Opera Software has updated its namesake browser to plug a critical hole that lets attackers hijack Windows PCs by feeding them a malicious torrent file.
"A specially crafted torrent file can cause a buffer overflow in Opera," the company says. "This allows arbitrary code to be injected and executed." An exploit can be triggered if a user right-clicks on a specially crafted torrent file entry in the browser's built-in download manager.
Opera is the only major browser with integrated support for torrent files, the popular peer-to-peer file-sharing/file-transfer format.
Danish vulnerability tracker Secunia rated the threat as "highly critical," it's second-highest ranking. Opera credited Verisign with reporting the bug.
Windows users should download Opera 9.21 immediately, the Norwegian company recommended.
Opera, one of the first browsers to popularise multiple windows, and then tabs, accounts for less than one percent of the global browser market. Internet Explorer, Firefox and Safari all have much larger shares.