A critical security hole has been found in the latest version of the popular browser, allowing any cybercriminal with the proper know-how to inject and execute a malicious piece of code.
A security researcher, José A. Vázquez
discovered the flaw which seems to have been reported initially almost a year ago, but it seems that the issue has not been dealt with yet, possibly because they believed the new variant wasn't susceptible to such an attack.The H Security
reveals that after seeing nothing is done about the weakness, Vasquez published the adapted variant of the exploit to the newer version of Opera, thus forcing the vendor to take immediate measures to patch up the hole.
The error is critical, as in theory, by simply visiting a malicious location, an unsuspecting user's device can get infected with an ill-intended code. The whole thing is caused by a memory flaw when processing SVG content within framesets and even though the attacks performed in the tests were only successful in 3 out of 10 cases, it's certainly enough for a hacker to take advantage.
In the beta version of the latest release, the success rate is even higher, 6 out of 10 attempts resulting in a theoretical infection.
Recently, Opera amazed the world by being the first browser to activate the TLS 1.1 and 1.2, which were the only cryptographic protocols that were not susceptible to the attacks of the BEAST, a proof-of-concept that revealed the high-risk vulnerabilities involved in the use of SSL and TLS 1.0.
Even though they're ahead in that battle, they need to keep all the aspects of security in sight if they want to promote a product that promises customers a safe browsing.
It remains to be seen how the vendor will respond, as so far no official statements have been made regarding this incident.