CVE-2021-44683

Name of the Vulnerable Software and Affected Versions DuckDuckGo browser version 7.64.4

Description The issue is related to Address Bar Spoofing due to mishandling of the JavaScript window.open function, which is used to open a secondary browser window. This could be exploited by tricking users into supplying sensitive information, such as credentials, because the address bar would display a legitimate URL, but the content would be hosted on the attacker's web site.

Recommendations For DuckDuckGo browser version 7.64.4, consider disabling the use of the window.open function until a patch is available to prevent Address Bar Spoofing attacks.