Google Chrome and Mozilla Firefox together have a vast majority of the browser market. So it is surprising to discover that both they are carrying a relevant vulnerability for the privacy of their users: they sent the terms of the web searches without their knowledge to one of the DNS servers of their operator.

As you read it: right now, the installations of both browsers around the world, they are sending your provider the word you enter in the address bar, however ‘sensitive’ it may be.

And that will continue to happen even if we use private browsing, a privacy-friendly search engine or technology such as ‘DNS through HTTPS’.

Most likely, your browser is also vulnerable

Though not always: actually this vulnerability only affects searches for a single term; If your search consists of ‘the best Genbeta articles’, for example, you are safe from your browser ‘chive’ about your browsing habits. Not so if you are looking for ‘the-best-of-Genbeta’, since it lacks spaces it counts as a single term.

And there is another good news: If you are using Mozilla Firefox version 79 (or, failing that, 78 beta), there is a way to solve the problem, although the default configuration is still insecure.

To solve it we only have to type “about: config” in the address bar, type “single” in the search field that will appear and press ‘enter’.

Next, a series of variables will be listed (see below), of which we must edit “browser.urlbar.dnsResolveSingleWordsAfterSearch”, clicking the icon of the corresponding pen, and changing the preference value to 0 (1 will come by default).

FirefoxFirefox

After that, we will have managed to solve the ‘indiscretion’ of our Firefox. But remember, if you are using an older version of the Mozilla browser, or Google’s rival in any of its versions, the problem will still be there.

A cybersecurity investigator reported the existence of this vulnerability on April 13 to both Mozilla and Google, and made it public two months later because both companies were unable to solve the problem within that period (partly due to the problems derived from the current coronavirus crisis).

Track | Techdows

Share

Chrome and Firefox are sending many of your searches to your carrier’s DNS (and so you can avoid it in Firefox 79)