Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0729-1 Final 1 1 2021-05-15T10:04:55Z current 2021-05-15T10:04:55Z 2021-05-15T10:04:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Update to version 76.0.4017.107 - CHR-8413 Update chromium on desktop-stable-90-4017 to 90.0.4430.93 - DNA-90168 Display SD suggestions titles - DNA-92693 ‘Re-attach tab’ overlay is not resized with window - DNA-92926 [Mac][Cashback] “Close Tab” menu item not greyed out for Cashback corner - DNA-92934 Report crashes from opera://crashes and Tooltip to new Atlassian - DNA-92980 Enable tutorials flag on all streams - The update to chromium 90.0.4430.93 fixes following issues: CVE-2021-21227, CVE-2021-21232, CVE-2021-21233, CVE-2021-21228, CVE-2021-21229, CVE-2021-21230, CVE-2021-21231 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-729 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJBSCHMF25QDPD6LPM3ZPBBNJZQLF7VX/ E-Mail link for openSUSE-SU-2021:0729-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-21227/ SUSE CVE CVE-2021-21227 page https://www.suse.com/security/cve/CVE-2021-21228/ SUSE CVE CVE-2021-21228 page https://www.suse.com/security/cve/CVE-2021-21229/ SUSE CVE CVE-2021-21229 page https://www.suse.com/security/cve/CVE-2021-21230/ SUSE CVE CVE-2021-21230 page https://www.suse.com/security/cve/CVE-2021-21231/ SUSE CVE CVE-2021-21231 page https://www.suse.com/security/cve/CVE-2021-21232/ SUSE CVE CVE-2021-21232 page https://www.suse.com/security/cve/CVE-2021-21233/ SUSE CVE CVE-2021-21233 page openSUSE Leap 15.2 NonFree opera-76.0.4017.107-lp152.2.46.1 opera-76.0.4017.107-lp152.2.46.1 as a component of openSUSE Leap 15.2 NonFree Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21227 openSUSE Leap 15.2 NonFree:opera-76.0.4017.107-lp152.2.46.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJBSCHMF25QDPD6LPM3ZPBBNJZQLF7VX/ https://www.suse.com/security/cve/CVE-2021-21227.html CVE-2021-21227 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. CVE-2021-21228 openSUSE Leap 15.2 NonFree:opera-76.0.4017.107-lp152.2.46.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJBSCHMF25QDPD6LPM3ZPBBNJZQLF7VX/ https://www.suse.com/security/cve/CVE-2021-21228.html CVE-2021-21228 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. CVE-2021-21229 openSUSE Leap 15.2 NonFree:opera-76.0.4017.107-lp152.2.46.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJBSCHMF25QDPD6LPM3ZPBBNJZQLF7VX/ https://www.suse.com/security/cve/CVE-2021-21229.html CVE-2021-21229 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21230 openSUSE Leap 15.2 NonFree:opera-76.0.4017.107-lp152.2.46.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJBSCHMF25QDPD6LPM3ZPBBNJZQLF7VX/ https://www.suse.com/security/cve/CVE-2021-21230.html CVE-2021-21230 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21231 openSUSE Leap 15.2 NonFree:opera-76.0.4017.107-lp152.2.46.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJBSCHMF25QDPD6LPM3ZPBBNJZQLF7VX/ https://www.suse.com/security/cve/CVE-2021-21231.html CVE-2021-21231 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21232 openSUSE Leap 15.2 NonFree:opera-76.0.4017.107-lp152.2.46.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJBSCHMF25QDPD6LPM3ZPBBNJZQLF7VX/ https://www.suse.com/security/cve/CVE-2021-21232.html CVE-2021-21232 https://bugzilla.suse.com/1185375 SUSE Bug 1185375 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-21233 openSUSE Leap 15.2 NonFree:opera-76.0.4017.107-lp152.2.46.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FJBSCHMF25QDPD6LPM3ZPBBNJZQLF7VX/ https://www.suse.com/security/cve/CVE-2021-21233.html CVE-2021-21233 https://bugzilla.suse.com/1185375 SUSE Bug 1185375