DuckDuckGO vulnerability in the Android v.26.0 version

DuckDuckGo Android Browser vulnerability presents spoofy website as legitimate one An bar spoofing vulnerability, CVE-2019-12329, In the DuckDuckGo –more than 5 Million installers –has been detected by Cyber security researcher Dhiraj  Mishra. The vulnerability was detected on Android v.26.0 version and informed to the company team via their bug bounty program hosted on HackerOne. Due to the vulnerability, many users are exposed to URL spoofing attacks. More about DuckDuckGo’s vulnerability Proof-of-concept researchers state, the exploit work with the help of specially crafted Javascript page that utilize the sensitive function. The vulnerability could be exposed to URL allegedly displayed as a legitimate one. But the truth is that, the URL is under control of fact hacker. Almost similar bug was reported by Arif Khan in UC browser for Android. He discovered “an URL Address Bar spoofing vulnerability in the latest version of the UC Browser 12.11.2.1184 and UC Browser Mini 12.10.1.1192 Read more