Opera browser patches My Flow remote code execution vulnerability
The browser-maker runs a technical blog series on the most interesting vulnerabilities reported through its private bug bounty program.
In a post dated September 24, Opera detailed the latest discovery of a bug bounty hunter with the handle ‘Renwa’, a member of the private disclosure scheme.
The researcher chose to explore what he calls one of the “cooler” features of the Chromium-based browser, known as My Flow and described as an “encrypted space shared between Opera Touch and your Opera computer browser”.
The technology allows users to exchange files, links, YouTube videos, photos and personal notes, and access them at any time from their connected mobile device or computer.
My Flow can be used by scanning a QR code within the Touch mobile Opera browser. My Flow’s interface is loaded from web.flow.opera.com , a feature that contained an XSS issue in its drag-and-drop functionality that could be used to launch an alert box.
The extension contained “higher privileges and access to native functions”, according to Renwa, and two of these functions, designed for use with My Flow, were of particular interest.
