Internet Explorer can be exploited to read what you type in the URL bar
IE is far from the cutting-edge for security, these days…
If you still use Microsoft’s Internet Explorer, then you should be aware there’s a bug in the browser which leaks the URL (or anything else) you type into the address bar.
The problem affects the latest version of Internet Explorer and was discovered by security researcher Manuel Caballero.
As Ars Technica reports, the flaw allows the website the user is currently visiting to view any text they type into the browser’s address bar, with that text becoming readable as soon as they leave (i.e. as they hit the enter key).
This means that a maliciously-controlled website can exploit the bug to grab the URL of the next website that you’re visiting, or if you’ve typed text into the address bar, it will also snaffle that – because Internet Explorer will automatically convert that to a search (on Bing by default).
And the victim won’t be aware that this has happened, because they’ll simply be whisked off to whatever website or search they entered.
- Upgrade to the Surface Pro 4 for a modern web browsing experience
Time to move on?
Given the news yesterday that Windows 8.1 has been hit by a nasty bug which prevents users from logging onto their PC with a Microsoft account – and with no apparent ETA on a fix – maybe it’s time folks started seriously thinking about moving away from ageing Microsoft software.
Of course, if you are on Windows 10, it has the Edge browser as well as Internet Explorer, and the former is obviously where the software giant’s focus lies – particularly when it comes to security aspects.
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
As Caballero himself observes: “[Microsoft is] really moving forward regarding Edge, design bugs, and they even extended its bug bounty, which seems to be permanent now … but I still believe it is not acceptable to leave IE wide open.”
“In my opinion, Microsoft is trying to get rid of IE without saying it. It would be easier, [and] more honest to simply tell users that their older browser is not being serviced like Edge.”
Naturally some users are forced to go with Internet Explorer due to legacy issues with services or sites, but if you have a choice, it seems like an increasingly good idea to step up to a contemporary piece of software – whether that’s Edge, Chrome or Firefox, or indeed another alternative.
- Surf the web on the move with one of our best laptops
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).