Opera Security Team

Why does the AI Benchmarking test take so long to complete?

Henrik Lexow — Wed, 05 Jun 2024 20:31:42 +0000

Well, there’s a reason why they’re called “Large Language Models”. They can be several GB in size, and the test downloads such a model to your machine in order to properly test it. The tasks involved in the test are also repeated several times for redundancy and in order to generate a significant result.

The post Why does the AI Benchmarking test take so long to complete? appeared first on Opera Security Team.

What kind of data does the AI Benchmarking tool collect?

Henrik Lexow — Wed, 05 Jun 2024 20:30:50 +0000

The AI Benchmarking tool collects anonymous information about your computer’s hardware configuration and the performance test results. Hardware information includes the type and model of your CPU and GPU, and the amount of RAM and storage space in your computer. This data is used only to produce your test results, compare your computer to other users who take the test, and allow you to share the test results through your social media, if you wish to. No personal data is collected through the tool and no data is associated with specific users, IP addresses, or other identifiers.

For more information on our data privacy practices, please see our Privacy Statement.

The post What kind of data does the AI Benchmarking tool collect? appeared first on Opera Security Team.

Why do I need the AI Benchmarking tool?

Henrik Lexow — Wed, 05 Jun 2024 20:30:04 +0000

You might be an AI enthusiast looking to get started with local LLMs, and want to know if your trusty laptop can cut it. You might be a developer looking to benchmark different hardware configurations. Or you might be a tech journalist looking to review AI-ready machines and want to test how each one performs. At the moment, there is no easy way to do that with AI language models. This tool aims to provide an easy-to-use, one-click way to get these insights.

The post Why do I need the AI Benchmarking tool? appeared first on Opera Security Team.

What is the AI Benchmarking tool?

Henrik Lexow — Wed, 05 Jun 2024 20:19:17 +0000

The AI Benchmarking tool tests your computer’s hardware to determine its readiness for running local AI language models. The tool allows you to download one of three local LLMs to your machine and check how your computer performs with each one.

The post What is the AI Benchmarking tool? appeared first on Opera Security Team.

Address bar spoofing in Opera Mini – Opera Security Advisories

OPCOM Team — Mon, 11 Jan 2021 09:13:14 +0000

CVE ID: CVE-2021-23253
PRODUCT: Opera Mini for Android
VERSION: Below 53.1
PROBLEM TYPE: Address bar spoofing
DESCRIPTION: Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part (e.g. www.safe.opera.com…) The exact amount depends on the phone screen size but the attacker can craft a number of different domains and target different phones. Starting with version 53.1 Opera Mini displays long URLs with the top-level domain label aligned to the right of the address field which mitigates the issue.
ASSIGNING CNA: Opera

The post Address bar spoofing in Opera Mini – Opera Security Advisories appeared first on Opera Security Team.

Cross-site Scripting in OfA – Opera Security Advisories

OPCOM Team — Mon, 21 Dec 2020 09:33:27 +0000

CVE ID: CVE-2020-6159
PRODUCT: Opera for Android
VERSION: Below 61.0.3076.56532
PROBLEM TYPE: Cross-site Scripting (CWE-79)
DESCRIPTION: URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532.
ASSIGNING CNA: Opera

The post Cross-site Scripting in OfA – Opera Security Advisories appeared first on Opera Security Team.

Address bar spoofing in Opera Mini for Android – Opera Security Advisories

OPCOM Team — Mon, 23 Nov 2020 07:07:57 +0000

CVE ID: CVE-2020-6158
PRODUCT: Opera Mini for Android
VERSION: Below 52.2
PROBLEM TYPE: Address bar spoofing
DESCRIPTION: Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.
ASSIGNING CNA: Opera

The post Address bar spoofing in Opera Mini for Android – Opera Security Advisories appeared first on Opera Security Team.

Address bar spoofing in Opera Touch for iOS – Opera Security Advisories

OPCOM Team — Fri, 13 Nov 2020 15:33:55 +0000

CVE ID: CVE-2020-6157
PRODUCT: Opera Touch for iOS
VERSION: Below 2.4.5
PROBLEM TYPE: Address bar spoofing
DESCRIPTION: Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.
ASSIGNING CNA: Opera

The post Address bar spoofing in Opera Touch for iOS – Opera Security Advisories appeared first on Opera Security Team.

Bypass a restriction in OfA 54 – Opera Security Advisories

OPCOM Team — Fri, 13 Dec 2019 15:53:14 +0000

CVE ID: CVE-2019-19788
PRODUCT: Opera for Android
VERSION: Below 54.0.2669.49432
PROBLEM TYPE: Bypass a restriction or similar
DESCRIPTION: Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction from a third-party context.
ASSIGNING CNA: Opera

The post Bypass a restriction in OfA 54 – Opera Security Advisories appeared first on Opera Security Team.

“Log Out” button on forums doesn’t log me out; you have improper SSO implementation!

tnowak — Thu, 02 Aug 2018 11:52:30 +0000

Short answer: It is by design.

Long answer: This is not an SSO (single sign-on) solution, but our Forums uses your Opera Account as an OAuth2 identity provider.

To give an analogy: If you used your Facebook account to log in into Spotify, you can click “Log out” on Spotify.com and it may appear you are logged out of Spotify. But, if you open Facebook in a different tab you’ll see that you are not logged out of Facebook. Next, if you click “Log in with Facebook” on Spotify.com again, you will be immediately logged in without entering any credentials.

This is the same mechanism that we use. Spotify and Facebook do not share a session just like Forums and Auth do not. Logging out of Forums does not terminate the session on the Opera Auth servers since they don’t share session or cookie information. There is no “central SSO login.” Logging in our out of Forums is a completely independent action from logging in or out of Opera Auth.

The post “Log Out” button on forums doesn’t log me out; you have improper SSO implementation! appeared first on Opera Security Team.