![]() Guardio Labs discovered a "long-forgotten" version of the My Flow landing page on "webflowoperacom," lacking essential security measures.įurthermore, this version lacked a content security policy meta tag and contained a script tag calling for a JavaScript file without integrity checks. My Flow relies on the "Opera Touch Background" browser extension for communication with its mobile counterpart. The issue permitted the execution of files opened through a web interface beyond the browser's security boundaries. Guardio Labs responsibly disclosed the flaw on November 17, 2023, and the browser vendor promptly addressed it in updates released on November 22, 2023. Both the standard Opera browser and Opera GX were impacted. The vulnerability allowed attackers to execute arbitrary files on the underlying operating system by exploiting a controlled browser extension, bypassing the browser's sandbox. ![]() Dubbed MyFlaw, the flaw exploited the My Flow feature, which syncs messages and files between mobile and desktop devices. ![]() Guardio Labs recently identified a critical security flaw in the Opera web browser, affecting Microsoft Windows and Apple macOS versions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |