/cve/CVE-2023-2312"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-2312","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-2312"},{"cve":"CVE-2023-3420","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-3420"}],"notes":[{"category":"general","text":"Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-3420","url":"https://www.suse.com/security/cve/CVE-2023-3420"},{"category":"external","summary":"SUSE Bug 1212755 for CVE-2023-3420","url":"https://bugzilla.suse.com/1212755"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-3420"},{"cve":"CVE-2023-3421","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-3421"}],"notes":[{"category":"general","text":"Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-3421","url":"https://www.suse.com/security/cve/CVE-2023-3421"},{"category":"external","summary":"SUSE Bug 1212755 for CVE-2023-3421","url":"https://bugzilla.suse.com/1212755"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-3421"},{"cve":"CVE-2023-3422","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-3422"}],"notes":[{"category":"general","text":"Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-3422","url":"https://www.suse.com/security/cve/CVE-2023-3422"},{"category":"external","summary":"SUSE Bug 1212755 for CVE-2023-3422","url":"https://bugzilla.suse.com/1212755"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-3422"},{"cve":"CVE-2023-4068","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4068"}],"notes":[{"category":"general","text":"Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4068","url":"https://www.suse.com/security/cve/CVE-2023-4068"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4068","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4068"},{"cve":"CVE-2023-4069","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4069"}],"notes":[{"category":"general","text":"Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4069","url":"https://www.suse.com/security/cve/CVE-2023-4069"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4069","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4069"},{"cve":"CVE-2023-4070","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4070"}],"notes":[{"category":"general","text":"Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4070","url":"https://www.suse.com/security/cve/CVE-2023-4070"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4070","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.1,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4070"},{"cve":"CVE-2023-4071","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4071"}],"notes":[{"category":"general","text":"Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4071","url":"https://www.suse.com/security/cve/CVE-2023-4071"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4071","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4071"},{"cve":"CVE-2023-4072","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4072"}],"notes":[{"category":"general","text":"Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4072","url":"https://www.suse.com/security/cve/CVE-2023-4072"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4072","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4072"},{"cve":"CVE-2023-4073","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4073"}],"notes":[{"category":"general","text":"Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4073","url":"https://www.suse.com/security/cve/CVE-2023-4073"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4073","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4073"},{"cve":"CVE-2023-4074","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4074"}],"notes":[{"category":"general","text":"Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4074","url":"https://www.suse.com/security/cve/CVE-2023-4074"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4074","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4074"},{"cve":"CVE-2023-4075","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4075"}],"notes":[{"category":"general","text":"Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4075","url":"https://www.suse.com/security/cve/CVE-2023-4075"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4075","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4075"},{"cve":"CVE-2023-4076","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4076"}],"notes":[{"category":"general","text":"Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4076","url":"https://www.suse.com/security/cve/CVE-2023-4076"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4076","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4076"},{"cve":"CVE-2023-4077","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4077"}],"notes":[{"category":"general","text":"Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4077","url":"https://www.suse.com/security/cve/CVE-2023-4077"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4077","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4077"},{"cve":"CVE-2023-4078","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4078"}],"notes":[{"category":"general","text":"Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4078","url":"https://www.suse.com/security/cve/CVE-2023-4078"},{"category":"external","summary":"SUSE Bug 1213920 for CVE-2023-4078","url":"https://bugzilla.suse.com/1213920"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4078"},{"cve":"CVE-2023-4349","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4349"}],"notes":[{"category":"general","text":"Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4349","url":"https://www.suse.com/security/cve/CVE-2023-4349"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4349","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4349"},{"cve":"CVE-2023-4350","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4350"}],"notes":[{"category":"general","text":"Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4350","url":"https://www.suse.com/security/cve/CVE-2023-4350"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4350","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4350"},{"cve":"CVE-2023-4351","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4351"}],"notes":[{"category":"general","text":"Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4351","url":"https://www.suse.com/security/cve/CVE-2023-4351"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4351","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4351"},{"cve":"CVE-2023-4352","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4352"}],"notes":[