CyberWire Daily

A cute cover for a dangerous vulnerability. [Research Saturday]

Jan 18, 2025

Nati Tal, Head of Guardio Labs, discusses the alarming findings from their research on 'CrossBarking,' which uncovered a critical vulnerability in the Opera browser. This flaw allows malicious extensions to exploit Private APIs, with potential actions like screen capturing and account hijacking. Tal highlights how a deceptive puppy-themed extension could easily bypass security measures in both Chrome and Opera's stores, reflecting the ongoing battle between productivity and security. The conversation sheds light on the evolving tactics of modern cyber threats.

24:44

Creator website

Episode guests

Nati Tal

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Guardio Labs revealed a significant 0-Day vulnerability in the Opera browser that allows malicious extensions to exploit private APIs for harmful actions.

The podcast underscores the necessity of revising browser extension security protocols to prevent deceptively benign applications from compromising user data.

Deep dives

Rising Cybersecurity Threats

Ransomware attacks have seen an 18% increase, contributing to a staggering $75 million record payout in 2024. Traditional security measures like firewalls and VPNs have proven insufficient as breaches continue to rise, leading organizations to reassess their cybersecurity strategies. The discussion emphasizes the need for innovative approaches, particularly the adoption of Zero Trust security models. By utilizing AI, companies can better protect their assets by making their attack surfaces invisible and removing opportunities for lateral movement within networks.

Intro

2min

Exploiting Vulnerabilities in Web Extensions

9min

Navigating the Risks of Browser Extensions

4min

Exploiting Browser Vulnerabilities

5min

Engaging Research on a Cybersecurity Vulnerability

2min

Nati Tal, Head of Guardio Labs, sits down to share their work on “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking.

Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing the alarming tactics modern threat actors employ to exploit trusted platforms.

The research can be found here:

“CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack

Learn more about your ad choices. Visit megaphone.fm/adchoices

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

CyberWire Daily

A cute cover for a dangerous vulnerability. [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Rising Cybersecurity Threats

Exploitation of Private APIs

The Role of Malicious Extensions

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

CyberWire Daily

A cute cover for a dangerous vulnerability. [Research Saturday]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Rising Cybersecurity Threats

Exploitation of Private APIs

The Role of Malicious Extensions

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights