Vulnerability in DuckDuckGo could expose your history to snoops

With the amount of control and access services like Facebook and Google have over your personal information, many have been looking for alternatives. Without leaving the platform completely, there isn’t much you can do to get away from Facebook. But there are alternatives to the Chrome browser focused on privacy.

Instead of using Google’s search engine, many have turned to DuckDuckGo. It’s a private search engine/browser that randomizes user traffic and doesn’t store any personal information. By using its browser extension, you can search privately and block web trackers. Tap or click here to see if these extensions can access your bank info.

But a recently discovered flaw has put the privacy and security of DuckDuckGo users at risk. Keep reading to find out what the risks are and what you can do to protect your privacy.

Here’s the backstory

Discovered lurking in DuckDuckGo Privacy Essentials, cybercriminals can use a universal cross-site scripting (uXSS) flaw to access a victim’s device. The uXSS technology is used in popular browsers like Chrome, Edge, and Mozilla’s Firefox.

Researcher Wladimir Palant revealed that hackers use the flaw to spy on users and collect data on the websites they visit. The vulnerability can also give them access to sensitive data like banking info and other personal information.

The nature of the flaw is fairly complex, and a hacker would need to have access to the DuckDuckGo server. “The attackers can spy on anything the users do in their browser. They can manipulate displayed information, take over accounts, impersonate the user,” Palant said.

How to protect your privacy

As with all browsers, extensions, and operating systems, you must make sure that you are running the latest version. This involves getting patches and updates as they are released from software developers.

If you are using the DuckDuckGo extension with Google’s Chrome or Firefox, the issue has already been patched. But as Palant explains, it is still vulnerable for Microsoft’s Edge.

Here is how to check your version of the extension on Chrome:

  • Open your Chrome browser.
  • Click the Extensions icon (puzzle piece) in the top right-hand corner.
  • At the bottom, click Manage Extensions.
  • Navigate to DuckDuckGo Privacy Essentials and click Details.
  • The version number is under the description. The latest version for Privacy Essentials is 2021.3.8.

How to check for extension updates in Firefox:

  • Open Firefox
  • Click the menu button > add-ons > Extensions
  • Click the gear icon in the upper-right area of the Extensions panel
  • Select Check for Updates – This allows you to check for any updates to your add-ons manually. If there is an update available, update it now.

Keep reading

Delete these browser extensions! Popular downloads hiding malware

Privacy tip: Use this extension to say ‘no thanks’ to personalized ads

Tags: cybercriminals, malware