Critical Opera GX Vulnerability Enables CSS Injection and Data Theft

Critical Opera GX Vulnerability Enables CSS Injection and Data Theft

First seen 6 Jul 2026, 14:53 UTC GbhackersInfosecurity-Magazinezhero-web-sec.github.io 85% similarity 70.5

Article Content

Browse articles
ThreatCluster

A severe vulnerability in the Opera GX browser allows attackers to automatically install GX Mods without user consent, enabling cross-site data exfiltration. This flaw, discovered by researcher zhero_web_security, leverages the GX Mods feature to inject malicious CSS across all visited webpages. The attack can extract sensitive information, such as Gmail addresses, through crafted network requests triggered by the injected CSS. Additionally, this vulnerability poses a risk of denial-of-service (DoS) attacks, causing the browser to crash when a mod is installed in Incognito mode. The issue was reported in February 2026 and was initially rated as low priority but later reassessed as critical. Opera patched the vulnerability on May 8, 2026, and awarded a $5000 bounty to the researcher. The research was published on July 3, 2026, as a proof of concept.

Key Points: • Opera GX allows unauthorized installation of GX Mods, enabling CSS injection. • Attackers can exfiltrate sensitive data from any site visited by the victim. • A denial-of-service attack can occur in Incognito mode, crashing the browser.

ThreatCluster AI

Timeline

2026-02-01
Vulnerability reported to Opera
Researcher zhero_web_security reported the flaw through Opera's Bugcrowd program, initially rated low priority.
Infosecurity-Magazine
2026-05-08
Vulnerability patched by Opera
Opera released a patch for the critical vulnerability and reassessed its severity.
Infosecurity-Magazine
2026-07-03
Research published as proof of concept
The research detailing the vulnerability and its exploitation was made public, showcasing the attack method.
zhero-web-sec.github.io

Community

Browse all →