According to The Hacker News , the issue involved the browser's built-in My Flaw feature, which is part of the Opera Touch Background extension and has not been removed. My Flaw allows users to take notes and share files between desktop and mobile browsers.
My Flaw is a convenient sync feature on the Opera web browser
This is a familiar feature as modern software developers often provide tools to exchange data between computers and mobile devices quickly, but in the case of Opera, this comes at the cost of security.
Guardio Labs says My Flaw's interface works like a chat for file sharing, providing an "Open" function for any message with an attachment, meaning files can be executed directly from the web interface. This results in a web context that can interact with system APIs to execute files from the file system outside the browser without sandboxing or restrictions.
Additionally, websites and extensions can be connected to My Flaw. This means that an attacker can create a malicious extension that impersonates the mobile device the victim's computer is connected to. They can then use JavaScript to deliver a malicious file that will be executed when someone clicks anywhere on the screen.
Opera developers were notified of the vulnerability in My Flaw on November 17 last year and the vulnerability was patched shortly after on November 22.
Source link
![[Photo] Hanoi morning of October 1: Prolonged flooding, people wade to work](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/10/1/189be28938e3493fa26b2938efa2059e)
![[Photo] Panorama of the cable-stayed bridge, the final bottleneck of the Ben Luc-Long Thanh expressway](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/391fdf21025541d6b2f092e49a17243f)
Comment (0)