www.infosecurity-magazine.com 7/6/2026, 2:47:37 PM · external

Opera GX flaw lets sites hijack mods to steal data silently

Opera GX flaw lets sites hijack mods to steal data silently
CyberSIXT Evidence Panel

A serious vulnerability in the Opera GX browser allows malicious websites to automatically install customization mods, which can then steal data from other sites without user interaction. The mod's CSS can inject across all tabs, enabling zero-click data leaks such as retrieving a user's Gmail address and launching denial-of-service attacks by crashing the browser in incognito mode.

This flaw was reported by a researcher in February, initially deemed low priority but later recognized as critical, leading to a patch release in May and a $5000 bounty payment.

View Primary Source Via www.infosecurity-magazine.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline