A critical security flaw in Opera GX, the gaming-oriented version of the Opera web browser, allowed attackers to install malicious browser extensions without any user interaction or consent. Researchers demonstrated that a weaponized website could exploit this vulnerability to silently deploy add-ons capable of harvesting sensitive information from pages visited by victims.
The vulnerability specifically targeted Opera GX's extension installation mechanism, bypassing normal security prompts and user approval processes. This represented a significant departure from standard browser security models, which typically require explicit user permission before installing any extension or add-on that can access browsing data.
In their proof-of-concept demonstration, researchers showed they could reconstruct a signed-in user's complete Gmail email address from a single visit to a malicious site, requiring no clicks or interaction from the victim. The silently installed extension could read page content and extract identifying information, demonstrating the potential for broader data theft including credentials, personal information, and browsing activity.
The vulnerability posed serious risks to Opera GX users, particularly given the browser's popularity among gaming communities who may visit numerous third-party sites for game modifications, guides, and community content. Any malicious site exploiting this flaw could have established persistent access to user data across all subsequent browsing sessions until the hidden extension was discovered and removed.
Opera has released a security update addressing this vulnerability and states that internal investigations found no evidence of active exploitation in the wild. Users should immediately update their Opera GX browser to the latest version to protect against potential attacks. Organizations allowing Opera GX in their environments should verify that all installations have been updated and consider reviewing browser extension policies to detect any unauthorized add-ons that may have been installed before the patch.
Source: https://www.infosecurity-magazine.com/news/nca-warn-parents-volume/


