Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

NCSC Touts National Scale, AI-Powered “Cyber Shield” for Defense

July 8, 2026

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

July 8, 2026

The Gap Between Awareness and Resilience

July 8, 2026
Facebook X (Twitter) Instagram
Wednesday, July 8
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Opera GX Flaw Let Sites Auto-Install Mods to Steal Data
News

Opera GX Flaw Let Sites Auto-Install Mods to Steal Data

Team-CWDBy Team-CWDJuly 6, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


A critical flaw discovered in the Opera GX browser could enable malicious websites to automatically install a customization mod and use it to steal data from other sites a victim visited, with no user interaction required.

GX Mods allow Opera GX users customize the browser’s appearance, sounds and look of websites.

Unlike normal extensions, they carry no permissions and cannot run JavaScript. An independent security researcher, operating under the moniker zhero_web_security, found that a mod installs automatically, without any permission prompt, as soon as its file is downloaded, so an attacker could plant one just by loading a hidden frame pointing to it.

Because a mod’s styling is applied to every page and tab, the attacker’s CSS was injected across every website the victim opens.

Ordinary CSS injection is usually confined to a single page, but this allowed the attacker to gain a foothold across the entire browser.

Read more on browser add-ons that steal data: Malicious Chrome Extensions Campaign Exposes User Data

Leaking a Gmail Address and Crashing the Browser

CSS cannot read a page’s contents directly, but it can be crafted to trigger network requests based on what a page contains, enabling data exfiltration piece by piece.

Using that, the researcher built a zero-click cross-site leak, or XS-Leak, that recovered a victim’s full Gmail address after a silent redirect to a Google account page. They noted the method is not limited to email addresses.

That same auto-install behavior also enabled a denial-of-service (DoS) attack against both Opera and Opera GX.

Because Chromium-based browsers block extensions in private windows, forcing a mod to install in Incognito mode caused the browser to crash and wipe the user’s open tabs. Any file with a .crx extension triggered it, whether or not it was a real mod.

The researchers reported the flaw in February through Opera’s Bugcrowd bug bounty program. It was initially triaged as a low-priority issue but Opera’s security team reassessed it as critical. It was patched it on May 8 and a $5000 bounty payment was awarded.

The research was published on July 3 as a proof of concept (PoC) and the work was tested on Opera GX version 127.0.5778.41, after the fix had shipped.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleLangflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Next Article RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
Team-CWD
  • Website

Related Posts

News

NCSC Touts National Scale, AI-Powered “Cyber Shield” for Defense

July 8, 2026
News

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

July 8, 2026
News

The Gap Between Awareness and Resilience

July 8, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

What is it, and how do I get it off my device?

September 11, 2025

It’s all fun and games until someone gets hacked

September 26, 2025

What if your romantic AI chatbot can’t keep a secret?

November 18, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.