Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Vulnerability in DuckDuckGo Browser for Android

8 October 2025

CSA has issued 1 CVE ID to a vulnerability in DuckDuckGo Browser for Android. Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.

Background

DuckDuckGo has released security updates to address a vulnerability (CVE-2025-48464) in their browser.

Impact

CVE-2025-48464: Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.

Affected Products

The vulnerability affects DuckDuckGo Browser versions 5.246.0 and below on Android 13 and earlier.

Mitigation

Users of affected product versions are advised to update to DuckDuckGo version 5.247.0 immediately.

Credits

CSA would like to express appreciation to Mr Leng Kang Hao, who discovered the vulnerability.

CSA would also like to thank DuckDuckGo for the collaboration on the coordinated disclosure of the vulnerability.

References

https://tuxplorer.com/posts/dont-leave-me-outdated/

Back to top