Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0413-1 Final 1 1 2021-03-15T19:06:14Z current 2021-03-15T19:06:14Z 2021-03-15T19:06:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Update to version 74.0.3911.203 - CHR-8324 Update chromium on desktop-stable-88-3911 to 88.0.4324.182(boo#1182358) - DNA-90762 Replace “Don’t show again” with “Discard” - DNA-90974 Crash at opera::PersistentRecentlyClosedWindows::GetEntryType(SessionID) - DNA-91289 [Search tabs] Wrong tab stays highlighted after removing another tab - DNA-91476 Invalid memory dereference PlayerServiceBrowsertest - DNA-91502 Change system name on opera://about page for MacOS - DNA-91740 Missing title in Extensions Toolbar Menu - The update to chromium 88.0.4324.182 fixes following issues: CVE-2021-21149, CVE-2021-21150, CVE-2021-21151, CVE-2021-21152, CVE-2021-21153, CVE-2021-21154, CVE-2021-21155, CVE-2021-21156, CVE-2021-21157 - Update to version 74.0.3911.160 - DNA-90409 Cleanup Javascript dialogs: app modal & tab modal - DNA-90720 [Search Tabs] Allow discarding recently closed items - DNA-90802 [Windows] Debug fails on linking - DNA-91130 heap-use-after-free in CashbackBackendServiceTest.AutoUpdateSchedule - DNA-91152 Allow reading agent variables in trigger conditions - DNA-91225 [Search tabs] The webpage doesn’t move from “Open tabs” to “Recently closed” section - DNA-91243 Add Rich Hint support for the cashback badge and popup - DNA-91483 component_unittests are timing out - DNA-91516 Sidebar setup opens only with cashback enabled - DNA-91601 No text in 1st line of address bar dropdown suggestions - DNA-91603 Jumbo build problem on desktop-stable-88-3911 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-413 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ E-Mail link for openSUSE-SU-2021:0413-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1182358 SUSE Bug 1182358 https://www.suse.com/security/cve/CVE-2021-21148/ SUSE CVE CVE-2021-21148 page https://www.suse.com/security/cve/CVE-2021-21149/ SUSE CVE CVE-2021-21149 page https://www.suse.com/security/cve/CVE-2021-21150/ SUSE CVE CVE-2021-21150 page https://www.suse.com/security/cve/CVE-2021-21151/ SUSE CVE CVE-2021-21151 page https://www.suse.com/security/cve/CVE-2021-21152/ SUSE CVE CVE-2021-21152 page https://www.suse.com/security/cve/CVE-2021-21153/ SUSE CVE CVE-2021-21153 page https://www.suse.com/security/cve/CVE-2021-21154/ SUSE CVE CVE-2021-21154 page https://www.suse.com/security/cve/CVE-2021-21155/ SUSE CVE CVE-2021-21155 page https://www.suse.com/security/cve/CVE-2021-21156/ SUSE CVE CVE-2021-21156 page https://www.suse.com/security/cve/CVE-2021-21157/ SUSE CVE CVE-2021-21157 page openSUSE Leap 15.2 NonFree opera-74.0.3911.203-lp152.2.37.1 opera-74.0.3911.203-lp152.2.37.1 as a component of openSUSE Leap 15.2 NonFree Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21148 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21148.html CVE-2021-21148 https://bugzilla.suse.com/1181827 SUSE Bug 1181827 Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. CVE-2021-21149 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21149.html CVE-2021-21149 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21150 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21150.html CVE-2021-21150 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21151 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21151.html CVE-2021-21151 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21152 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21152.html CVE-2021-21152 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-21153 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21153.html CVE-2021-21153 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21154 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21154.html CVE-2021-21154 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2021-21155 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21155.html CVE-2021-21155 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted script. CVE-2021-21156 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21156.html CVE-2021-21156 https://bugzilla.suse.com/1182358 SUSE Bug 1182358 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21157 openSUSE Leap 15.2 NonFree:opera-74.0.3911.203-lp152.2.37.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFEMB66XHIEXP6VOOQ4JIXBD6U5X4EIA/ https://www.suse.com/security/cve/CVE-2021-21157.html CVE-2021-21157 https://bugzilla.suse.com/1182358 SUSE Bug 1182358