Microsoft’s Internet Explorer browser is affected by a critical bug that enables hustler sites to discover what the user is keyboarding in his URL address bar.
This involves new URLs where the users might be navigating to, and also search terms that Internet Explorer automatically manages via a Bing search. Users copy-pasting URLs for Intranet pages inside IE would likely see this bug as a big problem.
Current browser statistics, according to Netmarketshare show that Internet Explorer is still more popular than Microsoft Edge: 17% vs 6%.
The bug has been discovered by security researcher Manuel Caballero. He said that when a script is executed with an object-html tag, the location object will become confused and return the main location instead of its own. Clearly, it will return the text written in the address bar so whatever the user writes there will be accessible by the attacker.
According to Caballero:
” imagine what black hats can do right now: they can stay in your browser even if you navigate to a different site, which gives them plenty of time to do ugly stuff like mining digital currencies while abusing of users CPUs. “
You can test the bug with the demo page here, just use your IE explorer.
