Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1148-1 Final 1 1 2020-08-05T08:37:24Z current 2020-08-05T08:37:24Z 2020-08-05T08:37:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Update to version 70.0.3728.71 - DNA-86267 Make `Recently closed tabs` appearance consistent with `Search for open tabs`. - DNA-86988 Opera 70 translations - DNA-87530 Zen news leads not loading - DNA-87636 Fix displaying folder icon for closed windows in recently closed list - DNA-87682 Replace Extensions icon in toolbar with icon from sidebar - DNA-87756 Extend chrome.sessions.getRecentlyClosed with information about last active tab in window. - DNA-87778 Crash at opera::InstantSearchViewViews:: ~InstantSearchViewViews() - DNA-87815 Change affiliate links for AliExpress Search - Update to version 70.0.3728.59 - CHR-8010 Update chromium on desktop-stable-84-3728 to 84.0.4147.89 - DNA-87019 The video image does not respond to the pressing after closed the “Quit Opera?” dialog - DNA-87342 Fix right padding in settings > weather section - DNA-87427 Remove unneeded information from the requests’ diagnostics - DNA-87560 Crash at views::Widget::GetNativeView() - DNA-87561 Crash at CRYPTO_BUFFER_len - DNA-87599 Bypass VPN for default search engines doesn’t work - DNA-87611 Unittests fails on declarativeNetRequest and declarativeNetRequestFeedback permissions - DNA-87612 [Mac] Misaligned icon in address bar - DNA-87619 [Win/Lin] Misaligned icon in address bar - DNA-87716 [macOS/Windows] Crash when Search in tabs is open and Opera is minimized - DNA-87749 Crash at opera::InstantSearchSuggestionLineView:: SetIsHighlighted(bool) - The update to chromium 84.0.4147.89 fixes following issues: - CVE-2020-6510, CVE-2020-6511, CVE-2020-6512, CVE-2020-6513, CVE-2020-6514, CVE-2020-6515, CVE-2020-6516, CVE-2020-6517, CVE-2020-6518, CVE-2020-6519, CVE-2020-6520, CVE-2020-6521, CVE-2020-6522, CVE-2020-6523, CVE-2020-6524, CVE-2020-6525, CVE-2020-6526, CVE-2020-6527, CVE-2020-6528, CVE-2020-6529, CVE-2020-6530, CVE-2020-6531, CVE-2020-6533, CVE-2020-6534, CVE-2020-6535, CVE-2020-6536 - Complete Opera 70.0 changelog at: https://blogs.opera.com/desktop/changelog-for-70/ - Update to version 69.0.3686.77 - DNA-84207 New Yubikey enrollment is not working - DNA-87185 Lost translation - DNA-87382 Integrate scrolling to top of the feed with the existing scroll position restoration - DNA-87535 Sort out news on start page state - DNA-87588 Merge “Prevent pointer from being sent in the clear over SCTP” to desktop-stable-83-3686 - Update to version 69.0.3686.57 - DNA-86682 Title case in Russian translation - DNA-86807 Title case in O69 BR Portuguese translation - DNA-87104 Right click context menu becomes scrollable sometimes - DNA-87376 Search in tabs opens significantly slower in O69 - DNA-87505 [Welcome Pages][Stats] Session stats for Welcome and Upgrade pages - DNA-87535 Sort out news on start page state The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1148 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ E-Mail link for openSUSE-SU-2020:1148-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-6510/ SUSE CVE CVE-2020-6510 page https://www.suse.com/security/cve/CVE-2020-6511/ SUSE CVE CVE-2020-6511 page https://www.suse.com/security/cve/CVE-2020-6512/ SUSE CVE CVE-2020-6512 page https://www.suse.com/security/cve/CVE-2020-6513/ SUSE CVE CVE-2020-6513 page https://www.suse.com/security/cve/CVE-2020-6514/ SUSE CVE CVE-2020-6514 page https://www.suse.com/security/cve/CVE-2020-6515/ SUSE CVE CVE-2020-6515 page https://www.suse.com/security/cve/CVE-2020-6516/ SUSE CVE CVE-2020-6516 page https://www.suse.com/security/cve/CVE-2020-6517/ SUSE CVE CVE-2020-6517 page https://www.suse.com/security/cve/CVE-2020-6518/ SUSE CVE CVE-2020-6518 page https://www.suse.com/security/cve/CVE-2020-6519/ SUSE CVE CVE-2020-6519 page https://www.suse.com/security/cve/CVE-2020-6520/ SUSE CVE CVE-2020-6520 page https://www.suse.com/security/cve/CVE-2020-6521/ SUSE CVE CVE-2020-6521 page https://www.suse.com/security/cve/CVE-2020-6522/ SUSE CVE CVE-2020-6522 page https://www.suse.com/security/cve/CVE-2020-6523/ SUSE CVE CVE-2020-6523 page https://www.suse.com/security/cve/CVE-2020-6524/ SUSE CVE CVE-2020-6524 page https://www.suse.com/security/cve/CVE-2020-6525/ SUSE CVE CVE-2020-6525 page https://www.suse.com/security/cve/CVE-2020-6526/ SUSE CVE CVE-2020-6526 page https://www.suse.com/security/cve/CVE-2020-6527/ SUSE CVE CVE-2020-6527 page https://www.suse.com/security/cve/CVE-2020-6528/ SUSE CVE CVE-2020-6528 page https://www.suse.com/security/cve/CVE-2020-6529/ SUSE CVE CVE-2020-6529 page https://www.suse.com/security/cve/CVE-2020-6530/ SUSE CVE CVE-2020-6530 page https://www.suse.com/security/cve/CVE-2020-6531/ SUSE CVE CVE-2020-6531 page https://www.suse.com/security/cve/CVE-2020-6533/ SUSE CVE CVE-2020-6533 page https://www.suse.com/security/cve/CVE-2020-6534/ SUSE CVE CVE-2020-6534 page https://www.suse.com/security/cve/CVE-2020-6535/ SUSE CVE CVE-2020-6535 page https://www.suse.com/security/cve/CVE-2020-6536/ SUSE CVE CVE-2020-6536 page openSUSE Leap 15.1 NonFree opera-70.0.3728.71-lp151.2.24.1 opera-70.0.3728.71-lp151.2.24.1 as a component of openSUSE Leap 15.1 NonFree Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6510 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6510.html CVE-2020-6510 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Information leak in content security policy in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6511 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6511.html CVE-2020-6511 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6512 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6512.html CVE-2020-6512 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2020-6513 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6513.html CVE-2020-6513 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. CVE-2020-6514 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6514.html CVE-2020-6514 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 https://bugzilla.suse.com/1174538 SUSE Bug 1174538 Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6515 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6515.html CVE-2020-6515 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6516 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6516.html CVE-2020-6516 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6517 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6517.html CVE-2020-6517 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6518 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6518.html CVE-2020-6518 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6519 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6519.html CVE-2020-6519 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6520 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6520.html CVE-2020-6520 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Side-channel information leakage in autofill in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2020-6521 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6521.html CVE-2020-6521 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2020-6522 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6522.html CVE-2020-6522 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6523 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6523.html CVE-2020-6523 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6524 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6524.html CVE-2020-6524 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6525 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6525.html CVE-2020-6525 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. CVE-2020-6526 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6526.html CVE-2020-6526 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Insufficient policy enforcement in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page. CVE-2020-6527 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6527.html CVE-2020-6527 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Incorrect security UI in basic auth in Google Chrome on iOS prior to 84.0.4147.89 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2020-6528 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6528.html CVE-2020-6528 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. CVE-2020-6529 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6529.html CVE-2020-6529 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. CVE-2020-6530 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6530.html CVE-2020-6530 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2020-6531 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6531.html CVE-2020-6531 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6533 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6533.html CVE-2020-6533 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2020-6534 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6534.html CVE-2020-6534 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2020-6535 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6535.html CVE-2020-6535 https://bugzilla.suse.com/1174189 SUSE Bug 1174189 Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox (URL bar) via a crafted PWA. CVE-2020-6536 openSUSE Leap 15.1 NonFree:opera-70.0.3728.71-lp151.2.24.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NUYO4K4AZKJVSJP4235727TELODNCOSP/ https://www.suse.com/security/cve/CVE-2020-6536.html CVE-2020-6536 https://bugzilla.suse.com/1174189 SUSE Bug 1174189