Welcome, Opera users! Have you heard the latest news? A critical security vulnerability in the Opera browser has been patched in the recent update. This vulnerability could potentially expose your information to attackers through malicious extensions.
Opera Takes Action Against Browser Vulnerability
Guardio Labs recently uncovered a serious security flaw in the Opera browser that could leave users vulnerable to various threats. This flaw allowed malicious browser extensions to access private APIs, opening the door to activities like screen capturing and browser hijacking.
In a bold move, the researchers developed an attack strategy known as “CrossBarking,” showcasing how a malicious browser extension could exploit the vulnerability through a “cross-browser-store attack.”
By creating a malicious extension using AI and a free email account, the researchers demonstrated the high exploitability of the flaw. This raises concerns about the potential for attackers to target unsuspecting users by publishing malicious extensions on official platforms like the Chrome Store.
The malicious extension, once installed, could exploit Opera’s subdomains’ access to private APIs, potentially allowing threat actors to carry out malicious activities like hijacking accounts and stealing session cookies.
Opera has swiftly responded to this threat by releasing a browser update on September 24, 2024, addressing the vulnerability and safeguarding users from potential attacks.
Opera’s Reassurance and Prevention Measures
Opera has reassured its users that no active threats have been detected following the security fix. The vulnerability primarily affects extensions from third-party stores, as extensions from the official Opera Add-Ons Store undergo thorough manual reviews.
Opera’s Add-ons Store applies exclusive manual review to prevent malicious extensions from reaching users, emphasizing the importance of a secure infrastructure in browser extension stores.
Furthermore, Opera has not found any evidence of the vulnerability being exploited in the wild, offering users peace of mind about their browser’s security. It’s essential to avoid downloading extensions from unreliable third-party sources to safeguard your privacy.
We’d love to hear your thoughts on this matter in the comments section below.
