• Opera browser had a major security flaw that could have exposed a

    From TechnologyDaily@1337:1/100 to All on Thursday, October 31, 2024 15:30:05
    Opera browser had a major security flaw that could have exposed all your details, so patch now

    Date:
    Thu, 31 Oct 2024 15:29:00 +0000

    Description:
    Add-on could inject malicious JavaScript to Opera browser.

    FULL STORY ======================================================================

    Opera has fixed a worrying security vulnerability, which could have allowed threat actors to access permissive APIs in the browser , and thus take over accounts, tweak browser settings, and even take screenshots.

    Cybersecurity researchers GuardioLabs disclosed their findings, and dubbed
    the vulnerability CrossBarking.

    The flaw revolves around the fact that multiple Opera-owned, publicly accessible subdomains, have privileged access to private APIs embedded within the browser . These domains support different features of the browser, such
    as the Pinboard, Opera Wallet, and others. By abusing browser extensions, crooks could inject malicious JavaScript into these domains, and thus gain access to the APIs. Malicious extensions

    "The content script does have access to the DOM (Document Object Model)," the researchers explained in a blog post. "This includes the ability to dynamically change it, specifically by adding new elements."

    Access to the APIs then allow crooks to screenshot open tabs, pull session cookies to access different accounts, and modify the browsers DNS-over-HTTPS settings to resolve domains through malicious DNS servers. This, the researchers further explain, could lead to victims opening fake bank sites
    and losing banking credentials.

    To demonstrate that the vulnerability works, GuardioLabs published a small browser extension to the Google Chrome Web Store. From there, an Opera
    browser user picks it up and compromises their device. The silver lining here is that the extension requires permission to run JavaScript on any web page, and particularly those that have access to private APIs.

    Luckily, Opera has already addressed the issue and fixed the flaw in version 113.0.5230.132, so make sure to update your browser to avoid any unnecessary risk.

    Being omnipresent, browsers are an extremely popular target for cybercriminals. The most popular products, such as Chrome, Firefox, Sarafi, Opera, or Edge, are generally considered safe, but addons are a different story, since many are developed by third parties and dont necessarily have
    the same approach to cybersecurity as the browser makers themselves.

    Via The Hacker News More from TechRadar Pro Major new malware campaign hits thousands of WordPress sites Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/opera-browser-had-a-major-security-flaw -that-could-have-exposed-all-your-details-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)