Opera Browser Vulnerability Could Allow Exploits Via Browser Extensions

Heads up, Opera users! A serious security vulnerability has a received a patch with the latest Opera browser update. The vulnerability could expose Opera browser users’ information to the attackers when exploited via malicious extensions.

Opera Patched Serious Browser Vulnerability

According to a recent post from Guardio Labs, a serious security vulnerability impacted the Opera browser and could expose users to various threats. The vulnerability could allow malicious browser extensions to access private APIs, allowing different malicious activities, such as silent screen capturing, browser hijacking, and more.

The researchers devised a specific attack strategy to demonstrate the exploit “CrossBarking.” It merely involves developing a browser extension that exploits the flaw, leading to a “cross-browser-store attack.”

In their study, the researchers created the malicious extension using AI and a free email account, highlighting the flaw’s high exploitability. Publishing such an extension on an official platform, such as the Chrome Store, would enable attackers to target countless users.

In brief, following an installation, the maliciously crafted browser add-on would exploit Opera subdomains’ access to private APIs within the browser. While this access is necessary for the usual functioning of Opera services, such as Opera Wallet and Pinboard, their explicit access to data is lucrative for threat actors. Hence, a malicious add-on may inject malicious scripts into the more privileged domains to access the private APIs.

Once done, an attacker could execute various malicious activities, such as hijacking accounts, stealing session cookies, and redirecting traffic through the attacker-controlled DNS servers by modifying the DNS-over-HTTPS (DoH) settings. Such attacks particularly threaten users with identity theft and financial fraud if the victim websites are banking sites and personal accounts.

The researchers’ post provides technical details about this exploit. Following the researchers’ report, Opera addressed the vulnerability with a browser update released on September 24, 2024.

Opera Confirmed No Active Threats

Alongside releasing the security fix, Opera also assured users it had detected no active threats.

According to their statement, the vulnerability works for extensions hosted on third-party stores. Such attacks are not likely via extensions from the official Opera Add-Ons Store since the browser only adds extensions after a thorough manual review.

Guardio identified a vulnerability that could put a user at risk of attack if they were tricked into installing a malicious extension from outside Opera’s Add-ons Store. The extension that Guardio came up with to perform the attack was hosted in a third-party store because Opera’s Add-ons Store applies exclusively manual review of all extensions hosted in it, specifically to stop such malicious extensions from reaching users. This highlights the importance of a robust review process but also a secure infrastructure in browser extension stores, and the power extensions can wield.

Opera also assured users  third-party sources that could risk their privacy.

Let us know your thoughts in the comments.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites