Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Opera GX Flaw Allowed Silent Mod Installs, Data Theft

Opera GX Flaw Allowed Silent Mod Installs, Data Theft

Posted on July 6, 2026 By CWS

Introduction to the Opera GX Security Flaw

A recent vulnerability discovered in the Opera GX browser allowed malicious websites to silently install mods, potentially leading to data theft from visited pages. This flaw was identified by researchers who demonstrated its capability to extract specific user data, such as a Gmail address, without user interaction. Fortunately, Opera has since addressed the issue with a patch, ensuring users on the latest version are protected.

The security breach was patched in Opera GX version 130.0.5847.89. Users can verify their version by visiting opera://about. No Common Vulnerabilities and Exposures (CVE) identifier was assigned to this flaw. The bug was deemed highly critical, earning a P1 severity rating and a $5,000 reward from Opera’s bug bounty program.

Understanding the Flaw’s Mechanism

The vulnerability lay in the GX Mods, which allow users to personalize their browser experience with custom themes and sounds. These mods, packaged as .crx files, automatically installed without user approval, creating an opportunity for malicious sites to exploit this feature. The installation process of these mods did not alert users beyond a subtle notification, making it difficult for users to notice the unauthorized installs.

Researchers highlighted how an attacker could leverage this auto-install behavior by employing a hidden iframe to load a mod. Once installed, the mod’s CSS could manipulate the appearance of every webpage visited, not just a specific site. This capability allowed attackers to employ a technique known as universal CSS injection to extract sensitive information, such as email addresses, from web pages.

Implications of the Vulnerability

The researchers demonstrated the flaw’s potential by reconstructing a Gmail address using a mod packed with numerous CSS rules. These rules functioned by gradually piecing together the address through attribute selectors. This method, termed XS-Leak (cross-site leak), represents a significant security risk, as it could potentially be used to capture other sensitive information exposed in a website’s markup.

Additionally, researchers found that loading a .crx file while in private browsing mode could crash the browser and close all open tabs, affecting both Opera GX and the regular Opera browser. This highlights the broader implications of the flaw on user privacy and data security.

Opera’s Response and Future Outlook

Opera’s handling of the issue involved collaboration with Bugcrowd, although initial assessments underestimated the flaw’s severity. The researchers effectively demonstrated the vulnerability’s seriousness, leading to a re-evaluation of its impact. Opera maintains that there is no evidence of the flaw being exploited in the wild, framing the attack as complex to execute.

The incident underscores the importance of browser security and the potential risks associated with seemingly benign features. While Opera has successfully patched the vulnerability, the situation serves as a reminder for users to remain vigilant and keep their software updated. The resolution of this flaw highlights the ongoing challenges in maintaining cybersecurity in a rapidly evolving digital landscape.

The Hacker News Tags:browser security, browser vulnerability, bug bounty, CSS injection, Cybersecurity, data protection, data theft, mod installation, Opera advisory, Opera GX, Opera patch, security flaw, tech news, web security, XS-Leak

Post navigation

Previous Post: Parrot OS 7.3 Enhances Security Tools and System Efficiency
Next Post: SSH Honeypots Overlook Key Non-Interactive Attacks

Related Posts

OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities The Hacker News
Open Source Web Application Firewall with Zero-Day Detection and Bot Protection Open Source Web Application Firewall with Zero-Day Detection and Bot Protection The Hacker News
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection The Hacker News
The CTEM Conversation We All Need The CTEM Conversation We All Need The Hacker News
A Technical Gap Analysis of Last-Mile Protection A Technical Gap Analysis of Last-Mile Protection The Hacker News
Focusing Security Where Business Value Lives Focusing Security Where Business Value Lives The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • SkillCloak Evades AI Scanners with New Techniques
  • SSH Honeypots Overlook Key Non-Interactive Attacks
  • Opera GX Flaw Allowed Silent Mod Installs, Data Theft
  • Parrot OS 7.3 Enhances Security Tools and System Efficiency
  • AI Security Model Redeployment and Major Vulnerabilities

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • SkillCloak Evades AI Scanners with New Techniques
  • SSH Honeypots Overlook Key Non-Interactive Attacks
  • Opera GX Flaw Allowed Silent Mod Installs, Data Theft
  • Parrot OS 7.3 Enhances Security Tools and System Efficiency
  • AI Security Model Redeployment and Major Vulnerabilities

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark