ArchLinux: 202111-8: opera: multiple issues
Summary
- CVE-2021-37997 (arbitrary code execution)
A use after free security issue has been found in the Sign-In component
of the Chromium browser engine before version 95.0.4638.69.
- CVE-2021-37998 (arbitrary code execution)
A use after free security issue has been found in the Garbage
Collection component of the Chromium browser engine before version
95.0.4638.69.
- CVE-2021-37999 (insufficient validation)
An insufficient data validation security issue has been found in the
New Tab Page component of the Chromium browser engine before version
95.0.4638.69.
- CVE-2021-38000 (insufficient validation)
An insufficient validation of untrusted input security issue has been
found in the Intents component of the Chromium browser engine before
version 95.0.4638.69. Google is aware that an exploit for
CVE-2021-38000 exists in the wild.
- CVE-2021-38001 (arbitrary code execution)
A type confusion security issue has been found in the V8 component of
the Chromium browser engine before version 95.0.4638.69.
- CVE-2021-38002 (arbitrary code execution)
A use after free security issue has been found in the Web Transport
component of the Chromium browser engine before version 95.0.4638.69.
- CVE-2021-38003 (arbitrary code execution)
An inappropriate implementation security issue has been found in the V8
component of the Chromium browser engine before version 95.0.4638.69.
Google is aware that an exploit for CVE-2021-38003 exists in the wild.
- CVE-2021-38004 (access restriction bypass)
An insufficient policy enforcement security issue has been found in the
Autofill component of the Chromium browser engine before version
95.0.4638.69.
Resolution
Upgrade to 81.0.4196.54-1.
# pacman -Syu "opera>=81.0.4196.54-1"
The problems have been fixed upstream in version 81.0.4196.54.
References
https://blogs.opera.com/desktop/changelog-for-81/ https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://bugs.chromium.org/p/chromium/issues/detail https://security.archlinux.org/CVE-2021-37997 https://security.archlinux.org/CVE-2021-37998 https://security.archlinux.org/CVE-2021-37999 https://security.archlinux.org/CVE-2021-38000 https://security.archlinux.org/CVE-2021-38001 https://security.archlinux.org/CVE-2021-38002 https://security.archlinux.org/CVE-2021-38003 https://security.archlinux.org/CVE-2021-38004
Workaround
None.