@burnout426: So they miss the other 0-days CVE-2024-4761 and CVE-2024-4947
Posts made by antonio1678
- Blogs
-
RE: Opera 110Blogs
@adam1709: Now they have another to catch up on. There is yet another 0-day annouced today: CVE-2024-4947: Type Confusion in V8
-
RE: Opera 110Blogs
@kmielczarczyk: Which of the two 0-days since the .61 release would that be, given there is no CVE listed in the change log (please fix that) and these have been two separate 0-days? Is it "High CVE-2024-4671: Use after free in Visuals"? Ok, then how about the other 0-day, "High CVE-2024-4761: Out of bounds write in V8"? Is that also fixed and you forgot to list it? And what about all of these security fixes that are not listed in your change log? Do you have them as well? Why would you back port these when you could just move up the Chromium branch and get them all more easily than needing to back port?
High CVE-2024-4558: Use after free in ANGLE
High CVE-2024-4559: Heap buffer overflow in WebAudio
High CVE-2024-4331: Use after free in Picture In Picture
High CVE-2024-4368: Use after free in Dawn
Critical CVE-2024-4058: Type Confusion in ANGLE
High CVE-2024-4059: Out of bounds read in V8 API
High CVE-2024-4060: Use after free in DawnI don't want to call you a liar but what you are saying makes little sense and hence I am struggling to believe it. Nonetheless, if you have fixes for all of these… please update the change log.
-
RE: Opera 110Blogs
@leocg: I notice you hand waved past the answer that was required, choosing only to talk about Chromium versions varying between browsers. I'll go straight to the point, are the security fixes found in the latest Chrome here or not?
-
RE: Opera 110Blogs
@adam1709: CVE-2024-4671 is so last week. There is a new zero day as of late yesterday. CVE-2024-4761. Yes look carefully at that number it is different https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html
It seems like so far only Chrome and Vivaldi have the fix for that one.
-
RE: Opera 110Blogs
@leocg: Yes that sounds cool. So tell me, where are the backport entries for the 9 missing high and critical security fixes that appeared with the subsequent Chromium versions (including two 0-days with active expoilts in the wild) in the changelog? Or was your answer just to draw attention away from Opera letting their users down?
-
RE: Opera 100.0.4809.0 developer updateBlogs
The Linux snap package crashes as soon as you try and play any video.
-
RE: Opera 99.0.4788.13 Stable updateBlogs
Ok I will give you that one, finally you did a fast turn around!
-
RE: Opera 99 StableBlogs
Are you kidding me now. This is the Chromium update from 8 days ago that you get in now.
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_8.html
Your changelog https://blogs.opera.com/desktop/changelog-for-99/ incorrectly states that you released this on the 11th, you did not as the date on this blog post shows. In addition the link from your changelog to this page is broken.
If that was not enough Chromium issued a new release with 12 sec fixes, one of which is critical and four high since then, where is the update to Chromium 113.0.5672.126 from your side or shall we wait another week?
https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html
-
RE: Opera 98 Stable updateBlogs
@leocg: Not really very funny that Opera is taking the security of its users with a pinch of salt. Vivaldi updated within 1 hour or Chrome and Opera takes 8 days for something that was being exploited in the wild. Is this ok? Is this funny to you?
-
RE: Opera 98 Stable updateBlogs
Only took 8 days to fix the zero day that all the other Chromium browsers fixed within 8 hours of Chrome. Well done.
-
RE: Opera 93.0.4585.70 Stable updateBlogs
Nice, you get the record for being the Chromium browser who was least on the ball. This was a zero day and you took 12 days to fix it. All the other major Chromium browsers fixed it within 2 days.
-
RE: Opera introduces Lucid Mode to improve video qualityBlogs
Cool and with all the other Chromium browsers on 108 and you stuck on 107.0.5304.122. Are you going to release a security fix for CVE-2022-4262, you know the zero day from 12 DAYS AGO!??
P.S. There were 8 more fixes in 108.0.5359.124 released yesterday. I also wonder how many of those affect you:
https://chromereleases.googleblog.com/search/label/Desktop Update -
RE: Opera 93.0.4585.39 Stable update for MacOSBlogs
@antonio1678: Ah so you fixed that one but left it out of your changelog because it took you a week and that was embarrassing compared with the compitition. Now how about a fix for the new zero day CVE-2022-4262. Chrome, Brave and Vivaldi all have new versions out with this fixed already.
-
RE: Opera 93.0.4585.37 Stable updateBlogs
And why not mention of the upgrade to Chromium 107.0.5304.122 and with it a fix for CVE-2022-4135. Is it because it took you a week to get out a fix for this zero day when all the other Chromium browsers fixed it within a very short time.
-
RE: Opera 93.0.4585.39 Stable update for MacOSBlogs
So… where is the fix for the zero day that all the other Chromium based browsers fixed last week CVE-2022-4135