Researchers discovered a flaw in Opera GX, the gaming-oriented variant of the Opera browser, that permitted malicious websites to silently install browser add-ons. The exploit could then extract specific data from pages the victim visited, including reconstructed full Gmail addresses from a single page visit, without requiring a click.

The severity of the vulnerability lies in its ability to bypass normal user consent mechanisms for extension installation. The proof of concept demonstrates a complete compromise of user data, though Opera has not disclosed a CVSS score or the specific number of users affected. The company noted it found no evidence of active exploitation in the wild.

Technical details reveal the attack vector involved manipulating browser APIs to auto-install mods—a feature intended for legitimate, user-approved extensions. The exploit could scrape session tokens, form data, or other sensitive content from pages the victim had open, effectively allowing a remote attacker to become a passive man-in-the-browser.

Opera has deployed a patch addressing the vulnerability. Users are advised to update Opera GX to the latest version immediately. No additional workarounds have been provided, as the fix is considered comprehensive against the described attack vector. The company recommends running the browser in its default, up-to-date state.

While no threat actor has been attributed to the flaw, the discovery underscores the risks inherent in browser features designed for extension customization. The gaming community, a primary user base for Opera GX, faces heightened exposure due to the browser's niche functionality, though broad exploitation remains unconfirmed.