Internet Explorer bug
Microsoft’s Internet Explorer browser affected by a serious bug that allows unknown sites. According to Michael Caballero, a web security expert, the bug detects what the user typing in address bar.
This includes new URLs where the user might be navigating to, but also search terms that IE automatically handles via a Bing search. Users copy-pasting URLs for Intranet pages in IE would likely see this bug as a big issue.
The bug poses a privacy risk, as it could use in reconnaissance operations in targeted attacks, but also for data harvesting by online advertisers. The bug occurs when IE loads a page with a malicious HTML object tag and features the compatibility meta tag in its source code.
malicious HTML object tags
This allows attackers and other interested parties to hijack the host user’s data, which can use other malicious activities or the harvesting of user data for advertising purposes.
Nearly one year ago, the security expert revealed an exploit within Microsoft Edge. Which could allow tech support scammers to take advantage of Microsoft’s SmartScreen technology for their own gain.
More information: [Broken Browser]