Home / Channel / General Tech / Internet Explorer bugs pose security risks

Internet Explorer bugs pose security risks

Anyone still defaulting their browser to Internet Explorer might want to be careful as a serious bug that leaks information has been found. The bug can result in your search habits being exposed, as whatever you type into the address bar is revealed to the host of the current website the moment you hit enter.

This is particularly concerning when address bars are no longer exclusive inputs for websites, but have the functionality of a general search bar via piggybacking off of search engines, in this case, Bing.

“When a script is executed inside an object-HTML tag, the location object will get confused and return the main location instead of its own,” security researcher Manuel Caballero wrote upon finding the bug. “To be precise, it will return the text written in the address bar so whatever the user types there will be accessible by the attacker.”

This is not the first bug made public to do with Internet Explorer, as Caballero highlights a zombie script bug that has gone unpatched for months. He suggests that Microsoft is trying to get rid of its old browser entirely, while making its new Edge browser more tantalising with added security.

“If you don’t think it’s important, then imagine what black hats can do right now: they can stay in your browser even if you navigate to a different site, which gives them plenty of time to do ugly stuff like mining digital currencies while abusing of user’s CPUs,” writes Caballero. “Also, IE has its popUp blocker is completely broken and nobody seems to care.”

Websites mining cryptocurrency via users’ CPUs has stirred quite the controversy lately, however those were law-abiding hosts pushing the boundaries a bit. With this ability in the wrong hands, users could experience much worse.

Microsoft has addressed the issue and said that it is working on a fix that is likely to arrive next Tuesday.

KitGuru Says: Leaving so many vulnerabilities in a product doesn’t bode well for the company as IE holds a sizeable 17 percent of the global market. In the meantime, I’d recommend using an alternative browser, as everyone should advisably have two browsers installed on a system minimum.

Become a Patron!

Check Also

Leo Says 77 – Intel ‘fesses up about Arrow Lake Core Ultra 200S

The launch of the new Intel Core Ultra 200S family of CPUs along with Z890 motherboards was a thorny process. KitGuru suffered along with pretty much every other review site on the planet and you may have noticed we held off from reviewing of the Core Ultra 9 285K, Core Ultra 7 265K and Core Ultra 5 245K as it is clear to us that Intel has some work to do before this platform is ready for action.

2 comments

  1. Nobody should use IE period

  2. Are you ever going to do something about this endless Google is paying xxx a month spam?