Missing security update for Opera Stable 24

  • Current Chromium was updated to version 38 at 07-10-2014. :sherlock:
    But Opera 24 from 09-2014 is still Chromium 37 (Chrome/37.0.2062.122).
    Two days expired without any security fixes for Opera Stable?

    Chrome/37.0.2062.122 has some critical and important bugs in V8 Javascript engine which may result into breaking out of sandbox security and code injection/execution on users operating system.

    Opera developers should now about the security holes in old chromium, but they leave users stay in insecure browsing?
    :no:

  • sexcurity = security. 🙂

  • sexcurity = security.

    OMG. i di not mean: Cure of sex. 😉 Sorry, Opera word correction failed.
    I changed it in posting.

  • Security fixes for Opera Stable missing for MacOS, too.

  • Chromium 38 = Opera 25.

  • Chromium 38 = Opera 25

    @leocog But Opera 25 is not STABLE. It is Beta 😉
    And ,,, yes, i'm able to recognized the Opera BETA useragent string which reads Chrome/38.

    Do you mean: use Opera BETA to be safe? HHah, Betas may have other instabilities/sec holes.

  • What i mean is that each version number of Opera is related to a version number of Chromium and will only receive Chromium updates within that version.

    Now that Chromium 38 reaches the stable stream, we will probably see Opera Stable 25 being released soon.

  • @leocg: No need to tell angiesdom how stuff works. She got BTS access 😉
    And it's possible to backport (security) fixes into older versions (out of newer Chromium versions).

  • And it's possible to backport (security) fixes into older versions

    Of course. But what would be the meaning of it if a newest one should be releasing soon?

  • @leocg

    Now that Chromium 38 reaches the stable stream, we will probably see Opera Stable 25 being released soon.

    Oh yes, i know. I'm betatesting Opera and reporting Bugs to Opera since years. But im not interested in version numbering.

    I wanted to know why Opera has not released a security fix for Opera 24 Stable! Its very uninteresting if they'll do it in a few weeks as a new Opera 26, because using a insecure 25 while waiting for new Stable is a risk. There are some exploits for metasploit attacking older Chromium in the wild.

    @christoph142

    And it's possible to backport (security) fixes into older versions (out of newer Chromium versions).

    Yes, but it would be better for users to know, that the security hole is fixed as a backport in a new build of 24 Stable.

    And no Opera changelog of Beta or Dev informs about Security fixes. Operas Devs could write: CVE-2024-12345 fixed.

    I don't like such bad information strategy.

    OK, i may not use Opera Stable for browsing until the vulnerabilities mentioned in mitres database as CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3194 are fixed.

  • I wanted to know why Opera has not released a security fix for Opera 24 Stable!

    Maybe because the fix will come in a upgrade to a new version, like in Chromium?

    Don't forget that they need time to incorporate the changes and some do tests before releasing a public build. And since Stable 25 is in its way to be released i think that releasing a update to Stable 24 and update stable to 25 a couple of days later wouldn't make much sense imho.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.