Internet Explorer Bug Leaks What Users Type in the URL Address Bar

Microsoft’s Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar.

This includes new URLs where the user might be navigating to, but also search terms that IE automatically handles via a Bing search. Users copy-pasting URLs for Intranet pages inside IE would likely see this bug as a big issue.

The bug, spotted by security researcher Manuel Caballero, poses a privacy risk, as it could be used in reconnaissance operations in targeted attacks, but also for data harvesting by online advertisers.

Bug is easy to exploit

The bug occurs when IE loads a page with (1) a malicious HTML object tag and (2) features the compatibility meta tag in its source code. Both conditions are quite easy to meet.

Condition one: Attackers can hide malicious HTML object tags in hacked sites or load it via ads that allow advertisers to load custom HTML and/or JavaScript code.

To read the original article:

https://www.bleepingcomputer.com/news/security/internet-explorer-bug-leaks-what-users-type-in-the-url-address-bar/

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *