A recently patched vulnerability in the Opera web browser, dubbed "CrossBarking," could have allowed malicious extensions to gain unauthorized access to private APIs, enabling actions like screenshot capture, account hijacking, and DNS manipulation, according to Guardio Labs. The flaw leveraged Opera’s overly permissive subdomains, permitting malicious extensions to inject JavaScript and exploit these APIs. Guardio demonstrated this risk by publishing a seemingly benign extension on the Chrome Web Store that exploited the flaw in Opera, representing a cross-browser-store attack. While Opera’s Add-ons Store uses a manual review process, highlighting the importance of strict review policies and secure extension infrastructure, the vulnerability emphasized the potential dangers of rogue extensions and the need for enhanced monitoring and identity verification of developers. Opera addressed the issue on September 24, 2024, and no instances of this attack have been reported in the wild.