Opera GX silent mod-install XS-Leak security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Opera GX had a flaw in its GX Mods install path that let a malicious website silently install a browser add-on and leak data from visited pages, creating no-click exfiltration risk. In proof-of-concept testing, the weakness exposed a signed-in user's full Gmail address from a single visit. Opera GX 130.0.5847.89 fixed the issue, and Opera said it found no evidence of in-the-wild use. The attack chained universal CSS injection with an XS-Leak technique to read values from page markup.
Related Happenings
Opera GX browser GX Mods auto-install CSS injection patched security flaw
Vulnerability
H score21
First: 06.07.2026 17:15
Last: 06.07.2026 17:15
Sources 1
About this happening:
A **critical Opera GX browser** flaw in **GX Mods** let malicious websites auto-install a customization mod and inject CSS across every page, creating **zero-click cross-site data...
Opera GX browser GX Mods auto-install CSS injection patched security flaw
VulnerabilityAbout this happening: A **critical Opera GX browser** flaw in **GX Mods** let malicious websites auto-install a customization mod and inject CSS across every page, creating **zero-click cross-site data...
Silent Swap browser-extension clipboard clipper
Malware Activity
H score36
First: 30.06.2026 18:40
Last: 30.06.2026 18:40
Sources 1
About this happening:
The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...
Silent Swap browser-extension clipboard clipper
Malware ActivityAbout this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...
Chromium JavaScript background RCE flaw
Vulnerability
H score16
First: 21.05.2026 21:13
Last: 21.05.2026 21:13
Sources 1
About this happening:
The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chromium JavaScript background RCE flaw
VulnerabilityAbout this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)
Vulnerability
H score31
First: 13.03.2026 11:17
Last: 13.03.2026 11:17
Sources 1
About this happening:
**Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...
Chrome Skia and V8 exploited zero-days (multiple vulnerabilities)
VulnerabilityAbout this happening: **Chrome** on **Windows, macOS, and Linux** is affected by two **high-severity zero-days**, **CVE-2026-3909** and **CVE-2026-3910**, that Google says were **exploited in the wild*...
Timeline
-
06.07.2026 10:27 2 articles · 3d ago
Opera GX flaw lets malicious sites silently install mods and leak page data
Initial DisclosureResearchers found a flaw in Opera GX's GX Mods install path that let a malicious website silently install a browser add-on and use universal CSS injection with an XS-Leak to extract data from pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address from a single visit with no click. Opera says it patched the flaw in Opera GX version 130.0.5847.89, found no evidence of in-the-wild abuse, and rated the issue P1 with a $5,000 bug bounty award.
Show sources
- Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages — thehackernews.com — 06.07.2026 10:27
- Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages — thehackernews.com — 06.07.2026 10:27