
Opera GX Universal CSS Injection Flaw Enabled Zero-Click XSLeak Attacks
A critical vulnerability in Opera GX that allowed attackers to exfiltrate sensitive user data, including Gmail addresses, from any website simply by having a victim visit a malicious page. The flaw, patched by Opera on May 8, 2026, required no user interaction, no JavaScript execution, and no traditional cross-site scripting bug to exploit. The vulnerability […]
The post Opera GX Universal CSS Injection Flaw Enabled Zero-Click XSLeak Attacks appeared first on Cyber Security News.