Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0948-1 Final 1 1 2021-07-01T10:06:32Z current 2021-07-01T10:06:32Z 2021-07-01T10:06:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Update to version 77.0.4054.146 - CHR-8458 Update chromium on desktop-stable-91-4054 to 91.0.4472.114 - DNA-92171 Create active linkdiscovery service - DNA-92388 Fix and unskip WorkspacesEmoji.testChooseEmojiAsWorkspaceIcon when possible - DNA-93101 Tabs are being snoozed when tab snoozing is disabled - DNA-93386 Update pinboard view when item changes - DNA-93448 Make browser ready for Developer release - DNA-93491 Fix failing tests after enabling #pinboard flag - DNA-93498 Add additional music services - DNA-93503 Blank popup on clicking toolbar icon with popup open - DNA-93561 Do not allow zoom different from 100% in Pinboard popup - DNA-93637 ctrl+9 shortcut is inconsistent with other browsers - DNA-93644 Create route for `import open tabs` to `pinboard` - DNA-93664 Adapt popup to design - DNA-93702 Turn on flags on developer - DNA-93737 [Pinboard] Remove Mock API - DNA-93745 Unable to open the popup after opening it several times - DNA-93776 Popup closes and reopens when clicking the toolbar button - DNA-93786 DCHECK after opening popup - DNA-93802 Crash at views::Widget::GetNativeView() const - DNA-93810 Add pinboard icon to sidebar - DNA-93825 Add pinboard to Opera menu - DNA-93833 [Player] Implement seeking for new services - DNA-93845 Do not log output of snapcraft on console - DNA-93864 Create feature flag for start page sync banner - DNA-93865 Implement start page banner - DNA-93867 Use version from package instead of repository - DNA-93878 [Player] Crash when current player service becomes unavailable when user location changes - DNA-93953 ‘Send image to Pinboard’ has the wrong position in the context menu - DNA-93987 Disable zooming popup contents like in other popups - DNA-93989 Change internal URL to opera://pinboards - DNA-93990 Update strings to reflect new standards - DNA-93992 Add Pinboards to Opera settings - DNA-93993 Pinboard translations from Master - DNA-94011 Enable feature flags for Reborn 5 on stable - DNA-94019 Add a direct link to settings - DNA-94088 Internal pages provoke not saving other pages to the Pinboard - DNA-94111 [O77] Sidebar setup does not open - DNA-94139 Crash at opera::(anonymous namespace)::PinboardPopupWebView::RemovedFromWidget() - The update to chromium 91.0.4472.114 fixes following issues: CVE-2021-30554, CVE-2021-30555, CVE-2021-30556, CVE-2021-30557 CVE-2021-30544, CVE-2021-30545, CVE-2021-30546, CVE-2021-30547, CVE-2021-30548, CVE-2021-30549, CVE-2021-30550, CVE-2021-30551, CVE-2021-30552, CVE-2021-30553 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-948 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ E-Mail link for openSUSE-SU-2021:0948-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-30544/ SUSE CVE CVE-2021-30544 page https://www.suse.com/security/cve/CVE-2021-30545/ SUSE CVE CVE-2021-30545 page https://www.suse.com/security/cve/CVE-2021-30546/ SUSE CVE CVE-2021-30546 page https://www.suse.com/security/cve/CVE-2021-30547/ SUSE CVE CVE-2021-30547 page https://www.suse.com/security/cve/CVE-2021-30548/ SUSE CVE CVE-2021-30548 page https://www.suse.com/security/cve/CVE-2021-30549/ SUSE CVE CVE-2021-30549 page https://www.suse.com/security/cve/CVE-2021-30550/ SUSE CVE CVE-2021-30550 page https://www.suse.com/security/cve/CVE-2021-30551/ SUSE CVE CVE-2021-30551 page https://www.suse.com/security/cve/CVE-2021-30552/ SUSE CVE CVE-2021-30552 page https://www.suse.com/security/cve/CVE-2021-30553/ SUSE CVE CVE-2021-30553 page https://www.suse.com/security/cve/CVE-2021-30554/ SUSE CVE CVE-2021-30554 page https://www.suse.com/security/cve/CVE-2021-30555/ SUSE CVE CVE-2021-30555 page https://www.suse.com/security/cve/CVE-2021-30556/ SUSE CVE CVE-2021-30556 page https://www.suse.com/security/cve/CVE-2021-30557/ SUSE CVE CVE-2021-30557 page openSUSE Leap 15.3 NonFree opera-77.0.4054.146-lp153.2.6.1 opera-77.0.4054.146-lp153.2.6.1 as a component of openSUSE Leap 15.3 NonFree Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30544 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30544.html CVE-2021-30544 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30545 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30545.html CVE-2021-30545 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30546 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30546.html CVE-2021-30546 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. CVE-2021-30547 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30547.html CVE-2021-30547 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 https://bugzilla.suse.com/1188275 SUSE Bug 1188275 Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30548 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30548.html CVE-2021-30548 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30549 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30549.html CVE-2021-30549 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30550 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30550.html CVE-2021-30550 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30551 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30551.html CVE-2021-30551 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30552 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30552.html CVE-2021-30552 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30553 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30553.html CVE-2021-30553 https://bugzilla.suse.com/1187141 SUSE Bug 1187141 Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30554 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30554.html CVE-2021-30554 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture. CVE-2021-30555 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30555.html CVE-2021-30555 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30556 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30556.html CVE-2021-30556 https://bugzilla.suse.com/1187481 SUSE Bug 1187481 Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2021-30557 openSUSE Leap 15.3 NonFree:opera-77.0.4054.146-lp153.2.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7KHAD4TPDMOCFFISFXM3O4TD6SK6KWAG/ https://www.suse.com/security/cve/CVE-2021-30557.html CVE-2021-30557 https://bugzilla.suse.com/1187481 SUSE Bug 1187481