Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online

By: Swati Khandelwal

In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads.

Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint you in order to track your every move across multiple sites.

However, if you’re using Kaspersky Antivirus, a vulnerability in the security software had exposed a unique identifier associated with you to every website you visited in the past 4 years, which might have allowed those sites and other third-party services to track you across the web even if you have blocked or erased third-party cookies timely.

The vulnerability, identified as CVE-2019-8286 and discovered by independent security researcher Ronald Eikenberg, resides in the way a URL scanning module integrated into the antivirus software, called Kaspersky URL Advisor, works.

By default, Kaspersky Internet security solution injects a remotely-hosted JavaScript file directly into the HTML code of every web page you visit—for all web browsers, even in incognito mode—in an attempt to check if the page belongs to the list of suspicious and phishing web addresses.

Well, it’s no surprise, as most Internet security solutions work in the same way to monitor web pages for malicious content.

More: https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html?m=1