Bug Bounty Adventures: A NodeBB 0-day

Research Bug Bounty Adventures: A NodeBB 0-day Share March 25th, 2022 Opera maintains both apublic bug bounty program, and a private program, where security researchers can submit security issues they have found in Opera’s products for cash rewards. We like to highlight some of the issues that ha...

Bug bounty open for Opera Android apps!

News Bug bounty open for Opera Android apps! Share November 20th, 2018 We are happy to announce that our applications are now covered by the Google Play Security Reward Program. Researchers are invited to help us improve the security of our chosen products in return for fame and up to $5,000!...

Upcoming update with IDN homograph phishing fix

Security Upcoming update with IDN homograph phishing fix Share April 21st, 2017 Domains are an integral part of the internet. Similar to how people write different languages using different characters or scripts, domain names can be composed of various scripts in whole or in part, and are called...

Thanks to the researchers 2016

Research Thanks to the researchers 2016 Share April 19th, 2016 A number of researchers and website testers have offered their assistance throughout the year to help us tighten the security of our many websites. Thanks to all! Special mention goes to those who discover and report security issues:...

Security changes in Opera 20 update

Security Security changes in Opera 20 update Share March 13th, 2014 We have just released a silent update of Opera 20, you would most likely not even have noticed. From a security perspective, we have made two interesting changes in this update. The first one regards what we call the badge, the...

Breach incident

News Breach incident Share December 11th, 2013 At Opera, we strive to be open, and we want to continue this tradition, by sharing with you what happens here. High profile companies like Opera are under continuous attack by hackers trying to break into their systems, and we want to tell you about ...

Certificate update

Security Certificate update Share December 9th, 2013 Last week we became aware of the existence of several unauthorized security certificates, issued in violation of rules for creation of such certificates. The certificates chained back to a French certificate authority, ANSSI, and had been signe...

Repeated attempts to access a target site can trigger address field spoofing – Opera Security Advisories

The browser address field should always show the correct address for the page that is currently being displayed. By making repeated requests to load a target site in rapid succession, an attacking web site can cause Opera to display the target sites address while the attacking page is still being...

Data URIs can be used to facilitate Cross-Site Scripting – Opera Security Advisories

Data URIs are only supposed to inherit the scripting origin from the site that creates them, such as by including them as the target of a link or an inline frame in the source of the document. Specific sequences of document and data URI loading can cause Opera to forget which document created the...

Web page dialogs can be used to to display the wrong address in the address field – Opera Security Advisories

The address field should always show the correct address for the page that is loaded. If a page can cause Opera to display certain dialogs relating to a target site, the dialog may in some cases cause Opera to display the target site’s address instead of the correct address. This can allow an...

Data URIs may be used to initiate cross site scripting against unrelated sites – Opera Security Advisories

Data URIs are supposed to inherit the security context from the page that created them. In some cases, Opera does not enforce this correctly, and will allow unrelated data URIs to interact both with each other, and their source pages. This can be used to enable cross site scripting against the...

The wrong executable may be used to display a downloaded file in its folder – Opera Security Advisories

The wrong executable may be used to display a downloaded file in its folder – Opera Security Advisories OPCOM Team | January 28, 2011 Severity Low Affected versions This issue affects Opera for Microsoft Windows. Description Opera’s downloads manager allows users to select a file, and open the...

Opera may be used as a vector for a font issue in the underlying operating system – Opera Security Advisories

Opera may be used as a vector for a font issue in the underlying operating system – Opera Security Advisories OPCOM Team | June 19, 2010 Affected versions This vulnerability may be targeted through Opera for Windows. Severity Extremely Severe Description A flaw in the font handling on the Windows...

Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories

Sites using revoked intermediate certificates might be shown as secure – Opera Security Advisories OPCOM Team | August 29, 2009 Summary Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the...

TLS certificates can be used to execute arbitrary code – Opera Security Advisories

TLS certificates can be used to execute arbitrary code – Opera Security Advisories OPCOM Team | February 13, 2009 Severity Highly Severe Problem Description When connecting to a TLS-protected website, Opera parses the X.509 certificate. If a site uses a specially crafted Subject Alternative Name ...

Rich editing allows cross domain scripting – Opera Security Advisories

Rich editing allows cross domain scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Problem Description Rich editing using designMode allows page contents to be edited. Pages can use this ability to inject scripts into pages from other domains. This allows cross domain scripting...

Image properties can be used to execute scripts – Opera Security Advisories

Image properties can be used to execute scripts – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Highly Severe Problem Description Image properties can contain custom comments. When displaying the image properties, Opera can be tricked into treating the comments as script. This...

Opera’s HTTP authentication cuts off long server names at the end – Opera Security Advisories

Opera’s HTTP authentication cuts off long server names at the end – Opera Security Advisories OPCOM Team | July 19, 2007 Summary Opera’s HTTP authentication dialog cuts off long server name at the right hand end. Severity: Less severe Problem description Opera’s HTTP authentication dialog is...

Security fix: Addressing a low-impact Pinboards vulnerability

News, Security Security fix: Addressing a low-impact Pinboards vulnerability Share June 9th, 2026 Hi Opera users, Recently, an independent security researcher responsibly disclosed a vulnerability in Opera’s Pinboards feature, which helped our team to quickly work on a fix. The vulnerability...

Protected with Opera Neon: Understanding agentic browser security

Security Protected with Opera Neon: Understanding agentic browser security Share October 21st, 2025 Hi Opera users, If you were hanging out around these parts in the past few weeks, you might have noticed that we launched Opera Neon – an AI agentic browser that can browse with you or for you, tak...

Why browsing with Opera’s VPN is safer

Security Why browsing with Opera’s VPN is safer Share July 10th, 2025 A virtual private network VPN is a great way to protect yourself online, especially on public hotspots. Opera is the first major browser to have a built-in, no-log, unlimited browser VPN that is completely free. So how can you...

VPNs explained: How a VPN helps keep your online life private

Privacy, Security VPNs explained: How a VPN helps keep your online life private Share July 1st, 2025 Today, we spend more than half our lives online. So it’s only natural that we worry a lot more about online safety and privacy. VPNs are just one of the tools many internet users already rely on t...

Update your browser: Security fixes for latest Chrome zero-day

News, Security Update your browser: Security fixes for latest Chrome zero-day Share June 5th, 2025 Hi everyone! The latest patches to the Opera, Opera GX, Opera Air, and Opera for Android address several recent vulnerabilities, including a zero-day exploit CVE-2025-5419. We recommend updating you...

Opera for Android has received Google Play’s Independent Security Review badge. Here’s what this means for your security

Security Opera for Android has received Google Play’s Independent Security Review badge. Here’s what this means for your security Share January 30th, 2025 Hey Opera users! You might have seen that Opera for Android has achieved a new security-focused milestone: If you search for Opera for Android...

Addressing the “CrossBarking” vulnerability discovered in collaboration with Guardio

News, Security Addressing the “CrossBarking” vulnerability discovered in collaboration with Guardio Share October 30th, 2024 Hi Opera users! Over time, we have shared details about how we approach security vulnerabilities, and especially how we work with external security researchers to identify...

Update your browser: Security fixes for latest Chrome zero-day

News, Security Update your browser: Security fixes for latest Chrome zero-day Share August 23rd, 2024 Hi everyone! The latest patches to the Opera and Opera GX address several recent vulnerabilities, including a zero-day exploit CVE-2024-7971. We recommend updating your browsers to the latest...

Does the TunnelVision vulnerability affect Opera’s free VPN?

Privacy Does the TunnelVision vulnerability affect Opera’s free VPN? Share June 12th, 2024 Hello! You may have heard recently about a new type of vulnerability called TunnelVision that makes it possible for a malicious actor to bypass VPN protection. So you will be happy to know that Opera’s free...

Opera’s response to misleading headlines regarding the “MyFlaw” security vulnerability

Security Opera’s response to misleading headlines regarding the “MyFlaw” security vulnerability Share January 17th, 2024 We have noticed some misleading media articles regarding the so-called “MyFlaw” vulnerability that allegedly puts Opera users at risk. This is NOT true. The coverage presents...

How your Opera browser keeps you safe from spyware and other cyber threats

Privacy, Security How your Opera browser keeps you safe from spyware and other cyber threats Share August 11th, 2023 Hi everyone! In our digital age, your online security is often under threat. From phishing scams to spyware and direct hacking attempts, your personal data is often in the crosshai...

Debunking misinformation about Opera’s browsers

Privacy, Security Debunking misinformation about Opera’s browsers Share July 6th, 2023 At Opera, we take the privacy and security of our users very seriously. As a European company, we have to be compliant with the GDPR – one of the strongest, if not the strongest, data protection frameworks in t...

Update your browser: Security updates address vulnerabilities including latest Chrome bugs

News, Security Update your browser: Security updates address vulnerabilities including latest Chrome bugs Share June 15th, 2023 Hi everyone! The Opera browser, Opera GX and Opera Crypto Browser have just received important updates addressing a number of vulnerabilities and bugs. Among those are t...

Opera’s Security team at Barcelona Cybersecurity Congress 2023

Security Opera’s Security team at Barcelona Cybersecurity Congress 2023 Share February 9th, 2023 Hello readers! If you follow our Security team’s Twitter account it’s here, by the way!, you’ll have noticed we were busy last week meeting cybersecurity enthusiasts and professionals at this year’s...

