Internet Explorer bug leaks the content of user typing in the address bar

Internet Explorer bug

Internet Explorer bug

Microsoft’s Internet Explorer browser affected by a serious bug that allows unknown sites. According to Michael Caballero, a web security expert, the bug detects what the user typing in address bar.

This includes new URLs where the user might be navigating to, but also search terms that IE automatically handles via a Bing search. Users copy-pasting URLs for Intranet pages in IE would likely see this bug as a big issue.

The bug poses a privacy risk, as it could use in reconnaissance operations in targeted attacks, but also for data harvesting by online advertisers. The bug occurs when IE loads a page with a malicious HTML object tag and features the compatibility meta tag in its source code.

CopyCat, an android malware infected 14 million devices, rooted 8 million last year

malicious HTML object tags

The malicious HTML object tags can inject through hacked websites or ads that allow the addition of custom HTML or JavaScript code. As a result, the malicious tag will accidentally capture information initially only available in the main browser window.

This allows attackers and other interested parties to hijack the host user’s data, which can use other malicious activities or the harvesting of user data for advertising purposes.

New firewall program protects Android devices from malware attacks

Caballero has not reported the bug to Microsoft.  Previously, Caballero discovered a bug in IE that allows malicious JavaScript code to persist and keep running in the browser’s background, even if the user has closed the malicious page’s tab. This bug abuse Malvertising campaigns to deliver cryptocurrency miners that utilize a user’s computational resources.

Nearly one year ago, the security expert revealed an exploit within Microsoft Edge. Which could allow tech support scammers to take advantage of Microsoft’s SmartScreen technology for their own gain.

More information: [Broken Browser]