RE: Security / KEV CVE Questions for Latest Opera GX 120.0.5543.204

@sgunhouse said in Security / KEV CVE Questions for Latest Opera GX 120.0.5543.204:

sgunhouse

Moderator

Volunteer

  	 @kyoden5516854
  	
  	
  		
  	
  



  


  

  last edited by  

  
  	12 minutes ago

@kyoden5516854 Not part of Opera let alone the GX team, but you can check the current version of Chromium in Help > About Opera (it is included in the user agent listed there). While GX does tend to be behind Opera One in terms of Chromium builds, that will at least allow you to narrow your focus.

Thanks, @sgunhouse. We get that Opera GX updates can trail Opera One, but calling it a “lag” feels misleading -- GX is almost 4 months behind Chromium’s security patches right now.

That delay means the current GX build (Chromium 135.0.7049.115) is still vulnerable to multiple KEV-listed CVEs that are being actively exploited in the wild.

This is why we’re asking for an official response from the GX team:

Which of the KEV CVEs (including the 4 critical ones listed earlier, plus ~41 going back to May 5, 2025) are actually mitigated in GX 120.0.5543.204?

What’s the plan to get GX caught up with current Chromium builds so users aren’t left exposed for months at a time?

We need clarity here so we can make informed security decisions.

Hi Opera GX team,

We’re currently reviewing the latest CISA KEV (Known Exploited Vulnerabilities) listed CVEs affecting Chromium-based browsers and how they relate to Opera GX. The KEV CVEs we’re focusing on are:

CVE-2025-6558 – CVSS 8.8

CVE-2025-6554 – CVSS 8.1

CVE-2025-5419 – CVSS 8.8

CVE-2025-4664 – CVSS 4.3

We’re running the latest Opera GX stable version 120.0.5543.204 and want to confirm:

Are all of these KEV CVEs fully patched in this version?

Are there any known mitigations or workarounds specific to GX users we should be aware of?

Are there any GX-specific features that might introduce additional risk for these CVEs compared to standard Chromium builds?

Additionally, there are about 41 other KEV CVEs dating back to May 5, 2025, which may or may not be addressed in GX. We’d appreciate clarification on how your team is handling these vulnerabilities and any timelines or strategies for patching them.

Thanks for any guidance or details you can provide. Knowing which of these known exploited vulnerabilities are mitigated in GX will help us plan patching and security measures on our systems.