Researchers identified a critical vulnerability in Opera GX that allowed malicious websites to silently install browser extensions and harvest sensitive data from visited pages without user interaction or awareness.
The flaw enabled attackers to bypass Opera GX's extension installation safeguards. A malicious site could inject code that automatically deploys a signed extension to a victim's browser. Once installed, the extension gained access to data across all visited websites, including authenticated session information and personal details.
In their proof of concept, researchers demonstrated the attack's severity by reconstructing a user's complete Gmail address from a single page visit. The victim saw no installation prompt, received no notification, and took no action to enable the compromise. This silent deployment bypassed the browser's normal security controls that require explicit user consent for extension installation.
The attack vector exploits Opera GX's extension architecture. Extensions in Opera GX operate with broad permissions across multiple domains. Once installed through this vulnerability, a malicious extension could monitor traffic, capture form data, steal login credentials, or intercept sensitive information displayed on web pages.
Opera patched the vulnerability after researchers disclosed it. The company stated it found no evidence the flaw was exploited in the wild, though this does not exclude targeted attacks or limited abuse before discovery.
The incident highlights a broader browser security challenge. Modern browsers balance convenience against security. Extension systems offer powerful functionality but create attack surface. Automatic installation mechanisms, while potentially useful for legitimate purposes, become dangerous when authorization controls fail.
Opera GX users should update their browser immediately to receive the patch. Beyond this specific fix, users should review installed extensions regularly, restrict extension permissions to minimum necessary levels, and avoid visiting untrusted websites that could exploit similar vulnerabilities in other browsers. Organizations deploying Opera GX in standardized environments should verify patch deployment across all endpoints.
