Opera Software will soon patch a vulnerability in its Web browser that could allow an attacker to run malicious software on a Windows computer. Opera Software will soon patch a vulnerability in its Web browser that could allow an attacker to run malicious software on a Windows computer.The problem affects Opera browser version 10.50 running on Windows and possibly others, according to an advisory from Danish security company Secunia said. Opera said two Windows security features — Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) — can make it more difficult to compromise a computer.“If these two Windows security features are enabled, the probability of carrying through a successful attack becomes much smaller than it already was,” Opera said. The company said it is testing a fix and will release the update soon. In the meantime, if users encounters a Web site that crashes the browser, they should not go back to that site.Developing the fix took time because of some initial confusion about the problem. Opera said it was informed of the vulnerability on March 4, a few days after it released the 10.50 version of the browser. Secunia alerted Opera to the issue, which initially appeared not to be remotely exploitable and just caused the browser to crash, but later told Opera that the memory corruption problem could lead to a more dangerous scenario.“Secunia did provide us with an example that would cause a random crash, showing that it was at least possible to provoke possible code execution later,” Opera said. But “we think it is unlikely that this can be done in a predictable fashion.”The vulnerability was erroneously reported as a zero-day attack on at least one other security Web site, “which is misleading as no working exploit has been published nor is the vulnerability being actively exploited,” according to Carsten Eiram, chief security specialist for Secunia, writing on the company’s blog.“Instead, it was an uncoordinated (commonly termed: ‘irresponsible’) disclosure as the vulnerability report was published without the reporter first informing the vendor,” Eiram wrote. “Adding to the confusion, Opera Software’s initial analysis of the vulnerability concluded that it was not a vulnerability and this was communicated on the Opera Software forum and to the media.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe