importantSYS.SOURCE: The Hacker News• 2026-07-06T12:57:50+05:30
Opera GX Flaw Allows Malicious Sites to Auto-Install Mods and Exfiltrate Data
#Browser Security#Extension Vulnerability#Data Theft#CSS Injection#Bug Bounty
A vulnerability in the Opera GX browser allows malicious websites to silently install browser extensions (mods) and perform cross-site data exfiltration using advanced CSS-only leakage techniques. This flaw enables the theft of sensitive user data, such as full email addresses, from visited pages without any user interaction.
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits.
In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit, with no click. Opera has patched the flaw and says it found no evidence that
*** END OF TRANSMISSION ***