Opera Browser Vulnerability Could Allow Exploits Via Extensions

Heads up, Opera users! A critical security vulnerability has been patched in the latest Opera browser update. This vulnerability could potentially expose users’ information to attackers through malicious extensions.

Opera Addresses Serious Browser Vulnerability

Guardio Labs recently reported a significant security flaw in the Opera browser that could leave users vulnerable to various threats. This vulnerability could allow malicious browser extensions to access private APIs, enabling activities like screen capturing, browser hijacking, and more.

The researchers demonstrated the exploit, named “CrossBarking,” by creating a malicious browser extension that could perform a “cross-browser-store attack.”

By exploiting the flaw, attackers could inject malicious scripts into privileged domains within Opera, potentially leading to account hijacking, cookie theft, and DNS manipulation for redirecting traffic through controlled servers.

Opera addressed this vulnerability with a browser update released on September 24, 2024, following the researchers’ report.

Opera Ensures User Safety

Opera confirmed that there have been no active threats exploiting this vulnerability. They highlighted that such attacks are less likely through extensions from the official Opera Add-Ons Store, as they undergo rigorous manual review processes.

Guardio identified a vulnerability that could put a user at risk if they installed a malicious extension from outside Opera’s Add-ons Store. Opera’s Add-ons Store conducts manual reviews to prevent such threats, emphasizing the importance of secure extension stores and cautious extension downloads.

Opera reassured users that there is no evidence of this vulnerability being exploited in the wild. They advised users to avoid downloading extensions from unreliable third-party sources to safeguard their privacy.

Share your thoughts in the comments section below.