Good news for Opera users! The latest Opera browser update has patched a serious security vulnerability that could potentially expose users’ information to attackers through malicious extensions.
Opera Addresses Critical Browser Vulnerability
Guardio Labs recently reported a significant security flaw in the Opera browser that could pose various threats to users. This vulnerability allowed malicious browser extensions to access private APIs, leading to activities like unauthorized screen capturing and browser takeovers.
The researchers demonstrated the exploit, named “CrossBarking,” by creating a browser extension that leveraged the flaw, resulting in a “cross-browser-store attack.”
By publishing a malicious extension on platforms like the Chrome Store, attackers could target numerous users, exploiting Opera’s subdomains’ access to private APIs for malicious purposes.
The potential risks include hijacking accounts, stealing session cookies, and redirecting traffic through controlled DNS servers, posing serious threats like identity theft and financial fraud.
Opera promptly addressed the vulnerability with a browser update released on September 24, 2024, ensuring users’ safety from such exploits.
Opera Assures Users of Security Measures
Opera reassured users that no active threats were detected following the security patch. The vulnerability primarily affects extensions from third-party stores, as Opera’s official Add-Ons Store undergoes rigorous manual review processes.
Guardio identified a vulnerability that could put a user at risk of attack if they were tricked into installing a malicious extension from outside Opera’s Add-ons Store. This highlights the importance of a robust review process and secure infrastructure in browser extension stores.
Opera emphasized the importance of downloading extensions only from trusted sources to safeguard user privacy and security.
Share your thoughts in the comments below!