Find notable cyber news and cases, enriched with sources, timelines, and signals.

Opera GX browser GX Mods auto-install CSS injection patched security flaw

Vulnerability
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

A critical Opera GX browser flaw in GX Mods let malicious websites auto-install a customization mod and inject CSS across every page, creating zero-click cross-site data theft risk for victims. The install happened without a permission prompt through a hidden frame and a downloaded .crx package, giving the attacker styling control beyond a single site. Opera patched the issue on May 8, and the proof of concept was later published on July 3 and tested on Opera GX 127.0.5778.41 after the fix shipped.

Related Happenings

Opera GX silent mod-install XS-Leak security flaw

Vulnerability
H score19 First: 06.07.2026 10:27 Last: 06.07.2026 10:27 Sources 1

About this happening: **Opera GX** had a flaw in its **GX Mods** install path that let a **malicious website** silently install a browser add-on and leak data from visited pages, creating **no-click ex...

Chromium JavaScript background RCE flaw

Vulnerability
H score16 First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)

Vulnerability
H score31 First: 13.03.2026 11:17 Last: 13.03.2026 11:17 Sources 1

About this happening: **Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...

Timeline

  1. 06.07.2026 17:15 2 articles · 3d ago

    Opera GX browser GX Mods auto-install CSS injection patched security flaw

    Initial Disclosure

    Researchers found that a hidden-frame download could auto-install a **GX Mods** package in **Opera GX** and spread CSS across every page the browser opened. The proof of concept showed **zero-user-interaction** data theft from visited sites.

    Show sources