Missing security update for Opera Stable 24
-
Deleted User last edited by
Current Chromium was updated to version 38 at 07-10-2014. :sherlock:
But Opera 24 from 09-2014 is still Chromium 37 (Chrome/37.0.2062.122).
Two days expired without any security fixes for Opera Stable?Chrome/37.0.2062.122 has some critical and important bugs in V8 Javascript engine which may result into breaking out of sandbox security and code injection/execution on users operating system.
Opera developers should now about the security holes in old chromium, but they leave users stay in insecure browsing?
-
Deleted User last edited by
sexcurity = security.
OMG. i di not mean: Cure of sex. Sorry, Opera word correction failed.
I changed it in posting. -
Deleted User last edited by
Chromium 38 = Opera 25
@leocog But Opera 25 is not STABLE. It is Beta
And ,,, yes, i'm able to recognized the Opera BETA useragent string which reads Chrome/38.Do you mean: use Opera BETA to be safe? HHah, Betas may have other instabilities/sec holes.
-
christoph142 last edited by
@leocg: No need to tell angiesdom how stuff works. She got BTS access
And it's possible to backport (security) fixes into older versions (out of newer Chromium versions). -
Deleted User last edited by
Now that Chromium 38 reaches the stable stream, we will probably see Opera Stable 25 being released soon.
Oh yes, i know. I'm betatesting Opera and reporting Bugs to Opera since years. But im not interested in version numbering.
I wanted to know why Opera has not released a security fix for Opera 24 Stable! Its very uninteresting if they'll do it in a few weeks as a new Opera 26, because using a insecure 25 while waiting for new Stable is a risk. There are some exploits for metasploit attacking older Chromium in the wild.
And it's possible to backport (security) fixes into older versions (out of newer Chromium versions).
Yes, but it would be better for users to know, that the security hole is fixed as a backport in a new build of 24 Stable.
And no Opera changelog of Beta or Dev informs about Security fixes. Operas Devs could write: CVE-2024-12345 fixed.
I don't like such bad information strategy.
OK, i may not use Opera Stable for browsing until the vulnerabilities mentioned in mitres database as CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3194 are fixed.
-
leocg Moderator Volunteer last edited by
I wanted to know why Opera has not released a security fix for Opera 24 Stable!
Maybe because the fix will come in a upgrade to a new version, like in Chromium?
Don't forget that they need time to incorporate the changes and some do tests before releasing a public build. And since Stable 25 is in its way to be released i think that releasing a update to Stable 24 and update stable to 25 a couple of days later wouldn't make much sense imho.