Flaw in Opera Browser Exposes Account Hijacking, Privacy Breaches

Paige Henley
Paige Henley Editor
Published on: November 1, 2024
Paige Henley Paige Henley
Published on: November 1, 2024 Editor

A recently patched security flaw in the Opera browser, dubbed “CrossBarking,” exposed users to potential attacks by malicious extensions, allowing unauthorized access to private browser APIs. Researchers from Guardio Labs revealed that attackers could exploit this vulnerability before Opera’s fix on Sept. 24 to capture screenshots, hijack accounts, and alter browser settings — effectively compromising user privacy.

In their investigation, Guardio researchers demonstrated how CrossBarking could be weaponized by publishing a seemingly benign extension to the Chrome Web Store, which, when installed on Opera, exploited the flaw in a cross-browser-store attack. This approach allowed malicious extensions to bypass Opera’s usual security measures and posed a threat to users who might unknowingly install these risky add-ons.

A critical aspect of CrossBarking involved specific Opera subdomains with privileged API access, intended for internal development and features such as Opera Wallet and Pinboard. These domains, which also included third-party URLs like Instagram and Yandex, were open to exploitation by content scripts in malicious extensions. Once active, these scripts could inject harmful JavaScript, enabling attackers to take screenshots, extract session cookies, or manipulate DNS-over-HTTPS settings to reroute users to spoofed websites.

These capabilities make CrossBarking particularly concerning, as attackers could redirect victims to malicious sites, facilitating adversary-in-the-middle attacks on sensitive accounts like banking or social media. When published, the rogue extension would seem harmless, requiring only permission to execute JavaScript on web pages to exploit domains with API access.

Tal, head of Guardio Labs, noted that these vulnerabilities illustrate a broader security gap, as extension stores remain vulnerable to rogue uploads. He stressed the need for more rigorous review processes for browser extensions, including stricter identity verification for developers and ongoing monitoring of extensions even after initial approval.

About the Author
Paige Henley
Published on: November 1, 2024

About the Author

Paige Henley is an editor at SafetyDetectives. She has three years of experience writing and editing various cybersecurity articles and blog posts about VPNs, antivirus software, and other data protection tools. As a freelancer, Paige enjoys working in a variety of content niches and is always expanding her knowledge base. When she isn't working as a "Safety Detective", she raises orphaned neonatal kittens, works on DIY projects around the house, and enjoys movie marathons on weekends with her husband and three cats.

Leave a Comment