Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10181-1 Final 1 1 2022-10-31T11:01:36Z current 2022-10-31T11:01:36Z 2022-10-31T11:01:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Update to 92.0.4561.21 - CHR-9037 Update chromium on desktop-stable-106-4561 to 106.0.5249.119 - DNA-102295 Missing GX.games section in settings - DNA-102308 Presubmit errors - DNA-102329 [Consent flow] clicking on 'Customize settings' doesn't resize the popup - DNA-102340 Sidebar control panel doesn't hide - DNA-102348 Replace old Dify url with a new one - DNA-102430 Translations for O92 - DNA-102534 Allow staging RH Agent extension to use VPN Pro API - DNA-102548 Rich hints extension crashes on Linux - DNA-102551 Promote O92 to stable - Complete Opera 92.0 changelog at: https://blogs.opera.com/desktop/changelog-for-92/ - The update to chromium 106.0.5249.119 fixes following issues: CVE-2022-3445, CVE-2022-3446, CVE-2022-3447, CVE-2022-3448, CVE-2022-3449, CVE-2022-3450 Update to 91.0.4516.77 - DNA-101988 Implement dark mode for consent flow popups - DNA-102348 Replace old Dify url with a new one Update to 91.0.4516.65 - DNA-101240 Save “remind in 3 days” setting - DNA-101622 Add a way to check if browser is connected to webenv - DNA-101838 Unfiltered dropdown disabled by default on stable - DNA-101990 Boost sites into top sites - DNA-101998 flag tiktok-panel doesn’t work - DNA-102075 Crash at extensions::ExtensionApiFrameIdMap:: OnRenderFrameDeleted(content::RenderFrameHost*) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10181 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHXWIROKV3SIJKHPXP6R4LWJZZG2XC77/ E-Mail link for openSUSE-SU-2022:10181-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-3445/ SUSE CVE CVE-2022-3445 page https://www.suse.com/security/cve/CVE-2022-3446/ SUSE CVE CVE-2022-3446 page https://www.suse.com/security/cve/CVE-2022-3447/ SUSE CVE CVE-2022-3447 page https://www.suse.com/security/cve/CVE-2022-3448/ SUSE CVE CVE-2022-3448 page https://www.suse.com/security/cve/CVE-2022-3449/ SUSE CVE CVE-2022-3449 page https://www.suse.com/security/cve/CVE-2022-3450/ SUSE CVE CVE-2022-3450 page openSUSE Leap 15.3 NonFree opera-92.0.4561.21-lp153.2.66.1 opera-92.0.4561.21-lp153.2.66.1 as a component of openSUSE Leap 15.3 NonFree Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3445 openSUSE Leap 15.3 NonFree:opera-92.0.4561.21-lp153.2.66.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHXWIROKV3SIJKHPXP6R4LWJZZG2XC77/ https://www.suse.com/security/cve/CVE-2022-3445.html CVE-2022-3445 https://bugzilla.suse.com/1204223 SUSE Bug 1204223 Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3446 openSUSE Leap 15.3 NonFree:opera-92.0.4561.21-lp153.2.66.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHXWIROKV3SIJKHPXP6R4LWJZZG2XC77/ https://www.suse.com/security/cve/CVE-2022-3446.html CVE-2022-3446 https://bugzilla.suse.com/1204223 SUSE Bug 1204223 Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) CVE-2022-3447 openSUSE Leap 15.3 NonFree:opera-92.0.4561.21-lp153.2.66.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHXWIROKV3SIJKHPXP6R4LWJZZG2XC77/ https://www.suse.com/security/cve/CVE-2022-3447.html CVE-2022-3447 https://bugzilla.suse.com/1204223 SUSE Bug 1204223 Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3448 openSUSE Leap 15.3 NonFree:opera-92.0.4561.21-lp153.2.66.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHXWIROKV3SIJKHPXP6R4LWJZZG2XC77/ https://www.suse.com/security/cve/CVE-2022-3448.html CVE-2022-3448 https://bugzilla.suse.com/1204223 SUSE Bug 1204223 Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) CVE-2022-3449 openSUSE Leap 15.3 NonFree:opera-92.0.4561.21-lp153.2.66.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHXWIROKV3SIJKHPXP6R4LWJZZG2XC77/ https://www.suse.com/security/cve/CVE-2022-3449.html CVE-2022-3449 https://bugzilla.suse.com/1204223 SUSE Bug 1204223 Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3450 openSUSE Leap 15.3 NonFree:opera-92.0.4561.21-lp153.2.66.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHXWIROKV3SIJKHPXP6R4LWJZZG2XC77/ https://www.suse.com/security/cve/CVE-2022-3450.html CVE-2022-3450 https://bugzilla.suse.com/1204223 SUSE Bug 1204223