Some days ago, an independent security researcher Ronald Eikenberg, reported a Cross Site Flaw in Kaspersky Antivirus. The researcher found that a unique identifier used by Kaspersky Antivirus is affiliated with its users and it can track all the visited websites by the user in the past four years. The vulnerability is present in the URL scanning module that is called Kaspersky URL Advisor for the antivirus program.
This vulnerability present in the Kaspersky Antivirus could allow other websites and third-party services to track the user’s history with the help of this flaw. They can track your web history even if you are erasing your third party cookies from the browser.
As every user is given a string that is used for tracking purposes by Kaspersky, but the problem arises that other websites can easily steal that string and they can use it to disturb the user’s privacy and for other analytics services.
According to a security researcher, it is not a great idea to allocate a string permanently to every user. Other scripts running on the web pages can easily read the source code of the websites, and they can easily fetch and track user’s web history by using Kaspersky ID.
It’s not only Kaspersky, but a lot of other service providers also use the same method to track the malicious content on the web pages.
The security researcher Ronald Eikenberg reported the issue to the Kaspersky security team, and they just fixed the issue last month by appointing a stable value (FD126C42-EBFA-4E12-B309-BB3FDD723AC1) to all users instead of different strings.
The other third party sites can still check if the Kaspersky software is installed on the user’s system or not on which security researchers revealed.
You can manually disable the tracking script by going to settings → additional → network → uncheck the box where Traffic processing is written, as demonstrated in the screenshot.