Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0205-1 Final 1 1 2024-07-20T18:01:28Z current 2024-07-20T18:01:28Z 2024-07-20T18:01:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Update to 112.0.5197.25 * CHR-9787 Update Chromium on desktop-stable-126-5197 to 126.0.6478.127 - The update to chromium 126.0.6478.127 fixes following issues: CVE-2024-6290, CVE-2024-6291, CVE-2024-6292, CVE-2024-6293 - Update to 112.0.5197.24 * CHR-9762 Update Chromium on desktop-stable-126-5197 to 126.0.6478.62 * DNA-117001 Crash at base::internal::check_is_test_impl (base::NotFatalUntil) * DNA-117050 [Settings][Sync] Synchronization options aren't visible * DNA-117076 [Player] Background of the icons has changed and the Tidal icon is now missing * DNA-117109 Browser freezes when trying to remove a tab * DNA-117181 Translations for O112 * DNA-117202 Crash at syncer::SyncServiceImpl::NotifyObservers() * DNA-117295 Remove emoji names field in picker * DNA-117347 Start page is not rendered on first switch to workspace after its creation * DNA-117431 Promote 112 to stable - Complete Opera 112 changelog at: https://blogs.opera.com/desktop/changelog-for-112 - The update to chromium >= 126.0.6478.54 fixes following issues: CVE-2024-5830, CVE-2024-5831, CVE-2024-5832, CVE-2024-5833, CVE-2024-5834, CVE-2024-5835, CVE-2024-5836, CVE-2024-5837, CVE-2024-5838, CVE-2024-5839, CVE-2024-5840, CVE-2024-5841, CVE-2024-5842, CVE-2024-5843, CVE-2024-5844, CVE-2024-5845, CVE-2024-5846, CVE-2024-5847 - Update to 111.0.5168.55 * DNA-116749 Unnecessary icons in the advanced sync settings * DNA-116961 Evaluate #vtvd-as-platform-sw-decoder in the field * DNA-117003 #vtvd-as-platform-sw-decoder is not registered in media unittests The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-205 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ E-Mail link for openSUSE-SU-2024:0205-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-5830/ SUSE CVE CVE-2024-5830 page https://www.suse.com/security/cve/CVE-2024-5831/ SUSE CVE CVE-2024-5831 page https://www.suse.com/security/cve/CVE-2024-5832/ SUSE CVE CVE-2024-5832 page https://www.suse.com/security/cve/CVE-2024-5833/ SUSE CVE CVE-2024-5833 page https://www.suse.com/security/cve/CVE-2024-5834/ SUSE CVE CVE-2024-5834 page https://www.suse.com/security/cve/CVE-2024-5835/ SUSE CVE CVE-2024-5835 page https://www.suse.com/security/cve/CVE-2024-5836/ SUSE CVE CVE-2024-5836 page https://www.suse.com/security/cve/CVE-2024-5837/ SUSE CVE CVE-2024-5837 page https://www.suse.com/security/cve/CVE-2024-5838/ SUSE CVE CVE-2024-5838 page https://www.suse.com/security/cve/CVE-2024-5839/ SUSE CVE CVE-2024-5839 page https://www.suse.com/security/cve/CVE-2024-5840/ SUSE CVE CVE-2024-5840 page https://www.suse.com/security/cve/CVE-2024-5841/ SUSE CVE CVE-2024-5841 page https://www.suse.com/security/cve/CVE-2024-5842/ SUSE CVE CVE-2024-5842 page https://www.suse.com/security/cve/CVE-2024-5843/ SUSE CVE CVE-2024-5843 page https://www.suse.com/security/cve/CVE-2024-5844/ SUSE CVE CVE-2024-5844 page https://www.suse.com/security/cve/CVE-2024-5845/ SUSE CVE CVE-2024-5845 page https://www.suse.com/security/cve/CVE-2024-5846/ SUSE CVE CVE-2024-5846 page https://www.suse.com/security/cve/CVE-2024-5847/ SUSE CVE CVE-2024-5847 page https://www.suse.com/security/cve/CVE-2024-6290/ SUSE CVE CVE-2024-6290 page https://www.suse.com/security/cve/CVE-2024-6291/ SUSE CVE CVE-2024-6291 page https://www.suse.com/security/cve/CVE-2024-6292/ SUSE CVE CVE-2024-6292 page https://www.suse.com/security/cve/CVE-2024-6293/ SUSE CVE CVE-2024-6293 page openSUSE Leap 15.5 NonFree opera-112.0.5197.25-lp155.3.54.1 opera-112.0.5197.25-lp155.3.54.1 as a component of openSUSE Leap 15.5 NonFree Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) CVE-2024-5830 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5830.html CVE-2024-5830 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5831 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5831.html CVE-2024-5831 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5832 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5832.html CVE-2024-5832 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-5833 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5833.html CVE-2024-5833 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) CVE-2024-5834 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5834.html CVE-2024-5834 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-5835 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5835.html CVE-2024-5835 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) CVE-2024-5836 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5836.html CVE-2024-5836 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-5837 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5837.html CVE-2024-5837 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2024-5838 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5838.html CVE-2024-5838 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5839 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5839.html CVE-2024-5839 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5840 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5840.html CVE-2024-5840 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5841 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5841.html CVE-2024-5841 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5842 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5842.html CVE-2024-5842 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) CVE-2024-5843 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5843.html CVE-2024-5843 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) CVE-2024-5844 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5844.html CVE-2024-5844 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) CVE-2024-5845 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5845.html CVE-2024-5845 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) CVE-2024-5846 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5846.html CVE-2024-5846 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) CVE-2024-5847 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-5847.html CVE-2024-5847 https://bugzilla.suse.com/1226205 SUSE Bug 1226205 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6290 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-6290.html CVE-2024-6290 https://bugzilla.suse.com/1226933 SUSE Bug 1226933 Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6291 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-6291.html CVE-2024-6291 https://bugzilla.suse.com/1226933 SUSE Bug 1226933 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6292 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-6292.html CVE-2024-6292 https://bugzilla.suse.com/1226933 SUSE Bug 1226933 Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2024-6293 openSUSE Leap 15.5 NonFree:opera-112.0.5197.25-lp155.3.54.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NHZIGJFBH37236FBCT6ZIM4Q4SHU345J/ https://www.suse.com/security/cve/CVE-2024-6293.html CVE-2024-6293 https://bugzilla.suse.com/1226933 SUSE Bug 1226933