Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:1434-1 Final 1 1 2021-11-01T15:06:39Z current 2021-11-01T15:06:39Z 2021-11-01T15:06:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Opera was updated to version 80.0.4170.63 - CHR-8612 Update chromium on desktop-stable-94-4170 to 94.0.4606.81 - DNA-95434 Crash at opera::ThemesService::UpdateCurrentTheme() - The update to chromium 94.0.4606.81 fixes following issues: CVE-2021-37977, CVE-2021-37978, CVE-2021-37979, CVE-2021-37980 Opera was updated to version 80.0.4170.40 - CHR-8598 Update chromium on desktop-stable-94-4170 to 94.0.4606.71 - DNA-95221 Emoji button stuck in address bar - DNA-95325 Make y.at navigations to be reported with page_views events - DNA-95327 Add “Emojis” context menu option in address bar field - DNA-95339 Add YAT emoji url suggestion to search© dialog - DNA-95416 Remove emoji button from address bar - DNA-95439 Enable #yat-emoji-addresses on developer stream - DNA-95441 [Mac big sur] Emoji are not shown in address bar url - DNA-95514 Crash at resource_coordinator::TabLifecycleUnitSource ::TabLifecycleUnit::OnLifecycleUnitStateChanged(mojom:: LifecycleUnitState, mojom::LifecycleUnitStateChangeReason) - DNA-95746 Enable #reader-mode everywhere - DNA-95865 Numbers are recognized as emojis - DNA-95866 Change Yat text in selection popup - DNA-95867 Show that buttons are clickable in selection popup - The update to chromium 94.0.4606.71 fixes following issues: CVE-2021-37974, CVE-2021-37975, CVE-2021-37976 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-1434 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CF6Y247TQDOSNNT7RURWBHGHDS3V4YYD/ E-Mail link for openSUSE-SU-2021:1434-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-37974/ SUSE CVE CVE-2021-37974 page https://www.suse.com/security/cve/CVE-2021-37975/ SUSE CVE CVE-2021-37975 page https://www.suse.com/security/cve/CVE-2021-37976/ SUSE CVE CVE-2021-37976 page https://www.suse.com/security/cve/CVE-2021-37977/ SUSE CVE CVE-2021-37977 page https://www.suse.com/security/cve/CVE-2021-37978/ SUSE CVE CVE-2021-37978 page https://www.suse.com/security/cve/CVE-2021-37979/ SUSE CVE CVE-2021-37979 page https://www.suse.com/security/cve/CVE-2021-37980/ SUSE CVE CVE-2021-37980 page openSUSE Leap 15.3 NonFree opera-80.0.4170.63-lp153.2.27.1 opera-80.0.4170.63-lp153.2.27.1 as a component of openSUSE Leap 15.3 NonFree Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37974 openSUSE Leap 15.3 NonFree:opera-80.0.4170.63-lp153.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CF6Y247TQDOSNNT7RURWBHGHDS3V4YYD/ https://www.suse.com/security/cve/CVE-2021-37974.html CVE-2021-37974 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37975 openSUSE Leap 15.3 NonFree:opera-80.0.4170.63-lp153.2.27.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CF6Y247TQDOSNNT7RURWBHGHDS3V4YYD/ https://www.suse.com/security/cve/CVE-2021-37975.html CVE-2021-37975 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. CVE-2021-37976 openSUSE Leap 15.3 NonFree:opera-80.0.4170.63-lp153.2.27.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CF6Y247TQDOSNNT7RURWBHGHDS3V4YYD/ https://www.suse.com/security/cve/CVE-2021-37976.html CVE-2021-37976 https://bugzilla.suse.com/1191204 SUSE Bug 1191204 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37977 openSUSE Leap 15.3 NonFree:opera-80.0.4170.63-lp153.2.27.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CF6Y247TQDOSNNT7RURWBHGHDS3V4YYD/ https://www.suse.com/security/cve/CVE-2021-37977.html CVE-2021-37977 https://bugzilla.suse.com/1191463 SUSE Bug 1191463 Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37978 openSUSE Leap 15.3 NonFree:opera-80.0.4170.63-lp153.2.27.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CF6Y247TQDOSNNT7RURWBHGHDS3V4YYD/ https://www.suse.com/security/cve/CVE-2021-37978.html CVE-2021-37978 https://bugzilla.suse.com/1191463 SUSE Bug 1191463 heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page. CVE-2021-37979 openSUSE Leap 15.3 NonFree:opera-80.0.4170.63-lp153.2.27.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CF6Y247TQDOSNNT7RURWBHGHDS3V4YYD/ https://www.suse.com/security/cve/CVE-2021-37979.html CVE-2021-37979 https://bugzilla.suse.com/1191463 SUSE Bug 1191463 Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows. CVE-2021-37980 openSUSE Leap 15.3 NonFree:opera-80.0.4170.63-lp153.2.27.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CF6Y247TQDOSNNT7RURWBHGHDS3V4YYD/ https://www.suse.com/security/cve/CVE-2021-37980.html CVE-2021-37980 https://bugzilla.suse.com/1191463 SUSE Bug 1191463