Researchers report a security flaw in Opera GX, the gaming-focused version of Opera’s web browser, that could allow a malicious website to silently install a browser add-on (“mod”) without user interaction. According to the reports, the installed add-on could then access and extract specific information from other pages the user visits. The flaw is demonstrated through a proof of concept in which researchers reconstruct a victim’s full Gmail address after only a single visit, without requiring clicks.

Both sources state that Opera has released a fix for the issue. Opera also says it did not find evidence that the vulnerability had been exploited in the wild, though details on investigation scope are not provided in the excerpts. The reports focus on the mechanism—unauthorized auto-installation of add-ons by a malicious site—and the potential privacy impact, including exposure of identifiable account-related data derived from visited content. The vulnerability is presented as resolved via patching, reducing the risk of further affected installations.