{"category":"general","text":"Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4352","url":"https://www.suse.com/security/cve/CVE-2023-4352"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4352","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4352"},{"cve":"CVE-2023-4353","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4353"}],"notes":[{"category":"general","text":"Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4353","url":"https://www.suse.com/security/cve/CVE-2023-4353"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4353","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4353"},{"cve":"CVE-2023-4354","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4354"}],"notes":[{"category":"general","text":"Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4354","url":"https://www.suse.com/security/cve/CVE-2023-4354"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4354","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4354"},{"cve":"CVE-2023-4355","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4355"}],"notes":[{"category":"general","text":"Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4355","url":"https://www.suse.com/security/cve/CVE-2023-4355"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4355","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4355"},{"cve":"CVE-2023-4356","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4356"}],"notes":[{"category":"general","text":"Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4356","url":"https://www.suse.com/security/cve/CVE-2023-4356"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4356","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4356"},{"cve":"CVE-2023-4357","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4357"}],"notes":[{"category":"general","text":"Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4357","url":"https://www.suse.com/security/cve/CVE-2023-4357"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4357","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4357"},{"cve":"CVE-2023-4358","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4358"}],"notes":[{"category":"general","text":"Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4358","url":"https://www.suse.com/security/cve/CVE-2023-4358"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4358","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4358"},{"cve":"CVE-2023-4359","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4359"}],"notes":[{"category":"general","text":"Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4359","url":"https://www.suse.com/security/cve/CVE-2023-4359"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4359","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4359"},{"cve":"CVE-2023-4360","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4360"}],"notes":[{"category":"general","text":"Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4360","url":"https://www.suse.com/security/cve/CVE-2023-4360"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4360","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4360"},{"cve":"CVE-2023-4361","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4361"}],"notes":[{"category":"general","text":"Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4361","url":"https://www.suse.com/security/cve/CVE-2023-4361"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4361","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4361"},{"cve":"CVE-2023-4362","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4362"}],"notes":[{"category":"general","text":"Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4362","url":"https://www.suse.com/security/cve/CVE-2023-4362"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4362","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4362"},{"cve":"CVE-2023-4363","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4363"}],"notes":[{"category":"general","text":"Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4363","url":"https://www.suse.com/security/cve/CVE-2023-4363"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4363","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4363"},{"cve":"CVE-2023-4364","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4364"}],"notes":[{"category":"general","text":"Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4364","url":"https://www.suse.com/security/cve/CVE-2023-4364"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4364","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4364"},{"cve":"CVE-2023-4365","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4365"}],"notes":[{"category":"general","text":"Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4365","url":"https://www.suse.com/security/cve/CVE-2023-4365"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4365","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4365"},{"cve":"CVE-2023-4366","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4366"}],"notes":[{"category":"general","text":"Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4366","url":"https://www.suse.com/security/cve/CVE-2023-4366"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4366","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4366"},{"cve":"CVE-2023-4367","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4367"}],"notes":[{"category":"general","text":"Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4367","url":"https://www.suse.com/security/cve/CVE-2023-4367"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4367","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4367"},{"cve":"CVE-2023-4368","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4368"}],"notes":[{"category":"general","text":"Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4368","url":"https://www.suse.com/security/cve/CVE-2023-4368"},{"category":"external","summary":"SUSE Bug 1214301 for CVE-2023-4368","url":"https://bugzilla.suse.com/1214301"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4368"},{"cve":"CVE-2023-4572","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-4572"}],"notes":[{"category":"general","text":"Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-4572","url":"https://www.suse.com/security/cve/CVE-2023-4572"},{"category":"external","summary":"SUSE Bug 1214758 for CVE-2023-4572","url":"https://bugzilla.suse.com/1214758"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-102.0.4880.40-lp154.2.50.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-09-23T12:02:01Z","details":"important"}],"title":"CVE-2023-4572"}]}