AVG-1840 log

Package opera
Status Fixed
Severity High
Type multiple issues
Affected 75.0.3969.218-1
Fixed 76.0.4017.94-1
Current Removed
Ticket None
Created Tue Apr 20 12:49:38 2021
Issue Severity Remote Type Description
CVE-2021-21226 High Yes Sandbox escape
Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially...
CVE-2021-21225 High Yes Arbitrary code execution
Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21224 High Yes Arbitrary code execution
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page....
CVE-2021-21223 High Yes Sandbox escape
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a...
CVE-2021-21222 High Yes Sandbox escape
Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to bypass site...
CVE-2021-21221 High Yes Information disclosure
Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process...
CVE-2021-21219 Low Yes Information disclosure
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21218 Low Yes Information disclosure
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21217 Low Yes Information disclosure
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process...
CVE-2021-21216 Medium Yes Content spoofing
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21215 Medium Yes Content spoofing
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVE-2021-21214 Medium Yes Arbitrary code execution
Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension.
CVE-2021-21213 Medium Yes Arbitrary code execution
Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21210 Medium Yes Information disclosure
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted...
CVE-2021-21209 Medium Yes Information disclosure
Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-21207 Medium Yes Sandbox escape
Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially...
CVE-2021-21203 High Yes Arbitrary code execution
Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21202 High Yes Sandbox escape
Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially...
CVE-2021-21201 High Yes Sandbox escape
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially...
Date Advisory Package Type
29 Apr 2021 ASA-202104-5 opera multiple issues
References
https://blogs.opera.com/desktop/changelog-for-75/
https://blogs.opera.com/desktop/changelog-for-76/
Notes
Opera version 75.0.3969.218 is based on Chromium version 89.0.4389.128, Opera version 76.0.4017.94 is based on Chromium version 90.0.4430.85 according to the references.