Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10057-1 Final 1 1 2022-07-13T12:10:33Z current 2022-07-13T12:10:33Z 2022-07-13T12:10:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: opera was updated to 88.0.4412.74: - DNA-100645 Cherry-pick CVE-2022-2294 onto stabilization branches Update to 88.0.4412.53 - DNA-99108 [Lin] Options on video pop out not possible to change - DNA-99832 On automatic video popout, close button should not stop video - DNA-99833 Allow turning on and off of each 'BABE' section from gear icon - DNA-99852 Default browser in Mac installer - DNA-99993 Crashes in AudioFileReaderTest, FFmpegAACBitstreamConverterTest - DNA-100045 iFrame Exception not unblocked with Acceptable Ads - DNA-100291 Update snapcraft uploading/releasing in scripts to use craft store Changes in 88.0.4412.40 - CHR-8905 Update chromium on desktop-stable-102-4412 to 102.0.5005.115 - DNA-99713 Sizing issues with video conferencing controls in PiP window - DNA-99831 Add 'back to tab' button like on video pop-out - The update to chromium 102.0.5005.115 fixes following issues: CVE-2022-2007, CVE-2022-2008, CVE-2022-2010, CVE-2022-2011 Changes in 88.0.4412.27 - DNA-99725 Crash at opera::ModalDialogViews::Show() - DNA-99752 Do not allow to uncheck all lists for adBlock - DNA-99918 Enable #scrollable-tab-strip on desktop-stable-102-4412 - DNA-99969 Promote O88 to stable - Complete Opera 88.0 changelog at: https://blogs.opera.com/desktop/changelog-for-88/ Update to 87.0.4390.45 - DNA-99478 Top Sites don’t always has big icon - DNA-99702 Enable Acceptable Ads for stable stream - DNA-99725 Crash at opera::ModalDialogViews::Show() - DNA-99752 Do not allow to uncheck all lists for adBlock - Update to 87.0.4390.36 - CHR-8883 Update chromium on desktop-stable-101-4390 to 101.0.4951.67 - DNA-99190 Investigate windows installer signature errors on win7 - DNA-99502 Sidebar – API to open panels - DNA-99593 Report sad tab displayed counts per kind - DNA-99628 Personalized Speed Dial context menu issue fix The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10057 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/ E-Mail link for openSUSE-SU-2022:10057-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-2007/ SUSE CVE CVE-2022-2007 page https://www.suse.com/security/cve/CVE-2022-2008/ SUSE CVE CVE-2022-2008 page https://www.suse.com/security/cve/CVE-2022-2010/ SUSE CVE CVE-2022-2010 page https://www.suse.com/security/cve/CVE-2022-2011/ SUSE CVE CVE-2022-2011 page https://www.suse.com/security/cve/CVE-2022-2294/ SUSE CVE CVE-2022-2294 page openSUSE Leap 15.3 NonFree openSUSE Leap 15.4 NonFree opera-88.0.4412.74-lp154.2.11.1 opera-88.0.4412.74-lp154.2.11.1 as a component of openSUSE Leap 15.3 NonFree opera-88.0.4412.74-lp154.2.11.1 as a component of openSUSE Leap 15.4 NonFree Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2007 openSUSE Leap 15.3 NonFree:opera-88.0.4412.74-lp154.2.11.1 openSUSE Leap 15.4 NonFree:opera-88.0.4412.74-lp154.2.11.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/ https://www.suse.com/security/cve/CVE-2022-2007.html CVE-2022-2007 https://bugzilla.suse.com/1200423 SUSE Bug 1200423 Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2008 openSUSE Leap 15.3 NonFree:opera-88.0.4412.74-lp154.2.11.1 openSUSE Leap 15.4 NonFree:opera-88.0.4412.74-lp154.2.11.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/ https://www.suse.com/security/cve/CVE-2022-2008.html CVE-2022-2008 https://bugzilla.suse.com/1200423 SUSE Bug 1200423 Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-2010 openSUSE Leap 15.3 NonFree:opera-88.0.4412.74-lp154.2.11.1 openSUSE Leap 15.4 NonFree:opera-88.0.4412.74-lp154.2.11.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/ https://www.suse.com/security/cve/CVE-2022-2010.html CVE-2022-2010 https://bugzilla.suse.com/1200423 SUSE Bug 1200423 Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2011 openSUSE Leap 15.3 NonFree:opera-88.0.4412.74-lp154.2.11.1 openSUSE Leap 15.4 NonFree:opera-88.0.4412.74-lp154.2.11.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/ https://www.suse.com/security/cve/CVE-2022-2011.html CVE-2022-2011 https://bugzilla.suse.com/1200423 SUSE Bug 1200423 Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2294 openSUSE Leap 15.3 NonFree:opera-88.0.4412.74-lp154.2.11.1 openSUSE Leap 15.4 NonFree:opera-88.0.4412.74-lp154.2.11.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RJUDCH46YEJXHUW2NNEMWI2TSQIO7ON2/ https://www.suse.com/security/cve/CVE-2022-2294.html CVE-2022-2294 https://bugzilla.suse.com/1201216 SUSE Bug 1201216 https://bugzilla.suse.com/1201980 SUSE Bug 1201980