Find notable cyber news and cases, enriched with sources, timelines, and signals.

Opera GX silent mod-install XS-Leak security flaw

Vulnerability
First reported
Last updated
Happening score
H score 19
1 unique sources, 1 articles

Summary

Hide ▲

Opera GX had a flaw in its GX Mods install path that let a malicious website silently install a browser add-on and leak data from visited pages, creating no-click exfiltration risk. In proof-of-concept testing, the weakness exposed a signed-in user's full Gmail address from a single visit. Opera GX 130.0.5847.89 fixed the issue, and Opera said it found no evidence of in-the-wild use. The attack chained universal CSS injection with an XS-Leak technique to read values from page markup.

Related Happenings

Opera GX browser GX Mods auto-install CSS injection patched security flaw

Vulnerability
H score21 First: 06.07.2026 17:15 Last: 06.07.2026 17:15 Sources 1

About this happening: A **critical Opera GX browser** flaw in **GX Mods** let malicious websites auto-install a customization mod and inject CSS across every page, creating **zero-click cross-site data...

Silent Swap browser-extension clipboard clipper

Malware Activity
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

About this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...

Chromium JavaScript background RCE flaw

Vulnerability
H score16 First: 21.05.2026 21:13 Last: 21.05.2026 21:13 Sources 1

About this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...

Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)

Vulnerability
H score31 First: 13.03.2026 11:17 Last: 13.03.2026 11:17 Sources 1

About this happening: **Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...

Timeline

  1. 06.07.2026 10:27 2 articles · 3d ago

    Opera GX flaw lets malicious sites silently install mods and leak page data

    Initial Disclosure

    Researchers found a flaw in Opera GX's GX Mods install path that let a malicious website silently install a browser add-on and use universal CSS injection with an XS-Leak to extract data from pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit with no click. Opera says it patched the flaw in Opera GX version 130.0.5847.89, found no evidence of in-the-wild abuse, and rated the issue P1 with a $5,000 bug bounty award.

    Show sources