Security / KEV CVE Questions for Latest Opera GX 120.0.5543.204
-
kyoden5516854 last edited by
Hi Opera GX team,
We’re currently reviewing the latest CISA KEV (Known Exploited Vulnerabilities) listed CVEs affecting Chromium-based browsers and how they relate to Opera GX. The KEV CVEs we’re focusing on are:
CVE-2025-6558 – CVSS 8.8
CVE-2025-6554 – CVSS 8.1
CVE-2025-5419 – CVSS 8.8
CVE-2025-4664 – CVSS 4.3
We’re running the latest Opera GX stable version 120.0.5543.204 and want to confirm:
Are all of these KEV CVEs fully patched in this version?
Are there any known mitigations or workarounds specific to GX users we should be aware of?
Are there any GX-specific features that might introduce additional risk for these CVEs compared to standard Chromium builds?
Additionally, there are about 41 other KEV CVEs dating back to May 5, 2025, which may or may not be addressed in GX. We’d appreciate clarification on how your team is handling these vulnerabilities and any timelines or strategies for patching them.
Thanks for any guidance or details you can provide. Knowing which of these known exploited vulnerabilities are mitigated in GX will help us plan patching and security measures on our systems.
-
sgunhouse Moderator Volunteer last edited by
@kyoden5516854 Not part of Opera let alone the GX team, but you can check the current version of Chromium in Help > About Opera (it is included in the user agent listed there). While GX does tend to be behind Opera One in terms of Chromium builds, that will at least allow you to narrow your focus.
-
kyoden5516854 last edited by
@sgunhouse said in Security / KEV CVE Questions for Latest Opera GX 120.0.5543.204:
sgunhouse
Moderator
Volunteer
@kyoden5516854 last edited by 12 minutes ago
@kyoden5516854 Not part of Opera let alone the GX team, but you can check the current version of Chromium in Help > About Opera (it is included in the user agent listed there). While GX does tend to be behind Opera One in terms of Chromium builds, that will at least allow you to narrow your focus.
Thanks, @sgunhouse. We get that Opera GX updates can trail Opera One, but calling it a “lag” feels misleading -- GX is almost 4 months behind Chromium’s security patches right now.
That delay means the current GX build (Chromium 135.0.7049.115) is still vulnerable to multiple KEV-listed CVEs that are being actively exploited in the wild.
This is why we’re asking for an official response from the GX team:
Which of the KEV CVEs (including the 4 critical ones listed earlier, plus ~41 going back to May 5, 2025) are actually mitigated in GX 120.0.5543.204?
What’s the plan to get GX caught up with current Chromium builds so users aren’t left exposed for months at a time?
We need clarity here so we can make informed security decisions.