Home / Channel / General Tech / Internet Explorer bugs pose security risks

Internet Explorer bugs pose security risks

Damien Mason September 28, 2017 General Tech, Security

Anyone still defaulting their browser to Internet Explorer might want to be careful as a serious bug that leaks information has been found. The bug can result in your search habits being exposed, as whatever you type into the address bar is revealed to the host of the current website the moment you hit enter.

This is particularly concerning when address bars are no longer exclusive inputs for websites, but have the functionality of a general search bar via piggybacking off of search engines, in this case, Bing.

“When a script is executed inside an object-HTML tag, the location object will get confused and return the main location instead of its own,” security researcher Manuel Caballero wrote upon finding the bug. “To be precise, it will return the text written in the address bar so whatever the user types there will be accessible by the attacker.”

This is not the first bug made public to do with Internet Explorer, as Caballero highlights a zombie script bug that has gone unpatched for months. He suggests that Microsoft is trying to get rid of its old browser entirely, while making its new Edge browser more tantalising with added security.

“If you don’t think it’s important, then imagine what black hats can do right now: they can stay in your browser even if you navigate to a different site, which gives them plenty of time to do ugly stuff like mining digital currencies while abusing of user’s CPUs,” writes Caballero. “Also, IE has its popUp blocker is completely broken and nobody seems to care.”

Websites mining cryptocurrency via users’ CPUs has stirred quite the controversy lately, however those were law-abiding hosts pushing the boundaries a bit. With this ability in the wrong hands, users could experience much worse.

Microsoft has addressed the issue and said that it is working on a fix that is likely to arrive next Tuesday.

KitGuru Says: Leaving so many vulnerabilities in a product doesn’t bode well for the company as IE holds a sizeable 17 percent of the global market. In the meantime, I’d recommend using an alternative browser, as everyone should advisably have two browsers installed on a system minimum.

Become a Patron!

Tags

Check Also

Final PCI Express 7.0 specification published

Earlier PCIe standards tended to last much longer than the latest ones, partly because of …

2 comments

  1. chris
    September 28, 2017 at 7:17 pm

    Nobody should use IE period

  2. chris
    September 29, 2017 at 12:49 pm

    Are you ever going to do something about this endless Google is paying xxx a month spam?

© Copyright 2025, Kitguru.net All Rights Reserved Standard Terms

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!