Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10254-1 Final 1 1 2022-12-31T15:01:26Z current 2022-12-31T15:01:26Z 2022-12-31T15:01:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: - Update to 94.0.4606.38 - CHR-9133 Update chromium on desktop-stable-108-4606 to 108.0.5359.125 - DNA-103624 Create JS API to open Search tabs feature - DNA-104004 Improve welcome pop-up - DNA-104053 Right mouse click open speed dial instead of context menu - DNA-104055 News article opens in active tab - DNA-104084 [Suggestion] Introduce a way to remove the Lucid Mode button - DNA-104089 No crashes reported in soccoro for Linux - The update to chromium 108.0.5359.125 fixes following issues: CVE-2022-4436, CVE-2022-4437, CVE-2022-4438, CVE-2022-4439, CVE-2022-4440 - Update to 94.0.4606.26 - CHR-9125 Update chromium on desktop-stable-108-4606 to 108.0.5359.99 - DNA-99207 WebUI popup/dropdown could be empty due to lack of memory - DNA-102882 [SD][News][Continue on][Suggestion] Do not focus on opened page when opening in new tab - DNA-103076 Release installer consent flow globally - DNA-103137 Fix positioning in Web UI component - DNA-103240 Re-use logic from popup for consent not set in settings - DNA-103540 Implement Autostart for Opera Desktop (except Poland) - DNA-103636 Implement Lucid Mode for Videos - DNA-103637 Implement Lucid Mode button on top of videos - DNA-103638 Make Lucid Mode button on top of videos work - DNA-103641 Implement Lucid Mode for Images - DNA-103642 Updated design and animation for Lucid Mode button on top of videos - DNA-103650 Add Lucid Mode to Easy Setup - DNA-103701 Move User Styles loading/saving to a separate component - DNA-103718 Record 'consent_given' stat for every session - DNA-103724 Video detach button wont go away - DNA-103757 Add click animation for Lucid Mode button on top of videos - DNA-103765 Console error with lucid mode flag off - DNA-103770 Easy Setup switch doesn't get updated - DNA-103771 Click animation should only show when turning on Lucid Mode - DNA-103773 Unable to access lucid mode settings section directly - DNA-103784 Investigate video buttons 'escaping' - DNA-103800 Adapt Lucid Mode button to new design - DNA-103836 Translations for O94 - DNA-103850 Label on detach button cut off - DNA-103924 Popup windows of type TYPE_APP_POPUP have incorrectly set minimum size - DNA-103931 Wrong sidebar detection. - DNA-103935 Change Lucid Mode Video (Sharpen videos) to default off - DNA-103949 Lucid Mode doesn't work in a private window - DNA-103959 Unable to scroll down on player home page - DNA-103962 [Settings] Remove 'Safety Check' - DNA-104011 Turn on Lucid Mode on all streams - DNA-104052 Hide Lucid Mode video button on Google Meet - DNA-103930 Promote O94 to stable - The update to chromium 108.0.5359.99 fixes following issues: CVE-2022-4262 - Update to 93.0.4585.64 - DNA-102836 Make 1st screen of Consent Popup a little taller to have more space under 'You can adjust your choices' label - DNA-102934 Turn on building testlist on GOTH instead of Buildbot - DNA-102969 On some pages search popup don't work - DNA-103053 Put consent flow settings in separate feature flag - DNA-103054 Update consent settings to new design - DNA-103062 Add opauto tests for consent flow settings - DNA-103099 Set testlist_from in testlist generating script - DNA-103240 Re-use logic from popup for consent not set in settings - DNA-103296 Force dark page break QR code in whats app - DNA-103298 Stat for recording adblock whitelist is not sent in every session - DNA-103522 Missing translations for IDS_CONSENT_FLOW_DATA_DESC_INTERESTS - DNA-103526 search popup doesn't recognize some currencies shortcut - DNA-103530 Replace icons in sidebar setup - DNA-103636 Implement Lucid Mode for Videos - DNA-103637 Implement Lucid Mode button on top of videos - DNA-103638 Make Lucid Mode button on top of videos work - DNA-103641 Implement Lucid Mode for Images - DNA-103642 Updated design and animation for Lucid Mode button on top of videos - DNA-103650 Add Lucid Mode to Easy Setup - DNA-103701 Move User Styles loading/saving to a separate component - DNA-103718 Record 'consent_given' stat for every session - DNA-103724 Video detach button wont go away - DNA-103757 Add click animation for Lucid Mode button on top of videos - DNA-103765 Console error with lucid mode flag off - DNA-103770 Easy Setup switch doesn't get updated - DNA-103771 Click animation should only show when turning on Lucid Mode - DNA-103773 Unable to access lucid mode settings section directly - DNA-103784 Investigate video buttons 'escaping' - DNA-103800 Adapt Lucid Mode button to new design - DNA-103850 Label on detach button cut off - DNA-103924 Popup windows of type TYPE_APP_POPUP have incorrectly set minimum size - DNA-103935 Change Lucid Mode Video (Sharpen videos) to default off - DNA-104011 Turn on Lucid Mode on all streams The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10254 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/ E-Mail link for openSUSE-SU-2022:10254-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-4262/ SUSE CVE CVE-2022-4262 page https://www.suse.com/security/cve/CVE-2022-4436/ SUSE CVE CVE-2022-4436 page https://www.suse.com/security/cve/CVE-2022-4437/ SUSE CVE CVE-2022-4437 page https://www.suse.com/security/cve/CVE-2022-4438/ SUSE CVE CVE-2022-4438 page https://www.suse.com/security/cve/CVE-2022-4439/ SUSE CVE CVE-2022-4439 page https://www.suse.com/security/cve/CVE-2022-4440/ SUSE CVE CVE-2022-4440 page openSUSE Leap 15.4 NonFree opera-94.0.4606.38-lp154.2.35.1 opera-94.0.4606.38-lp154.2.35.1 as a component of openSUSE Leap 15.4 NonFree Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-4262 openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/ https://www.suse.com/security/cve/CVE-2022-4262.html CVE-2022-4262 https://bugzilla.suse.com/1205999 SUSE Bug 1205999 Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-4436 openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/ https://www.suse.com/security/cve/CVE-2022-4436.html CVE-2022-4436 https://bugzilla.suse.com/1206403 SUSE Bug 1206403 Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-4437 openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/ https://www.suse.com/security/cve/CVE-2022-4437.html CVE-2022-4437 https://bugzilla.suse.com/1206403 SUSE Bug 1206403 Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-4438 openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/ https://www.suse.com/security/cve/CVE-2022-4438.html CVE-2022-4438 https://bugzilla.suse.com/1206403 SUSE Bug 1206403 Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) CVE-2022-4439 openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/ https://www.suse.com/security/cve/CVE-2022-4439.html CVE-2022-4439 https://bugzilla.suse.com/1206403 SUSE Bug 1206403 Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2022-4440 openSUSE Leap 15.4 NonFree:opera-94.0.4606.38-lp154.2.35.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EM2NIV5V5735TOCNGG6AUH4KJ62D3DNR/ https://www.suse.com/security/cve/CVE-2022-4440.html CVE-2022-4440 https://bugzilla.suse.com/1206403 SUSE Bug 1206403