Home United States USA — software An Internet Explorer bug can allow websites to see URL and search...

An Internet Explorer bug can allow websites to see URL and search queries


Security researcher Manuel Caballero has discovered a bug in Internet Explorer that would allow any website you’re currently on to see URL entries or search queries entered in the address bar.
Security researcher Manuel Caballero is like a dog with a bone when it comes to Microsoft’s browsers. Earlier this year, he discovered a rather troubling vulnerability in Microsoft Edge and, now, he’s found another, this time in its older, outdated sibling, Internet Explorer.
The bug discovered by Caballero allows a website the user is currently parked on to access any input to the address bar. This includes the URL of a website the user may be going to next or search queries as those can also be inserted directly in the address bar of Internet Explorer. Once the user hits enter, the website will be able to parse the text entered. This is obviously information that could prove to be potentially compromising for the user, especially when it comes to search results that the user may not have intended for others to see and could give a glimpse into a user’s browsing habits.
The bug can be seen in action in the video above and can also be tested using a proof-of-concept website set up by him. In this case, the website clearly demonstrates the input to the address bar being scraped by the website if you’re using IE. However, Caballero explains the hack can be set up to do so without alerting the user.
While Microsoft hopefully fixes the issue, users of the browser should probably switch to a more recent and better supported browser such as Microsoft Edge, Google Chrome, or Mozilla’s Firefox (which has just announced a new, highly optimised version called Quantum).
Source: Manuel Caballero via Ars Technica

Continue reading...