According to The Hacker News , the issue is related to the browser's built-in My Flaw feature, which is part of the Opera Touch Background extension and has not been removed. My Flaw allows users to take notes and share files between desktop and mobile browsers.
My Flaw is a convenient sync feature on the Opera web browser.
This is a familiar feature as modern software developers often provide tools to exchange data between computers and mobile devices quickly, but in Opera's case, this comes at the cost of security.
Guardio Labs says My Flaw's interface works like a chat for file sharing, providing an "Open" function for any message with an attachment, meaning files can be executed directly from the web interface. This results in a web context that can interact with system APIs to execute files from the file system outside the browser without sandboxing or restrictions.
Additionally, websites and extensions can be connected to My Flaw. This means that an attacker could create a malicious extension that impersonates the mobile device that the victim’s computer is connected to. They could then use JavaScript to deliver a malicious file that would be executed when someone clicks anywhere on the screen.
Opera developers were notified of the vulnerability in My Flaw on November 17 last year and the vulnerability was patched on November 22.
Source link
![[Photo] Closing of the 11th Conference of the 13th Central Committee of the Communist Party of Vietnam](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/4/12/114b57fe6e9b4814a5ddfacf6dfe5b7f)
![[Photo] Overcoming all difficulties, speeding up construction progress of Hoa Binh Hydropower Plant Expansion Project](https://vstatic.vietnam.vn/vietnam/resource/IMAGE/2025/4/12/bff04b551e98484c84d74c8faa3526e0)
Comment (0)