Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10087-1 Final 1 1 2022-08-15T22:01:27Z current 2022-08-15T22:01:27Z 2022-08-15T22:01:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: opera was updated to 89.0.4447.71 - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134 - DNA-100492 authPrivate.storeCredentials should work with running auth session - DNA-100649 “Sign out” from settings doesn’t also sign out from auth - DNA-100653 VPN Badge popup – not working well with different page zoom being set in browser settings - DNA-100712 Wrong spacing on text to reset sync passphrase in settings - DNA-100799 VPN icon is “pro” on disconnected - DNA-100841 Remove Get Subscription and Get button from VPN pro settings - DNA-100883 Update missing translations from chromium - DNA-100899 Translation error in Turkish - DNA-100912 Unable to select pinboards when sync everything is enabled - DNA-100959 Use after move RecentSearchProvider::ExecuteWithDB - DNA-100960 Use after move CountryBlacklistServiceImpl::DownloadCountryBlacklist - DNA-100961 Use after move CategorizationDataCollection::Iterator::Iterator - DNA-100989 Crash at opera::EasyFileButton::SetThumbnail(gfx::ImageSkia const&) - The update to chromium 103.0.5060.134 fixes following issues: CVE-2022-2163, CVE-2022-2477, CVE-2022-2478, CVE-2022-2479 CVE-2022-2480, CVE-2022-2481 opera was updated to 89.0.4447.51 - DNA-99538 Typed content of address bar shared between tabs - DNA-100418 Set 360 so as search engine in China - DNA-100629 Launch Auth login when enabling sync while logged in - DNA-100776 Popup is too long if there are no services available opera was updated to 89.0.4447.48 - CHR-8940 Update chromium on desktop-stable-103-4447 to 103.0.5060.114 - DNA-100247 Make it possible to display hint when tab scrolling gets triggered - DNA-100482 Shopping corner icon availability - DNA-100575 Add unique IDs to all web element in opera account popup - DNA-100625 Opera account popup appears too high on Linux - DNA-100627 Enable #snap-from-panel on all stream - DNA-100636 DCHECK at suggestion_item.cc(484) - DNA-100685 Fix crash when attaching to tab strip scroll buttons - DNA-100693 Enable Sticky Site sidebar item to have notification bubble - DNA-100698 [AdBlock] Unhandled Disconnect list category: 'emailaggressive' - DNA-100716 Misstype Settings 'Enhanced address bar' - DNA-100732 Fix &amp; escaping in translated strings - DNA-100759 Crash when loading personal news in private window - The update to chromium 103.0.5060.114 fixes following issues: CVE-2022-2294, CVE-2022-2295, CVE-2022-2296 opera was updated to 89.0.4447.38 - DNA-100283 Translations for O89 - Complete Opera 89.0 changelog at: https://blogs.opera.com/desktop/changelog-for-89/ opera was updated to 89.0.4447.37 - CHR-8929 Update chromium on desktop-stable-103-4447 to 103.0.5060.66 - DNA-99780 Crash at zmq::zmq_abort(char const*) - DNA-100377 New opera account popup doesn’t open on Linux - DNA-100589 Crash at base::internal::Invoker<T>::RunOnce (base::internal::BindStateBase*, scoped_refptr<T>&&) - DNA-100607 Sync “Sign in” button doesn’t work with Opera Account popup The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10087 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ E-Mail link for openSUSE-SU-2022:10087-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-2163/ SUSE CVE CVE-2022-2163 page https://www.suse.com/security/cve/CVE-2022-2294/ SUSE CVE CVE-2022-2294 page https://www.suse.com/security/cve/CVE-2022-2295/ SUSE CVE CVE-2022-2295 page https://www.suse.com/security/cve/CVE-2022-2296/ SUSE CVE CVE-2022-2296 page https://www.suse.com/security/cve/CVE-2022-2477/ SUSE CVE CVE-2022-2477 page https://www.suse.com/security/cve/CVE-2022-2478/ SUSE CVE CVE-2022-2478 page https://www.suse.com/security/cve/CVE-2022-2479/ SUSE CVE CVE-2022-2479 page https://www.suse.com/security/cve/CVE-2022-2480/ SUSE CVE CVE-2022-2480 page https://www.suse.com/security/cve/CVE-2022-2481/ SUSE CVE CVE-2022-2481 page openSUSE Leap 15.3 NonFree opera-89.0.4447.71-lp153.2.54.1 opera-89.0.4447.71-lp153.2.54.1 as a component of openSUSE Leap 15.3 NonFree Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. CVE-2022-2163 openSUSE Leap 15.3 NonFree:opera-89.0.4447.71-lp153.2.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ https://www.suse.com/security/cve/CVE-2022-2163.html CVE-2022-2163 https://bugzilla.suse.com/1200783 SUSE Bug 1200783 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2294 openSUSE Leap 15.3 NonFree:opera-89.0.4447.71-lp153.2.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ https://www.suse.com/security/cve/CVE-2022-2294.html CVE-2022-2294 https://bugzilla.suse.com/1201216 SUSE Bug 1201216 https://bugzilla.suse.com/1201980 SUSE Bug 1201980 Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2295 openSUSE Leap 15.3 NonFree:opera-89.0.4447.71-lp153.2.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ https://www.suse.com/security/cve/CVE-2022-2295.html CVE-2022-2295 https://bugzilla.suse.com/1201216 SUSE Bug 1201216 Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. CVE-2022-2296 openSUSE Leap 15.3 NonFree:opera-89.0.4447.71-lp153.2.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ https://www.suse.com/security/cve/CVE-2022-2296.html CVE-2022-2296 https://bugzilla.suse.com/1201216 SUSE Bug 1201216 Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2477 openSUSE Leap 15.3 NonFree:opera-89.0.4447.71-lp153.2.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ https://www.suse.com/security/cve/CVE-2022-2477.html CVE-2022-2477 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2478 openSUSE Leap 15.3 NonFree:opera-89.0.4447.71-lp153.2.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ https://www.suse.com/security/cve/CVE-2022-2478.html CVE-2022-2478 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. CVE-2022-2479 openSUSE Leap 15.3 NonFree:opera-89.0.4447.71-lp153.2.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ https://www.suse.com/security/cve/CVE-2022-2479.html CVE-2022-2479 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2480 openSUSE Leap 15.3 NonFree:opera-89.0.4447.71-lp153.2.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ https://www.suse.com/security/cve/CVE-2022-2480.html CVE-2022-2480 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. CVE-2022-2481 openSUSE Leap 15.3 NonFree:opera-89.0.4447.71-lp153.2.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBC3VMU74SRNP6PNL6PMNTJCIFN32DXR/ https://www.suse.com/security/cve/CVE-2022-2481.html CVE-2022-2481 https://bugzilla.suse.com/1201679 SUSE Bug 1201679