Opera Browser 0-Day Flaw Allows Malicious Extensions


A critical vulnerability in the Opera web browser has been discovered that could allow malicious extensions to gain unauthorized access to private APIs, potentially leading to account hijacking and other severe security breaches.

Researchers at Guardio Labs dubbed the flaw “CrossBarking.” As of September 24, 2024, it has been patched following Opera’s responsible disclosure.

SIEM as a Service

The vulnerability stemmed from Opera’s use of special web apps under specific domains with unique privileges to support features like Opera Flow, Opera Wallet, and Pinboard.

These domains were granted access to private APIs embedded in Opera’s native code. Researchers found malicious extensions could exploit this setup to inject code into these privileged domains, bypassing intended security measures.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

Guardio Labs demonstrated the severity of the issue by creating a proof-of-concept attack using a seemingly harmless puppy-themed extension.

When installed from the Chrome Web Store, this extension could execute malicious code on Opera’s vulnerable domains. The attack allowed for capturing screenshots of open tabs, extracting session cookies, and even altering DNS-over-HTTPS settings, which could lead to man-in-the-middle attacks.

Extension Exploiting Vulnerability
Extension Exploiting Vulnerability (Source:Guardio Labs)

The researchers highlighted the ease with which malicious actors could exploit this vulnerability. They uploaded their proof-of-concept extension to the Chrome Web Store, which Opera users can access, bypassing Opera’s more stringent extension review process.

This incident underscores the ongoing challenges in browser security, particularly regarding the power and potential risks associated with browser extensions.

It follows a trend of similar vulnerabilities, such as the “MyFlaw” bug discovered earlier in Opera, which allowed arbitrary file execution on users’ systems.

The discovery of cross-barking raises concerns about the security measures in place for browser extensions across different platforms. In a separate but related issue, researchers recently found over 300,000 Google Chrome and Microsoft Edge users impacted by malicious extensions capable of data exfiltration and command execution.

Opera has responded promptly to the disclosure, implementing fixes and removing third-party domain privileges. The company stated they are working on a more structured refactoring of their features to eliminate this vulnerable flow entirely.

As browsers continue to evolve with new features, the balance between functionality and security remains a critical challenge. Users are advised to keep their browsers updated and to be selective about the extensions they install, regardless of the source.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!



Source link