Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

Summary

Researchers discovered a vulnerability in the Opera GX browser that allowed malicious websites to automatically install add-ons and steal data from visited pages. A proof of concept demonstrated that a user's full Gmail address could be extracted with a single visit. Opera has since patched the flaw.

IFF Assessment

FOE

This vulnerability allows attackers to steal sensitive user data, such as email addresses, directly from visited websites without user interaction.

Severity

7.5 High (AI Estimated)

The vulnerability allows for high impact, as it enables unauthorized access to sensitive data from visited pages, and the attack vector is through a web browser, making it accessible to a broad range of users. The exploitability is also considered high due to the silent auto-installation of add-ons.

Defender Context

This incident highlights the importance of browser security and the need for users to be cautious about the websites they visit, especially with specialized browsers like Opera GX. Defenders should be aware of potential risks associated with browser extensions and the data they can access.

Read Full Story →