In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads.
Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint you in order to track your every move across multiple sites.
However, if you're using Kaspersky Antivirus, a vulnerability in the security software had exposed a unique identifier associated with you to every website you visited in the past 4 years, which might have allowed those sites and other third-party services to track you across the web even if you have blocked or erased third-party cookies timely.
The vulnerability, identified as CVE-2019-8286 and discovered by independent security researcher Ronald Eikenberg, resides in the way a URL scanning module integrated into the antivirus software, called Kaspersky URL Advisor, works.
Well, it's no surprise, as most Internet security solutions work in the same way to monitor web pages for malicious content.
"Kaspersky has fixed a security issue (CVE-2019-8286) in its products that could potentially compromise user privacy by using unique product id which was accessible to third parties," the company says in its advisory.
"This issue was classified as User Data disclosure. The attacker has to prepare and deploy a malicious script on the web servers from where he will track the user."
However, the Kaspersky URL Advisor feature still enables websites and third-party services to find out if a visitor has Kaspersky software installed on his system, which the researcher believes can be abused by scammers and cybercriminals indirectly.
The updated versions of Kaspersky Antivirus, Internet Security, Total Security, Free Antivirus, and Small Office Security products have already been delivered to affected users.
But, users who want to disable this tracking altogether can manually disable the URL Advisor feature from settings→ additional→ network→ un-check traffic processing box, as shown in the above screenshot.