Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on, known as a mod, and use it to pull specific data from the pages the victim later visited. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit, with no clicks required. The issue stemmed from how the browser handled automatic mod installation, giving a hostile page more power than it should have. Opera has patched the flaw and says it found no evidence of exploitation before the fix, but users should update.