David Baxter PhD
Late Founder
Internet Explorer is leaking data to websites
TheWindowsClub.com
September 29, 2017
Microsoft’s Internet Explorer is reportedly leaking everything you type on the address bar. Security researcher Manuel Caballero first discovered this issue in the very latest version of Internet Explorer. Microsoft has not yet released a patch for this bug.
IE leaks whatever is typed in the address bar
Explaining the bug on his website, Caballero writes,
“When a script is executed inside an object-html tag, the location object will get confused and return the main location instead of its own. To be precise, it will return the text written in the address bar so whatever the user types there will be accessible by the attacker.
So, basically, the bug lets the website view everything a user is typing in the address bar. Which means the website knows what you are going to visit after that or what you are searching for, thereby, monitoring all your searching and browsing habits.
Caballero has shared a proof of this bug in a video which shows that the malicious websites copy all your search queries and the website addresses you type in the address bar. He purposely typed some terms on the address bar and recorded the malevolent websites copying the search queries. So, what this bug can do is to help the black hats stay in your browser even if you move on to the next website. This further gives them a good amount of time to play with all your stuff like digital currencies etc.
Microsoft, however, seems to be not interested in releasing a patch for this bug, or maybe they are not even interested in continuing with this web browser. Caballero says, “IE has its popUp blocker is completely broken and nobody seems to care.”
Microsoft gave a statement saying,
“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule”.
More on this story at BrokenBrowser.com.
You can test the bug at [url="http://www.cracking.com.ar"]Manuel Caballero - Independent Security Researcher[/URL].
TheWindowsClub.com
September 29, 2017
Microsoft’s Internet Explorer is reportedly leaking everything you type on the address bar. Security researcher Manuel Caballero first discovered this issue in the very latest version of Internet Explorer. Microsoft has not yet released a patch for this bug.
IE leaks whatever is typed in the address bar
Explaining the bug on his website, Caballero writes,
“When a script is executed inside an object-html tag, the location object will get confused and return the main location instead of its own. To be precise, it will return the text written in the address bar so whatever the user types there will be accessible by the attacker.
So, basically, the bug lets the website view everything a user is typing in the address bar. Which means the website knows what you are going to visit after that or what you are searching for, thereby, monitoring all your searching and browsing habits.
Caballero has shared a proof of this bug in a video which shows that the malicious websites copy all your search queries and the website addresses you type in the address bar. He purposely typed some terms on the address bar and recorded the malevolent websites copying the search queries. So, what this bug can do is to help the black hats stay in your browser even if you move on to the next website. This further gives them a good amount of time to play with all your stuff like digital currencies etc.
Microsoft, however, seems to be not interested in releasing a patch for this bug, or maybe they are not even interested in continuing with this web browser. Caballero says, “IE has its popUp blocker is completely broken and nobody seems to care.”
Microsoft gave a statement saying,
“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule”.
More on this story at BrokenBrowser.com.
You can test the bug at [url="http://www.cracking.com.ar"]Manuel Caballero - Independent Security Researcher[/URL].