Opera GX Hit by Zero-Click Flaw Allowing Silent Data Theft via Malicious Mods

Context mode is active. Hover over any highlighted term to see its definition. Click a nested term to go deeper.
A critical 'zero-click' flaw in Opera GX, the popular browser for gamers, allowed malicious websites to secretly install customization 'GX Mods' and steal sensitive user data, like Gmail addresses, without any user interaction. Independent security researchers, zherowebsecurity, exposed this vulnerability recently, detailing how a simple visit to a booby-trapped site could lead to widespread data theft. Opera has since patched the flaw, reassuring users that there's no evidence of it being exploited in the wild. The core of the problem lay in Opera GX unique mod installation pipeline: unlike typical browser extensions that need explicit permission, GX Mods would auto-install if silently downloaded, even through a hidden iframe. This allowed attackers to use what's called 'universal CSS injection,' injecting malicious code that could spy on and exfiltrate data from virtually any website the user visited, bypassing standard browser security like the same-origin policy. The same auto-install flaw could also trigger a Denial-of-Service (DoS) attack, crashing the browser if a mod was forced into Incognito mode. This isn't entirely new; the underlying auto-install behavior was first flagged in 2023 by researcher Renwa for a different attack, which Opera patched at the time but left the core mechanism in place. Opera confirmed the fix rolled out with Opera GX version 130.0.5847.89, urging all users to ensure their browsers are updated to the latest version to stay secure. This incident underscores the ongoing cat-and-mouse game between security researchers and browser developers, highlighting the importance of robust bug bounty program and constant vigilance against clever new attack vectors, even from seemingly harmless customization features. Users should always keep their software updated and be wary of suspicious websites.