Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » The Opera browser fixes a major security hole that could have exposed your information
Global Security

The Opera browser fixes a major security hole that could have exposed your information

AdminBy AdminOctober 30, 2024No Comments3 Mins Read
Opera Browser
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 30, 2024Ravi Lakshmanan Browser Security / Vulnerability

Opera browser

A now-fixed security flaw in the Opera web browser could have allowed a malicious extension to gain unauthorized full access to private APIs.

A code-named attack CrossBarkingcould enable actions such as capturing screenshots, changing browser settings and account theft, Guardio Labs said.

To demonstrate the problem, the company said it managed to publish a seemingly harmless browser extension to the Chrome Web Store, which could then exploit the flaw when installed in Opera, making it an example of a cross-browser attack on the store.

“This case study not only highlights the perennial clash between performance and security, but also provides a fascinating look at the tactics used by today’s threat actors that operate just below the radar,” Nati Tal, Head of Guardio Labs, said in a report shared with The Hacker News.

Cyber ​​security

There was a problem addressed Opera as of September 24, 2024 after responsible disclosure. However, this is not the first time the browser has been exposed to security flaws.

Earlier in January of this year, details of the vulnerability, which is tracked as MyFlaw which uses a legitimate feature called My Flow to execute any file on the underlying operating system.

The latest attack technique is based on the fact that several public subdomains owned by Opera have privileged access to private APIs built into the browser. These domains are used to support specific Opera features such as Opera Wallet, Pinboard and others, as well as those used in internal development.

Some domain names which also include certain third party domains are listed below –

  • crypto-corner.op-test.net
  • op-test.net
  • gxc.gg
  • opera.atlassian.net
  • pinboard.opera.com
  • instagram.com
  • yandex.com

While sandboxing ensures that the browser context remains isolated from the rest of the operating system, Guardio’s research found that content scripts present in a browser extension can be used to inject malicious JavaScript into over-permitted domains and gain access to private APIs.

“The content script does have access to the DOM (Document Object Model),” Tal explained. “This includes being able to change it dynamically, in particular by adding new elements.”

Armed with this access, an attacker can take screenshots of all open tabs, extract session cookies to hijack accounts, and even change a browser’s DNS-over-HTTPS (DoH) settings to resolve domains through a DNS server controlled by the attacker.

Cyber ​​security

This can then set the stage for powerful adversary-in-the-middle (AitM) attacks, where victims attempt to visit bank or social networking sites by redirecting them to their malicious counterparts.

For its part, the malicious extension could have been published as something harmless in any of the add-on catalogs, including the Google Chrome Web Store, where users could download and add it to their browsers, effectively triggering the attack. However, permission is required to run JavaScript on any web page, especially on domains that access private APIs.

with fake browser extensions repeatedly infiltrating official stores, not to mention some legitimate ones lacks transparency in their data collection practices, the findings highlight the need for caution before establishing them.

“Browser extensions have a lot of power—for better or for worse,” Tal said. “Therefore, the policy enforcement agencies must strictly monitor them.”

“The current verification model is inadequate; we recommend backing it up with additional manpower and continuous analysis methods that monitor extension activity even after approval. Also, performing valid identity verification for developer accounts is critical, so simply using a free email and prepaid credit card is not enough to sign up.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.