CVE-2021-44683
Published: 25 March 2022
Summary
CVE-2021-44683 is a high-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Duckduckgo Duckduckgo. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 48.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-31501
Vulnerability details
The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). This could be exploited by tricking users into supplying sensitive information such as credentials, because…
more
the address bar would display a legitimate URL, but content would be hosted on the attacker's web site.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.