概要

A critical vulnerability was recently discovered in the DuckDuckGo browser for Android, exposing users to Universal Cross-Site Scripting (UXSS) attacks. This flaw, found in the browser’s AutoConsent JS bridge, allows malicious code from an untrusted source to run on a trusted webpage.

問題の発見と報告

The vulnerability was reported by security researcher Dhiraj Mishra via HackerOne. It has since been patched in recent updates to the browser.

AutoConsent JS ブリッジの役割

The issue originates in the AutoconsentAndroid Java bridge, a feature designed to handle cookie consent pop-ups automatically. This bridge is injected into webpages as they load. The vulnerability exists because this bridge accepts messages from any frame on a webpage, including cross-origin iframes, without verifying where the message came from or requiring any authentication token.

脆弱性の影響と証明概念

The researcher provided a simple proof-of-concept (PoC) to demonstrate the vulnerability. In the PoC, an attacker-controlled iframe sends a JavaScript payload to the AutoconsentAndroid bridge. The payload changes the text on the top-level victim page from

元記事: https://gbhackers.com/uxss-vulnerability-in-duckduckgo-browsers/