# Opera GX patches critical flaw letting malicious sites auto-install mods to steal data

_Monday, July 6, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![Opera GX patches critical flaw letting malicious sites auto-install mods to steal data — Primary](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ_WItJUaS3rk5pAYa5yOsKuUt0Yovlv1T-jIz2GBBhcmMjToCgnWuEApyWfgDwngwAPcEGke0zwo_2DKKHaN9vzzHMAnd7Z3esepEvjSM022BzOdjo0sJW2bSMlslKXVv5Fg701ozva1HDgZPJV4Qya8Xevye-eT4dB0UmIJK9CKq-_wLnEGgNYigRLzh/s1700-e365/opera-data-leak.jpg)

Opera GX patches critical flaw letting malicious sites auto-install mods to steal data

Opera has released a patch for a flaw in its Opera GX browser that allowed malicious websites to silently install browser mods and extract data from pages a victim visited.

Researchers discovered that the browser's mod installation process could be triggered automatically without user approval or interaction. A malicious page could force-install a mod by loading a hidden iframe pointing to a .crx file. Once installed, the mod could use CSS injection to read specific data attributes, such as usernames or email addresses, on visited pages and exfiltrate that information to an attacker-controlled server.

In a proof of concept, researchers zhero_ and inzo_ demonstrated the attack by forcing a mod installation, redirecting a logged-in user to a Google account page, and using CSS selectors to reconstruct the user's full Gmail address from a single visit with no clicks required.

The flaw was rated P1, the highest severity, by Opera's bug bounty program, which paid the maximum $5,000 award. Opera said it found no evidence the issue was exploited in the wild. The fix is included in Opera GX version 130.0.5847.89. There is no CVE assigned.

The vulnerability was responsibly disclosed and affects only the gaming-focused Opera GX browser.

## Sources

- [The Hacker News](https://thehackernews.com/2026/07/opera-gx-flaw-let-malicious-sites-auto.html)

---
Canonical: https://techandbusiness.org/newswire/aD45H1NEbb1bqELwlvqGjR
Retrieved: 2026-07-07T04:27:53.986Z
Publisher: Tech & Business (techandbusiness.org)
