Opera GX browser GX Mods auto-install CSS injection patched security flaw
Vulnerability
Summary
Hide ▲
Show ▼
A critical Opera GX browser flaw in GX Mods let malicious websites auto-install a customization mod and inject CSS across every page, creating zero-click cross-site data theft risk for victims. The install happened without a permission prompt through a hidden frame and a downloaded .crx package, giving the attacker styling control beyond a single site. Opera patched the issue on May 8, and the proof of concept was later published on July 3 and tested on Opera GX 127.0.5778.41 after the fix shipped.
Related Happenings
Opera GX silent mod-install XS-Leak security flaw
Vulnerability
H score19
First: 06.07.2026 10:27
Last: 06.07.2026 10:27
Sources 1
About this happening:
**Opera GX** had a flaw in its **GX Mods** install path that let a **malicious website** silently install a browser add-on and leak data from visited pages, creating **no-click ex...
Opera GX silent mod-install XS-Leak security flaw
VulnerabilityAbout this happening: **Opera GX** had a flaw in its **GX Mods** install path that let a **malicious website** silently install a browser add-on and leak data from visited pages, creating **no-click ex...
Chromium JavaScript background RCE flaw
Vulnerability
H score16
First: 21.05.2026 21:13
Last: 21.05.2026 21:13
Sources 1
About this happening:
The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chromium JavaScript background RCE flaw
VulnerabilityAbout this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)
Vulnerability
H score31
First: 13.03.2026 11:17
Last: 13.03.2026 11:17
Sources 1
About this happening:
**Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...
Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)
VulnerabilityAbout this happening: **Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...
Timeline
-
06.07.2026 17:15 2 articles · 3d ago
Opera GX browser GX Mods auto-install CSS injection patched security flaw
Initial DisclosureResearchers found that a hidden-frame download could auto-install a **GX Mods** package in **Opera GX** and spread CSS across every page the browser opened. The proof of concept showed **zero-user-interaction** data theft from visited sites.
Show sources
- Opera GX Flaw Let Sites Auto-Install Mods to Steal Data — www.infosecurity-magazine.com — 06.07.2026 17:15
- Opera GX Flaw Let Sites Auto-Install Mods to Steal Data — www.infosecurity-magazine.com — 06.07.2026 17:15