DuckDuckGo Browser Extension Vulnerability Leaves Edge Users Open to Potential Cybersnooping. DuckDuckGo fixed a universal XSS bug in a popular browser extension for Chrome and Firefox. The vulnerability was discovered in DuckDuckGo Privacy Essentials, which blocks private trackers and offers private browsing features. Researcher Wladimir Palant revealed that it can be used to obtain XSS on victims' devices, meaning arbitrary code can be executed in any domain. Although Chrome has been patched, at the time of writing in Mozilla Firefox, no updates have been released for other browsers such as Microsoft Edge.
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.