Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages
ID: 5337f9cd-ce1c-55d4-89d2-cc0351dcd657
STIX ID: report--5337f9cd-ce1c-55d4-89d2-cc0351dcd657
Feed Name: The Hacker News
Threat Score
Researchers disclosed a flaw in Opera GX's automatic GX Mods installation that let a malicious site silently add a .crx mod whose CSS, applied across all visited pages, could use XS-Leak (cross-site leak) techniques to exfiltrate data such as a signed-in user's Gmail address. Opera patched the issue in Opera GX 130.0.5847.89, paid a P1 bounty, and stated it found no evidence of real-world exploitation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
