{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for opera","title":"Title of the patch"},{"category":"description","text":"This update for opera fixes the following issues:\n\n- Update to 104.0.4944.23\n  * DNA-110465 [Scrollable tab strip] Weird animation when\n    closing tab\n  * DNA-112021 Favicons disappear from history after being\n    hovered over\n  * DNA-112310 Put opening animation on start page behind a flag\n  * DNA-112462 Crash at opera::SidebarItemViewImpl::\n    StateChanged(views::Button::ButtonState)\n  * DNA-112464 Crash at anonymous namespace::SwitchToTabButton::\n    OnThemeChanged()\n  * DNA-112518 Force Default as last used Profile\n  * DNA-112534 Set profiles_order to Default dir\n\n- Changes in 104.0.4944.18\n  * CHR-9471 Update Chromium on desktop-stable-118-4944 to\n    118.0.5993.71\n  * DNA-111704 chrome.webRequest.onHeadersReceived event is not\n    fired for extension if page opened from SpeedDial tile\n  * DNA-111878 Highlighting of tabs and bookmarks in dark mode is\n    almost invisible.\n  * DNA-111883 [Address bar] Hover effect on page is placed\n    too high\n  * DNA-111922 [Linux] Change Opera beta application icon\n  * DNA-111955 Reduce colors used in Opera as much as possible\n  * DNA-112075 Rename palette colors in theme for better\n    reusability\n  * DNA-112108 Fix dangling WebContents ptr bound to\n    TabSnoozeInfobarDelegate::Show callback\n  * DNA-112222 Tab in island not marked as active\n  * DNA-112242 Disable feature flag #platform-h264-decoder-in-gpu\n    by default on stable channel\n  * DNA-112265 Promote 104 to stable\n  * DNA-112312 Turn on #wallet-selector on all streams\n  * DNA-112313 Enable #pinboard-popup-refresh on all streams\n  * DNA-112426 [profile migration] Renaming invalid Default to\n    Default.old is not needed anymore\n- The update to chromium 118.0.5993.71 fixes following issues:\n  CVE-2023-5218, CVE-2023-5487, CVE-2023-5484, CVE-2023-5475,\n  CVE-2023-5483, CVE-2023-5481, CVE-2023-5476, CVE-2023-5474,\n  CVE-2023-5479, CVE-2023-5485, CVE-2023-5478, CVE-2023-5477,\n  CVE-2023-5486, CVE-2023-5473\n- Complete Opera 104 changelog at:\n  https://blogs.opera.com/desktop/changelog-for-104/  \n\n- Update to 103.0.4928.34\n  * DNA-111680 Fix highlight of bookmarks bar folder elements\n  * DNA-111703 O icon moves upon opening menu\n  * DNA-111883 [Address bar] Hover effect on page is placed\n    too high\n  * DNA-111940 OMenu text displaced to the right without\n    any indentation\n  * DNA-112118 Crash at history::URLDatabase::\n    CreateContinueOnIndexIfNeeded(std::__Cr::vector)\n\n- Update to 103.0.4928.26\n  * DNA-111681 Disappearing icons of bookmarks bar folders elements\n  * DNA-112020 Enable #address-bar-dropdown-cities on all streams\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2023-337","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0337-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2023:0337-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2023:0337-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TUKIBALWT55SDULG2YWIT6R3IQXHDSTQ/"},{"category":"self","summary":"SUSE CVE CVE-2023-5218 page","url":"https://www.suse.com/security/cve/CVE-2023-5218/"},{"category":"self","summary":"SUSE CVE CVE-2023-5473 page","url":"https://www.suse.com/security/cve/CVE-2023-5473/"},{"category":"self","summary":"SUSE CVE CVE-2023-5474 page","url":"https://www.suse.com/security/cve/CVE-2023-5474/"},{"category":"self","summary":"SUSE CVE CVE-2023-5475 page","url":"https://www.suse.com/security/cve/CVE-2023-5475/"},{"category":"self","summary":"SUSE CVE CVE-2023-5476 page","url":"https://www.suse.com/security/cve/CVE-2023-5476/"},{"category":"self","summary":"SUSE CVE CVE-2023-5477 page","url":"https://www.suse.com/security/cve/CVE-2023-5477/"},{"category":"self","summary":"SUSE CVE CVE-2023-5478 page","url":"https://www.suse.com/security/cve/CVE-2023-5478/"},{"category":"self","summary":"SUSE CVE CVE-2023-5479 page","url":"https://www.suse.com/security/cve/CVE-2023-5479/"},{"category":"self","summary":"SUSE CVE CVE-2023-5481 page","url":"https://www.suse.com/security/cve/CVE-2023-5481/"},{"category":"self","summary":"SUSE CVE CVE-2023-5483 page","url":"https://www.suse.com/security/cve/CVE-2023-5483/"},{"category":"self","summary":"SUSE CVE CVE-2023-5484 page","url":"https://www.suse.com/security/cve/CVE-2023-5484/"},{"category":"self","summary":"SUSE CVE CVE-2023-5485 page","url":"https://www.suse.com/security/cve/CVE-2023-5485/"},{"category":"self","summary":"SUSE CVE CVE-2023-5486 page","url":"https://www.suse.com/security/cve/CVE-2023-5486/"},{"category":"self","summary":"SUSE CVE CVE-2023-5487 page","url":"https://www.suse.com/security/cve/CVE-2023-5487/"}],"title":"Security update for opera","tracking":{"current_release_date":"2023-10-29T05:01:20Z","generator":{"date":"2023-10-29T05:01:20Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2023:0337-1","initial_release_date":"2023-10-29T05:01:20Z","revision_history":[{"date":"2023-10-29T05:01:20Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"opera-104.0.4944.23-lp154.2.56.1.x86_64","product":{"name":"opera-104.0.4944.23-lp154.2.56.1.x86_64","product_id":"opera-104.0.4944.23-lp154.2.56.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"openSUSE Leap 15.4 NonFree","product":{"name":"openSUSE Leap 15.4 NonFree","product_id":"openSUSE Leap 15.4 NonFree","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"opera-104.0.4944.23-lp154.2.56.1.x86_64 as component of openSUSE Leap 15.4 NonFree","product_id":"openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"},"product_reference":"opera-104.0.4944.23-lp154.2.56.