Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2023:0066-1 Final 1 1 2023-03-09T13:01:39Z current 2023-03-09T13:01:39Z 2023-03-09T13:01:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Update to 96.0.4693.31 * CHR-9206 Update Chromium on desktop-stable-110-4693 to 110.0.5481.178 * DNA-104492 [Stable A/B Test] React Start Page for Austria 50% * DNA-104660 Browser crash when calling window.opr.authPrivate API in a private mode * DNA-105000 Crash at non-virtual thunk to SadTabView::OnBoundsChanged(gfx::Rect const&) * DNA-105138 Hang-up button is red in video popout * DNA-105211 Johnny5 – Prepare extension to be usable in Desktop * DNA-105377 Add API for extension to be able to open sidebar panel * DNA-105378 Add 'AI Shorten' functionality to search/copy tooltip * DNA-105410 Change Popup functionality depending on number of words selected * DNA-105429 Fix privileges for Shodan api * DNA-105434 Change popup depending on number of words * DNA-105442 Fix Update & Recovery page styling * DNA-105455 [Search box] Search box does not resize dynamically * DNA-105606 Enabling news by default on SP test- 2 The update to chromium 110.0.5481.178 fixes following issues: CVE-2023-0927, CVE-2023-0928, CVE-2023-0929, CVE-2023-0930, CVE-2023-0931, CVE-2023-0932, CVE-2023-0933, CVE-2023-0941 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2023-66 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RPPOT4TKRDH3DHWEAFPF5VECCRLHRJ6N/ E-Mail link for openSUSE-SU-2023:0066-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-0927/ SUSE CVE CVE-2023-0927 page https://www.suse.com/security/cve/CVE-2023-0928/ SUSE CVE CVE-2023-0928 page https://www.suse.com/security/cve/CVE-2023-0929/ SUSE CVE CVE-2023-0929 page https://www.suse.com/security/cve/CVE-2023-0930/ SUSE CVE CVE-2023-0930 page https://www.suse.com/security/cve/CVE-2023-0931/ SUSE CVE CVE-2023-0931 page https://www.suse.com/security/cve/CVE-2023-0932/ SUSE CVE CVE-2023-0932 page https://www.suse.com/security/cve/CVE-2023-0933/ SUSE CVE CVE-2023-0933 page https://www.suse.com/security/cve/CVE-2023-0941/ SUSE CVE CVE-2023-0941 page openSUSE Leap 15.4 NonFree opera-96.0.4693.31-lp154.2.44.1 opera-96.0.4693.31-lp154.2.44.1 as a component of openSUSE Leap 15.4 NonFree Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-0927 openSUSE Leap 15.4 NonFree:opera-96.0.4693.31-lp154.2.44.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RPPOT4TKRDH3DHWEAFPF5VECCRLHRJ6N/ https://www.suse.com/security/cve/CVE-2023-0927.html CVE-2023-0927 https://bugzilla.suse.com/1208589 SUSE Bug 1208589 Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-0928 openSUSE Leap 15.4 NonFree:opera-96.0.4693.31-lp154.2.44.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RPPOT4TKRDH3DHWEAFPF5VECCRLHRJ6N/ https://www.suse.com/security/cve/CVE-2023-0928.html CVE-2023-0928 https://bugzilla.suse.com/1208589 SUSE Bug 1208589 Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-0929 openSUSE Leap 15.4 NonFree:opera-96.0.4693.31-lp154.2.44.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RPPOT4TKRDH3DHWEAFPF5VECCRLHRJ6N/ https://www.suse.com/security/cve/CVE-2023-0929.html CVE-2023-0929 https://bugzilla.suse.com/1208589 SUSE Bug 1208589 Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-0930 openSUSE Leap 15.4 NonFree:opera-96.0.4693.31-lp154.2.44.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RPPOT4TKRDH3DHWEAFPF5VECCRLHRJ6N/ https://www.suse.com/security/cve/CVE-2023-0930.html CVE-2023-0930 https://bugzilla.suse.com/1208589 SUSE Bug 1208589 Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-0931 openSUSE Leap 15.4 NonFree:opera-96.0.4693.31-lp154.2.44.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RPPOT4TKRDH3DHWEAFPF5VECCRLHRJ6N/ https://www.suse.com/security/cve/CVE-2023-0931.html CVE-2023-0931 https://bugzilla.suse.com/1208589 SUSE Bug 1208589 Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-0932 openSUSE Leap 15.4 NonFree:opera-96.0.4693.31-lp154.2.44.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RPPOT4TKRDH3DHWEAFPF5VECCRLHRJ6N/ https://www.suse.com/security/cve/CVE-2023-0932.html CVE-2023-0932 https://bugzilla.suse.com/1208589 SUSE Bug 1208589 Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) CVE-2023-0933 openSUSE Leap 15.4 NonFree:opera-96.0.4693.31-lp154.2.44.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RPPOT4TKRDH3DHWEAFPF5VECCRLHRJ6N/ https://www.suse.com/security/cve/CVE-2023-0933.html CVE-2023-0933 https://bugzilla.suse.com/1208589 SUSE Bug 1208589 Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) CVE-2023-0941 openSUSE Leap 15.4 NonFree:opera-96.0.4693.31-lp154.2.44.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RPPOT4TKRDH3DHWEAFPF5VECCRLHRJ6N/ https://www.suse.com/security/cve/CVE-2023-0941.html CVE-2023-0941 https://bugzilla.suse.com/1208589 SUSE Bug 1208589