TechBriefly
  • Tech
  • Business
  • Crypto
  • Science
  • Geek
  • How to
  • About
    • About TechBriefly
    • Terms and Conditions
    • Privacy Policy
    • Contact Us
    • Languages
      • 中文 (Chinese)
      • Dansk
      • Deutsch
      • Español
      • English
      • Français
      • Nederlands
      • Italiano
      • 日本语 (Japanese)
      • 한국인 (Korean)
      • Norsk
      • Polski
      • Português
      • Pусский (Russian)
      • Suomalainen
      • Svenska
  • FAQ
    • Articles
No Result
View All Result
 Hot Topics:
  • Funny notes on Instagram
  • What is Snapchat planets order?
  • Best free AI art generators
  • Instagram Notes ideas
  • Elon Musk & Twitter
TechBriefly
No Result
View All Result
Home Tech Privacy

The official DuckDuckGo browser extension exposed the privacy of its users for months

by Barış Selman
19 March 2021
in Privacy, Tech
Reading Time: 2 mins read
Share on FacebookShare on Twitter

DuckDuckGo is one of the favorite search options for users who flee from Google and are aware of the cause of privacy on the web.

The official DuckDuckGo browser extension exposed the privacy of its users for months

So, to make it easier to use (and incidentally add features such as blocking ad tracking networks) its creators also launched extensions for the main browsers: Firefox, Chrome, and MS Edge.

The problem is that now it has been discovered that, for several months, DuckDuckGo Privacy Essentials has been putting at risk, precisely, the privacy of its users. How so?

Small vulnerability, huge potential consequences

We are dealing with a case of uXSS (universal cross-site scripting) vulnerability, in which the attacker can inject arbitrary malicious code into web pages visited by the user using some scripting language (often JavaScript) and exploiting client-side vulnerabilities.

This allows the attacker to access the browser history and all sensitive information entered by the user (such as data linked to their bank account), as well as altering the information displayed on the user’s screen.

The chances of an attacker ever gaining such a degree of access are slim, but the potential results are still catastrophic even if you are a user of secure browsing tools such as SecureDrop or ProtonMail.

The good news, in this case, is that this kind of attack can only be executed by someone who controls the server http://staticcdn.duckduckgo.com.

That is, in principle, by the DuckDuckGo company itself. But it could also be exploited by its hosting provider (none other than Microsoft, through Azure) or by an attacker who takes over that server (cybercriminals, government agencies, etc.).

According to Wladimir Palant, the creator of Adblock Plus, and the researcher who originally detected the vulnerability, this vulnerability has been operational for several months, and it has not been until the last few days, with the release of version 2021.3.8 of the extension for the three major browsers, that it has finally been fixed.

Tags: browserDuckDuckGoextensioninternetofficialprivacyusers

Related Posts

Samsung Galaxy Book 3 was also revealed at the Unpacked 2023 event, and we gathered the specs, price, and release date in this article.

Samsung Galaxy Book 3: Specs, price, and release date

ChatGPT Plus

ChatGPT Plus is out for those who seek perfection

netflix anti password sharing new netflix rules

The new Netflix rules were not well received on social media

The middle kid of the S23 family, all the information you need about Samsung Galaxy S23 Plus is here, including its specs, price, and release date.

Samsung Galaxy S23 Plus: Specs, price, and release date

POPULAR

Soldier poet king quiz TikTok
Social Media

Soldier poet king quiz: TikTok trend explained

ChatGPT is at capacity right now: Too many requests in 1 hour try again later (Fixed)
How to

Too many requests in 1 hour try again later (Fixed): ChatGPT is at capacity right now

What is Snapchat planets order?
How to

What is Snapchat planets order?

Bane of Dragons ESO
How to

Bane of Dragons ESO: How to complete the quest?

Witcher 3 manual save not working
How to

Witcher 3 manual save not working: How to fix it?

Beyonce World Tour 2023
Geek

Beyonce World Tour 2023: Ticket prices, dates, and more

In this article, we are going to be covering how much is 1 million diamonds on TikTok, and answer some of the most frequently asked questions about the subject.
How to

How much is 1 million diamonds on TikTok?

Answering the most common questions about the Instagram collab feature
How to

Answering the most common questions about the Instagram collab feature

ai music generator open ai jukebox
AI

AI music generators take on a whole new dimension with Open AI Jukebox

Division 2 crashing: How to fix it (2023)?
How to

How to fix Division 2 if it keeps crashing in 2023?

RSS Digital Report

  • How to get SEO clients for your company?
  • SEO for enterprise guide: Strategies, tools and more
  • Top SEO podcasts: Strategies to boost SEO
  • Here are the top 10 blockchain certification courses
  • Blockchain open source: What is it and what are the best projects?
  • Top 5 questions about marketing: Examples and answers
  • Back door marketing: What is it?
  • What is outbound marketing: Complete Guide
  • Online marketing for real estate: Tips and tricks
  • Top 5 SEO reporting software tools

RSS Latest from LeaderGamer

  • Wordle TR 4 Şubat 2023 günün cevabı
  • 8 tips for Hitman Freelancer
  • Junji Ito arrives in Fortnite game
  • PS5 Discord audio support comes with new update
  • Tomb Raider Reloaded release date revealed
  • Valve has released a new update for Steam
  • Wordle TR 3 Şubat 2023 günün cevabı
  • EA may have canceled the new Titanfall game
  • Fortnite FPS mode may be coming
  • GTA 5 released a security-focused update
TechBriefly

© 2021 TechBriefly is a Linkmedya brand.

  • Tech
  • Business
  • Science
  • Geek
  • How to
  • About
  • Privacy
  • Terms
  • Contact
  • LeaderGamer
  • FAQ

Follow Us

No Result
View All Result
  • Tech
  • Business
  • Crypto
  • Science
  • Geek
  • How to
  • About
    • About TechBriefly
    • Terms and Conditions
    • Privacy Policy
    • Contact Us
    • Languages
      • 中文 (Chinese)
      • Dansk
      • Deutsch
      • Español
      • English
      • Français
      • Nederlands
      • Italiano
      • 日本语 (Japanese)
      • 한국인 (Korean)
      • Norsk
      • Polski
      • Português
      • Pусский (Russian)
      • Suomalainen
      • Svenska
  • FAQ
    • Articles