Security update for opera SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10239-1 Final 1 1 2022-12-09T17:01:32Z current 2022-12-09T17:01:32Z 2022-12-09T17:01:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opera This update for opera fixes the following issues: Update to 93.0.4585.37 - DNA-102885 Turn on #sidebar-autohide on all streams - DNA-103020 Turn on #start-page-redesign on developer - DNA-103042 Fix import from Firefox - DNA-103222 [Speed Dial Suggestions] All opera.com subpages suggestions lead to the opera.com homepage - DNA-103368 TikTok videos starting to play automaticly - DNA-103535 Startpage preview is not visible - DNA-103665 Reduce Tik Tok pane width Changes in 93.0.4585.21 - CHR-9067 Update chromium on desktop-stable-107-4585 to 107.0.5304.110 - DNA-102365 Turn off opera://dify-cards page - DNA-102689 [GX] Create GX widgets section in Easy Setup - DNA-102768 [Easy setup] Sidebar options not animated - DNA-102872 No animation for opening sidebar while sidebar is closing - DNA-102929 [Weather][Private window] Weather widget appears in private window - DNA-103032 Messenger sidebar icon doesn’t look great - DNA-103046 Opera crash with flag –with-feature:sidebar-autohide=off - DNA-103107 Automatic video popout for popular sports sites – World Cup - DNA-103310 hideOperaObject() in browser.js stopped working on public builds - DNA-103320 Crash at chrome::FindBrowserByType(absl::optional) - DNA-103321 Tab preview causes freeze when dragging tabs - DNA-103375 [Workspaces] Crash at absl::raw_log_internal:: RawLog(absl::LogSeverity, char const*, int, char const*, …) - DNA-103395 Remove unused resources - DNA-103396 Internal translations - The update to chromium 107.0.5304.110 fixes following issues: CVE-2022-3885, CVE-2022-3886, CVE-2022-3887, CVE-2022-3888, CVE-2022-3889, CVE-2022-3889 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10239 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EWP7JF2E6GJOOR2QX4GWUV46D65V55LR/ E-Mail link for openSUSE-SU-2022:10239-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-3885/ SUSE CVE CVE-2022-3885 page https://www.suse.com/security/cve/CVE-2022-3886/ SUSE CVE CVE-2022-3886 page https://www.suse.com/security/cve/CVE-2022-3887/ SUSE CVE CVE-2022-3887 page https://www.suse.com/security/cve/CVE-2022-3888/ SUSE CVE CVE-2022-3888 page https://www.suse.com/security/cve/CVE-2022-3889/ SUSE CVE CVE-2022-3889 page openSUSE Leap 15.4 NonFree opera-93.0.4585.37-lp154.2.32.1 opera-93.0.4585.37-lp154.2.32.1 as a component of openSUSE Leap 15.4 NonFree Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3885 openSUSE Leap 15.4 NonFree:opera-93.0.4585.37-lp154.2.32.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EWP7JF2E6GJOOR2QX4GWUV46D65V55LR/ https://www.suse.com/security/cve/CVE-2022-3885.html CVE-2022-3885 https://bugzilla.suse.com/1205221 SUSE Bug 1205221 Use after free in Speech Recognition in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3886 openSUSE Leap 15.4 NonFree:opera-93.0.4585.37-lp154.2.32.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EWP7JF2E6GJOOR2QX4GWUV46D65V55LR/ https://www.suse.com/security/cve/CVE-2022-3886.html CVE-2022-3886 https://bugzilla.suse.com/1205221 SUSE Bug 1205221 Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3887 openSUSE Leap 15.4 NonFree:opera-93.0.4585.37-lp154.2.32.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EWP7JF2E6GJOOR2QX4GWUV46D65V55LR/ https://www.suse.com/security/cve/CVE-2022-3887.html CVE-2022-3887 https://bugzilla.suse.com/1205221 SUSE Bug 1205221 Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3888 openSUSE Leap 15.4 NonFree:opera-93.0.4585.37-lp154.2.32.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EWP7JF2E6GJOOR2QX4GWUV46D65V55LR/ https://www.suse.com/security/cve/CVE-2022-3888.html CVE-2022-3888 https://bugzilla.suse.com/1205221 SUSE Bug 1205221 Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2022-3889 openSUSE Leap 15.4 NonFree:opera-93.0.4585.37-lp154.2.32.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EWP7JF2E6GJOOR2QX4GWUV46D65V55LR/ https://www.suse.com/security/cve/CVE-2022-3889.html CVE-2022-3889 https://bugzilla.suse.com/1205221 SUSE Bug 1205221