DuckDuckGo Browser Extension Vulnerability Leaves Edge Users Open to Potential Cybersnooping. DuckDuckGo fixed a universal XSS bug in a popular browser extension for Chrome and Firefox. The vulnerability was discovered in DuckDuckGo Privacy Essentials, which blocks private trackers and offers private browsing features. Researcher Wladimir Palant revealed that it can be used to obtain XSS on victims' devices, meaning arbitrary code can be executed in any domain. Although Chrome has been patched, at the time of writing in Mozilla Firefox, no updates have been released for other browsers such as Microsoft Edge.