← All articles

Opera GX flaw let malicious sites silently install mods to steal page data

Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on, known as a mod, and use it to pull specific data from the pages the victim later visited. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit, with no clicks required. The issue stemmed from how the browser handled automatic mod installation, giving a hostile page more power than it should have. Opera has patched the flaw and says it found no evidence of exploitation before the fix, but users should update.

Check
Confirm that Opera GX is updated to the patched version anywhere it is used, and review which browser mods or add-ons are installed for anything unexpected.
Affected
Users of Opera GX before the patch; a malicious website could silently install a mod and use it to read data from other sites the victim visited, with no interaction.
Fix
Update Opera GX to the patched version, review and remove unfamiliar browser mods, and in managed environments control which browser extensions and mods can be installed through policy.