🟠 High  |  Source: The Hacker News


A vulnerability in Opera GX allowed malicious websites to silently install browser extensions without user interaction, which could then extract data from pages the victim visited. Researchers demonstrated the flaw by reconstructing a user’s full Gmail address from a single page visit with no clicks required. Opera has since patched the issue and reports no evidence of active exploitation.

Security Architect’s Take: Organisations permitting Opera GX on managed endpoints should verify the patched version is deployed via endpoint management tooling. More broadly, review browser extension governance policies — consider blocking unapproved extension installs via browser enterprise policy or EDR controls, particularly for browsers used in cloud console access.

Original advisory: Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages