Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0829-1 Final 1 1 2021-06-03T15:56:19Z current 2021-06-03T15:56:19Z 2021-06-03T15:56:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Update to version 76.0.4017.154 - CHR-8420 Update chromium on desktop-stable-90-4017 to 90.0.4430.212 - DNA-92411 Bookmarks breadcrumbs wrong color when pressed in dark mode - DNA-92587 Sync settings: “Use old password” button doesn’t work - DNA-92672 Make it possible for agent to inject scripts into startpage - DNA-92712 Add SD reload API - DNA-93190 The bookmark can’t be opened in Workspace 5-6 - DNA-93247 Reopen last closed tab shortcut opens random tab on new window - DNA-93294 Binary diff for opera_browser.dll is not created on 32-bit builds - DNA-93313 Add opauto test to cover DNA-93190 - DNA-93368 Fix an error in Polish translation - DNA-93408 [Windows] widevine_cdm_component_installer does not compile on desktop-stable-90-4017 - The update to chromium 90.0.4430.212 fixes following issues: CVE-2021-30506, CVE-2021-30507, CVE-2021-30508, CVE-2021-30509, CVE-2021-30510, CVE-2021-30511, CVE-2021-30512, CVE-2021-30513, CVE-2021-30514, CVE-2021-30515, CVE-2021-30516, CVE-2021-30517, CVE-2021-30518, CVE-2021-30519, CVE-2021-30520 Update to version 76.0.4017.123 - DNA-91951 SkipAds click by default with Adblocker on Youtube - DNA-92293 [Mac] Crash at opera::BrowserWindowImpl::Cleanup() - DNA-92714 [Mac] Worskpace switching lags with lot of tabs - DNA-92847 DCHECK at tab_lifecycle_unit_source.cc:145 - DNA-92860 [Windows] Fix issues when running buildsign script with Python 3 - DNA-92879 Fix issues when running buildsign script with Python 3 - DNA-92938 opera://activity/ page ignores workspaces - DNA-93015 [Player] Panel is too narrow - DNA-93044 Remove unnecessary question mark in Cashback string in Polish - DNA-93070 [Search Tabs] Selecting items with cursor keys skips over content matches - DNA-93122 Use input in builddiff.py - DNA-93175 Fix running repacking The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-829 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ E-Mail link for openSUSE-SU-2021:0829-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-30506/ SUSE CVE CVE-2021-30506 page https://www.suse.com/security/cve/CVE-2021-30507/ SUSE CVE CVE-2021-30507 page https://www.suse.com/security/cve/CVE-2021-30508/ SUSE CVE CVE-2021-30508 page https://www.suse.com/security/cve/CVE-2021-30509/ SUSE CVE CVE-2021-30509 page https://www.suse.com/security/cve/CVE-2021-30510/ SUSE CVE CVE-2021-30510 page https://www.suse.com/security/cve/CVE-2021-30511/ SUSE CVE CVE-2021-30511 page https://www.suse.com/security/cve/CVE-2021-30512/ SUSE CVE CVE-2021-30512 page https://www.suse.com/security/cve/CVE-2021-30513/ SUSE CVE CVE-2021-30513 page https://www.suse.com/security/cve/CVE-2021-30514/ SUSE CVE CVE-2021-30514 page https://www.suse.com/security/cve/CVE-2021-30515/ SUSE CVE CVE-2021-30515 page https://www.suse.com/security/cve/CVE-2021-30516/ SUSE CVE CVE-2021-30516 page https://www.suse.com/security/cve/CVE-2021-30517/ SUSE CVE CVE-2021-30517 page https://www.suse.com/security/cve/CVE-2021-30518/ SUSE CVE CVE-2021-30518 page https://www.suse.com/security/cve/CVE-2021-30519/ SUSE CVE CVE-2021-30519 page https://www.suse.com/security/cve/CVE-2021-30520/ SUSE CVE CVE-2021-30520 page openSUSE Leap 15.2 NonFree opera-76.0.4017.154-lp152.2.49.1 opera-76.0.4017.154-lp152.2.49.1 as a component of openSUSE Leap 15.2 NonFree Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page. CVE-2021-30506 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30506.html CVE-2021-30506 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. CVE-2021-30507 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30507.html CVE-2021-30507 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30508 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30508.html CVE-2021-30508 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extension. CVE-2021-30509 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30509.html CVE-2021-30509 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30510 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30510.html CVE-2021-30510 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page. CVE-2021-30511 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30511.html CVE-2021-30511 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30512 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30512.html CVE-2021-30512 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30513 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30513.html CVE-2021-30513 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30514 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30514.html CVE-2021-30514 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30515 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30515.html CVE-2021-30515 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30516 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30516.html CVE-2021-30516 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30517 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30517.html CVE-2021-30517 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30518 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30518.html CVE-2021-30518 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30519 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30519.html CVE-2021-30519 https://bugzilla.suse.com/1185908 SUSE Bug 1185908 Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30520 openSUSE Leap 15.2 NonFree:opera-76.0.4017.154-lp152.2.49.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZMLE6Y32Y2DK2ZVCT4O73EKD4VH7BGEG/ https://www.suse.com/security/cve/CVE-2021-30520.html CVE-2021-30520 https://bugzilla.suse.com/1185908 SUSE Bug 1185908