Security Flaw in Opera Browser Exposed Users to Potential Attacks
A recently patched vulnerability in the Opera web browser posed a serious threat by allowing malicious extensions to gain unauthorized access to private APIs. This flaw, dubbed CrossBarking by Guardio Labs, could have enabled attackers to perform a variety of harmful actions including capturing screenshots, altering browser settings, and hijacking user accounts.
To illustrate the vulnerability, Guardio Labs demonstrated how it was possible to publish an innocuous-looking browser extension on the Chrome Web Store. This extension, when installed on Opera, could exploit the weakness, therefore constituting a cross-browser attack. Nati Tal, head of Guardio Labs, emphasized that this case sheds light on the ongoing tension between user productivity and cybersecurity, revealing tactics employed by contemporary threat actors that often slip under the radar.
As of September 24, 2024, Opera has addressed this vulnerability following a responsible disclosure process. However, this incident is not isolated; earlier in January, vulnerabilities like MyFlaw were reported, exposing the browser to risks via legitimate features. The recent threat underscores broader concerns about the security architecture of Opera’s subdomains, many of which hold privileged access to private APIs essential for various built-in features, including Opera Wallet and Pinboard.
Research from Guardio highlighted that while sandboxing generally keeps the browser’s context isolated, certain content scripts within browser extensions could inject malicious JavaScript into these overly permissive domains, ultimately gaining access to private APIs. The ability for such scripts to modify the Document Object Model (DOM) of webpages enables attackers to take potentially damaging actions, such as capturing sensitive user information and altering DNS-over-HTTPS settings.
If an attacker successfully garners this level of access, they could execute adversary-in-the-middle (AitM) attacks, leading victims to counterfeit banking or social media sites. The risky extension could be disguised as a harmless app in official repositories, like the Google Chrome Web Store, tricking users into granting it harmful permissions.
The frequency of rogue extensions infiltrating legitimate stores heightens the need for caution when installing browser add-ons. Guardio’s findings stress the power these extensions wield, urging stakeholders to enhance oversight and advocate for stronger verification measures to mitigate future risks.
In a statement regarding the vulnerability, Opera acknowledged the collaboration with third-party researchers to identify and rectify security issues preemptively. The company noted that while the flaw could lead to potential attacks through malicious extensions, there is currently no documented evidence of exploitation affecting users in the wild. The emphasis on responsible disclosure practices reflects an industry-wide commitment to maintaining user safety while addressing complex security challenges.
As a final note, the incident raises significant concerns about cybersecurity in browser extensions and highlights an urgent need for robust vetting procedures within extension marketplaces to protect users from potential threats. With vulnerabilities like CrossBarking lurking, business owners must remain vigilant about the extensions they install and understand the risk landscape shaped by such cyber threats.
