KLA12184 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, spoof user interface.

Below is a complete list of vulnerabilities:

1. A data validation vulnerability in V8 can be exploited to bypass security restrictions.
2. A policy enforcement vulnerability in extensions component can be exploited to bypass security restrictions.
3. A use after free vulnerability in Dev Tools can be exploited to cause denial of service or execute arbitrary code.
4. A type confusion vulnerability in V8 can be exploited to cause denial of service.
5. A heap buffer overflow vulnerability in ANGLE can be exploited to cause denial of service.
6. A security UI vulnerability in downloads component can be exploited to spoof user interface.

Original advisories

Changelog for Opera 76

Stable Channel Update for Desktop

Related products

Opera

CVE list

CVE-2021-21227 critical

CVE-2021-21228 warning

CVE-2021-21232 critical

CVE-2021-21230 critical

CVE-2021-21233 critical

CVE-2021-21231 critical

CVE-2021-21229 high

Solution

Update to the latest version

Download Opera

Impacts

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Opera earlier than 76.0.4017.107