9mo ago

'CrossBarking' Attack Exposes Opera Browser Users via APIs

www.darkreading.com

Using a malicious Chrome extension, researchers showed how an attacker could inject custom code into a victim's Opera browser to exploit special and powerful APIs, used by developers and typically saved for only the most trusted sites.

1 comments

Private APIs that "trusted sites" have access to that can make all sorts of browser-level changes?
So many questions:
Why in the hell? No, seriously what big-brain was involved in the idea that some site needs that level of access to my browser?
Who didn't see this coming? I mean if you make basically a secret back door, of COURSE your shit's getting pwnt as soon as someone else notices it.
Also note to self: don't install Opera I guess.