Internet Explorer Flaw Exposes Everything You Type In The Address Bar

IE

Well this is unsettling news—a security researcher has discovered a bug in Microsoft's Internet Explorer browser that allows remote hackers to view anything and everything you type in the address bar, including web addresses, search terms, and any other text. If you are still using IE as your browser of choice, be advised that the vulnerability exists on the latest version.

This is a potentially big deal as nearly a third of all desktop users still surf the web with IE, according to data by Net Applications. Stat Counter reports a much lower usage at 8.61 percent, but either way, IE is still in use today.

IE Search Exploit
Image Source: Manuel Caballero

The flaw was discovered by Manuel Cabellero, who outlined the proof-of-concept in a blog post. "When a script is executed inside an object-html tag, the location object will get confused and return the main location instead of its own. To be precise, it will return the text written in the address bar so whatever the user types there will be accessible by the attacker," he explains.

This could be anything, from web addresses of sites you would not want others to know you are visiting, to search queries that could reveal a little more about yourself than you bargained for.


The good news is that Microsoft is aware of the flaw and is working a fix.

"Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule," Microsoft told Arstechnica.

In the meantime, IE users who do not want to risk having their address bar text shared with a malicious website should consider using a different browser, such as Edge, Chrome, or Firefox.

Top Image Source: Flickr (Jorgen Kesseler)

Show comments blog comments powered by Disqus