Private API compromise possible with now-patched Opera bug

31 October 2024

Malicious actors could have compromised the Opera browser’s private APIs through a malicious extension on the Chrome Web Store exploiting a recently addressed vulnerability as part of the CrossBarking attack, The Hacker News reports. Included within the extension were content scripts that could be leveraged to compromise Opera’s overly permissive domains, secure API access, capture open tab screenshots, obtain session cookies, and alter DNS-over-HTTPS settings, which could be followed by adversary-in-the-middle intrusions, according to a study from Guardio Labs.

Source: SC Magazine

Date:

31 October 2024

Categorie(s):

NEWS

Tag(s):

IT, News, Opera, Private, Vulnerability Management

Will passkeys ever replace passwords? Can they?17 November 2024
How Ransomware Jeopardizes Healthcare Organizations17 November 2024
Are Identity Theft Protection Services Worth the Money? It’s Complicated17 November 2024
Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked17 November 2024
Google’s Gemini AI Chatbot Keeps Telling Users to Die16 November 2024