Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0187-1 Final 1 1 2024-07-06T12:01:16Z current 2024-07-06T12:01:16Z 2024-07-06T12:01:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Update to 111.0.5168.43 * DNA-115228 Adblocker is blocking ads when turned off * DNA-116605 Crash at opera::BrowserContentsView:: NonClientHitTestPoint(gfx::Point const&) * DNA-116855 Cannot close tab island’s tab when popup was hovered * DNA-116885 Add chrome.cookies api permission to Rich Hints * DNA-116948 [Linux] Theme toggle in settings is not working - Update to 111.0.5168.25 * CHR-9754 Update Chromium on desktop-stable-125-5168 to 125.0.6422.142 * DNA-116089 [Win/Lin] Fullscreen view has rounded corners * DNA-116208 The red dot on the Aria’s icon is misaligned * DNA-116693 X (twitter) logo is not available on opera:about page * DNA-116737 [Bookmarks] Bookmarks bar favicon have light theme color in new window * DNA-116769 Extension popup – pin icon is replaced * DNA-116850 Fix full package installer link * DNA-116852 Promote 111 to stable * DNA-116491 Site info popup is cut with dropdown opened * DNA-116661 [opera:settings] IPFS/IPNS Gateway box has the wrong design * DNA-116789 Translations for O111 * DNA-116813 [React emoji picker] Flag emojis are not load correctly * DNA-116893 Put 'Show emojis in tab tooltip' in Settings * DNA-116918 Translations for 'Show emojis in tab tooltip' - Complete Opera 111 changelog at: https://blogs.opera.com/desktop/changelog-for-111 - The update to chromium 125.0.6422.142 fixes following issues: CVE-2024-5493, CVE-2024-5494, CVE-2024-5495, CVE-2024-5496, CVE-2024-5497, CVE-2024-5498, CVE-2024-5499 - Update to 110.0.5130.64 * CHR-9748 Update Chromium on desktop-stable-124-5130 to 124.0.6367.243 * DNA-116317 Create outline or shadow around emojis on tab strip * DNA-116320 Create animation for emoji disappearing from tab strip * DNA-116564 Assign custom emoji from emoji picker * DNA-116690 Make chrome://emoji-picker attachable by webdriver * DNA-116732 Introduce stat event for setting / unsetting emoji on a tab * DNA-116753 Emoji picker does not follow browser theme * DNA-116755 Record tab emojis added / removed * DNA-116777 Enable #tab-art on all streams - Update to 110.0.5130.49 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-116706 [gpu-crash] Crash at SkGpuShaderImageFilter:: onFilterImage(skif::Context const&) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-187 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B5SLGYT6SKW4EUYZ5XLYQG66Y433XMH/ E-Mail link for openSUSE-SU-2024:0187-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-5493/ SUSE CVE CVE-2024-5493 page https://www.suse.com/security/cve/CVE-2024-5494/ SUSE CVE CVE-2024-5494 page https://www.suse.com/security/cve/CVE-2024-5495/ SUSE CVE CVE-2024-5495 page https://www.suse.com/security/cve/CVE-2024-5496/ SUSE CVE CVE-2024-5496 page https://www.suse.com/security/cve/CVE-2024-5497/ SUSE CVE CVE-2024-5497 page https://www.suse.com/security/cve/CVE-2024-5498/ SUSE CVE CVE-2024-5498 page https://www.suse.com/security/cve/CVE-2024-5499/ SUSE CVE CVE-2024-5499 page openSUSE Leap 15.5 NonFree opera-111.0.5168.43-lp155.3.51.1 opera-111.0.5168.43-lp155.3.51.1 as a component of openSUSE Leap 15.5 NonFree Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5493 openSUSE Leap 15.5 NonFree:opera-111.0.5168.43-lp155.3.51.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B5SLGYT6SKW4EUYZ5XLYQG66Y433XMH/ https://www.suse.com/security/cve/CVE-2024-5493.html CVE-2024-5493 https://bugzilla.suse.com/1225690 SUSE Bug 1225690 Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5494 openSUSE Leap 15.5 NonFree:opera-111.0.5168.43-lp155.3.51.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B5SLGYT6SKW4EUYZ5XLYQG66Y433XMH/ https://www.suse.com/security/cve/CVE-2024-5494.html CVE-2024-5494 https://bugzilla.suse.com/1225690 SUSE Bug 1225690 Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5495 openSUSE Leap 15.5 NonFree:opera-111.0.5168.43-lp155.3.51.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B5SLGYT6SKW4EUYZ5XLYQG66Y433XMH/ https://www.suse.com/security/cve/CVE-2024-5495.html CVE-2024-5495 https://bugzilla.suse.com/1225690 SUSE Bug 1225690 Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVE-2024-5496 openSUSE Leap 15.5 NonFree:opera-111.0.5168.43-lp155.3.51.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B5SLGYT6SKW4EUYZ5XLYQG66Y433XMH/ https://www.suse.com/security/cve/CVE-2024-5496.html CVE-2024-5496 https://bugzilla.suse.com/1225690 SUSE Bug 1225690 Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5497 openSUSE Leap 15.5 NonFree:opera-111.0.5168.43-lp155.3.51.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B5SLGYT6SKW4EUYZ5XLYQG66Y433XMH/ https://www.suse.com/security/cve/CVE-2024-5497.html CVE-2024-5497 https://bugzilla.suse.com/1225690 SUSE Bug 1225690 Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5498 openSUSE Leap 15.5 NonFree:opera-111.0.5168.43-lp155.3.51.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B5SLGYT6SKW4EUYZ5XLYQG66Y433XMH/ https://www.suse.com/security/cve/CVE-2024-5498.html CVE-2024-5498 https://bugzilla.suse.com/1225690 SUSE Bug 1225690 Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CVE-2024-5499 openSUSE Leap 15.5 NonFree:opera-111.0.5168.43-lp155.3.51.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6B5SLGYT6SKW4EUYZ5XLYQG66Y433XMH/ https://www.suse.com/security/cve/CVE-2024-5499.html CVE-2024-5499 https://bugzilla.suse.com/1225690 SUSE Bug 1225690