It’s Data Privacy Day: Here’s how to protect your data and become your own privacy champion

News, Security It’s Data Privacy Day: Here’s how to protect your data and become your own privacy champion Share January 27th, 2023 Hello readers! January 28 is Data Privacy Day – an annual celebration of all things data protection and online privacy! It’s an opportunity for businesses and users ...

Are you still using public Wi-Fi without a VPN?

Security Are you still using public Wi-Fi without a VPN? Share October 14th, 2022 Hi readers, October is Cybersecurity Awareness Month and the focus is on you, the user. All the privacy and security features in the world are worth nothing if we ourselves don’t apply some best practices to our...

Opera Privacy Statement Update 2022

Privacy Opera Privacy Statement Update 2022 Share August 29th, 2022 Opera, a browser company based out of Oslo, Norway, cares deeply about user security and data protection. With that in mind, we actively work on improving our internal practices and communications with you, our users. We are maki...

Opera’s Free Browser VPN Completes Independent Security Audit by Cure53

News Opera’s Free Browser VPN Completes Independent Security Audit by Cure53 Share March 30th, 2022 Today we’re happy to announce the completion of an independent security audit of Opera’s free built-in browser VPN. Opera’s free, no-log, built-in browser VPN was originally launched as part of the...

Fuzzing HTTP Proxies: Squid, Part 2

Research Fuzzing HTTP Proxies: Squid, Part 2 Share October 1st, 2021 Security is important to us, here at Opera. That’s why, apart from making our browsers safer, we also want to make the Web a bit safer. One of those ways is helping other developers find and fix vulnerabilities in their products...

Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser

Research Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser Share September 8th, 2021 Opera manages aBug Bounty program where researchers can report vulnerabilities in Opera’s software and be rewarded for it. For high-quality reports, we like to invite researchers to write...

Opera Browser for Android

Research Opera Browser for Android Share May 21st, 2021 In this episode of theOpera Bug Bounty series, we introduce Opera for Android, our main product for the Android platform. What is Opera for Android Opera for Android is a Chromium-based browser that prides itself on a user-friendly and good...

Can a browser extension be cursed?

Privacy Can a browser extension be cursed? Share December 4th, 2020 Mallory tries to create a browser extension that will let him spy on Alice. TL;DR: skip to the conclusions to see what Alice learned. The Privacy Problem Mallory was quite tired of his failed attempts to melt Alice’s heart. She...

Address bar spoofing in Opera Mini for Android – Opera Security Advisories

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing...

To VPN or not to VPN?

Security To VPN or not to VPN? Share October 29th, 2020 Alice and Bob use VPN to fight Mallory, an inquisitive sysadmin. TL;DR: skip to the conclusions to see what Alice learned. The Privacy Problem Alice and Bob recently met Mallory, who works at the cable company providing internet access to th...

Opera Receives DevSecOps All-Star Award at SnykCon 2020

News Opera Receives DevSecOps All-Star Award at SnykCon 2020 Share October 28th, 2020 AtSnykCon 2020, Opera received the DevSecOps All-Star Award for leveraging Snyk to bring a complete and fully automated DevSecOps process into a secure software development lifecycle. Opera was represented by...

How private is a private window?

Privacy How private is a private window? Share October 15th, 2020 Alice and Bob find themselves in a shared living-space, where long-held secrets are at risk of being revealed. TL;DR: skip to the conclusions to see what Alice learned. The Privacy Problem Alice and Bob recently decided to take the...

Opera becomes part of the CNA program

News Opera becomes part of the CNA program Share December 13th, 2019 Usually, Friday the 13th is considered to be an unlucky day. However, this is not the case for Opera, as we have great news, especially for security researchers and all security-minded Opera fans. We are proud to announce that...

Bypass a restriction in OfA 54 – Opera Security Advisories

Opera for Android before 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass attack. By using a service working inside a sandboxed iframe it is possible to bypass the normal sandboxing attributes. This allows an attacker to make forced redirections without any user interaction...

DLL hijacking and the Opera browser

Security DLL hijacking and the Opera browser Share March 10th, 2017 Recently, a collection of documents was released online, which was claimed to have originated with a major World power. The documents listed hacking vectors that could be used to inject code into major operating systems and...

Thanks to the researchers 2017

Research Thanks to the researchers 2017 Share March 3rd, 2017 We would like to thank the researchers who have offered us their assistance throughout the year, to help enhance the security of our websites. Special mention goes to those who discover and report security issues: Johnny Nipper Mehmet...

Opera server breach incident

News Opera server breach incident Share August 26th, 2016 Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and...

Opera 12 and Opera Mail security update

Security Opera 12 and Opera Mail security update Share February 16th, 2016 We realize that those of you on old operating systems like Windows XP SP1 and older are left without much choice beyond using our Presto-based browser. With security standards on the web changing so much we didn’t want to...