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.4 NonFree"}]},"vulnerabilities":[{"cve":"CVE-2023-5218","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5218"}],"notes":[{"category":"general","text":"Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5218","url":"https://www.suse.com/security/cve/CVE-2023-5218"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5218","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5218"},{"cve":"CVE-2023-5473","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5473"}],"notes":[{"category":"general","text":"Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5473","url":"https://www.suse.com/security/cve/CVE-2023-5473"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5473","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5473"},{"cve":"CVE-2023-5474","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5474"}],"notes":[{"category":"general","text":"Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5474","url":"https://www.suse.com/security/cve/CVE-2023-5474"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5474","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5474"},{"cve":"CVE-2023-5475","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5475"}],"notes":[{"category":"general","text":"Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5475","url":"https://www.suse.com/security/cve/CVE-2023-5475"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5475","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5475"},{"cve":"CVE-2023-5476","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5476"}],"notes":[{"category":"general","text":"Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5476","url":"https://www.suse.com/security/cve/CVE-2023-5476"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5476","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":8.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5476"},{"cve":"CVE-2023-5477","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5477"}],"notes":[{"category":"general","text":"Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5477","url":"https://www.suse.com/security/cve/CVE-2023-5477"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5477","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5477"},{"cve":"CVE-2023-5478","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5478"}],"notes":[{"category":"general","text":"Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5478","url":"https://www.suse.com/security/cve/CVE-2023-5478"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5478","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5478"},{"cve":"CVE-2023-5479","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5479"}],"notes":[{"category":"general","text":"Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5479","url":"https://www.suse.com/security/cve/CVE-2023-5479"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5479","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5479"},{"cve":"CVE-2023-5481","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5481"}],"notes":[{"category":"general","text":"Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5481","url":"https://www.suse.com/security/cve/CVE-2023-5481"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5481","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5481"},{"cve":"CVE-2023-5483","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5483"}],"notes":[{"category":"general","text":"Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5483","url":"https://www.suse.com/security/cve/CVE-2023-5483"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5483","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5483"},{"cve":"CVE-2023-5484","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5484"}],"notes":[{"category":"general","text":"Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5484","url":"https://www.suse.com/security/cve/CVE-2023-5484"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5484","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5484"},{"cve":"CVE-2023-5485","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5485"}],"notes":[{"category":"general","text":"Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5485","url":"https://www.suse.com/security/cve/CVE-2023-5485"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5485","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5485"},{"cve":"CVE-2023-5486","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5486"}],"notes":[{"category":"general","text":"Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5486","url":"https://www.suse.com/security/cve/CVE-2023-5486"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5486","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5486"},{"cve":"CVE-2023-5487","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-5487"}],"notes":[{"category":"general","text":"Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)","title":"CVE description"}],"product_status":{"recommended":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-5487","url":"https://www.suse.com/security/cve/CVE-2023-5487"},{"category":"external","summary":"SUSE Bug 1216111 for CVE-2023-5487","url":"https://bugzilla.suse.com/1216111"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","version":"3.1"},"products":["openSUSE Leap 15.4 NonFree:opera-104.0.4944.23-lp154.2.56.1.x86_64"]}],"threats":[{"category":"impact","date":"2023-10-29T05:01:20Z","details":"important"}],"title":"CVE-2023-5487"}]}