In the Opera browser, a vulnerability was discovered, which allowed harmful extensions to obtain unauthorized access to closed APIs. Guardio Labs reported that the vulnerability, known as Crossbarking, could enable attackers to take screenshots, modify browser settings, and compromise users’ accounts.
Specialists at Guardio Labs showcased the issue by releasing what appeared to be a harmless extension in the Chrome Web Store. Once this extension was installed on the Opera browser, it exploited the vulnerability, turning the attack into a cross-browser threat. Nati Tal, the head of Guardio Labs, highlighted the ongoing struggle between convenience and security, illustrating how modern threats can leverage covert tactics.
The vulnerability was swiftly addressed by Opera on September 24, 2024, following notification from developers about the potential threat. This incident is not the first instance of vulnerabilities being identified in the browser. Earlier in the year, a separate vulnerability related to the My Flow feature was discovered, allowing for file manipulation on the operating system.
The primary method of attack revolves around certain Opera subdomains possessing privileged access to closed APIs integrated within the browser. Subdomains like Opera Wallet and Pinboard are utilized for internal projects. Guardio Labs revealed that malicious JavaScript could be injected into these subdomains by content scripts in browser extensions with escalated access privileges, thus exploiting the API.
This unauthorized access enables attackers to capture screenshots, harvest session cookies to compromise accounts, and even alter settings within the browser.