New Internet Explorer Security Bug Exposes Search

John Lister's picture

A newly discovered Internet Explorer bug means rogue websites can track the next site a user visits, or even the next search the user makes. While it's not necessarily devastating in itself, the researcher who found the bug says it is a sign Microsoft isn't paying enough attention to its old browser.

The bug means that a 'rogue' web page could access the content of whatever the user types in to the Internet Explorer address bar as soon as they press the Enter key. This would normally be another website address, but the way Internet Explorer works means it could also be a search term.

Security researcher Manuel Caballero has demonstrated the bug with a page that updates to show what the user has typed in. However, he says the bug can also be used without any sign that the site has received the information. (Source: arstechnica.com)

Bug Could Be Research Tool

In practice, it's unlikely this would cause a major security risk, as it's something of a long shot that the operator of one page would find something useful and secretive from what the user typed in for their next search or visit.

It's even possible sites could use the bug as a research tool to improve their offerings. By looking at what sites or search terms users move on to next, they could learn more about why users didn't stick around on their own site.

Internet Explorer Gets 'Too Little Support'

Either way, it's definitely a flaw in the way Internet Explorer works and Caballero says that's the real problem. He believes such a simple issue should either have never arisen or have been caught much earlier.

He also theorizes that Microsoft may have missed the bug because its putting too much of its efforts into the new Edge browser, which is now the default browser in Windows 10. The problem, Caballero argues, is that almost three times as many users use Internet Explorer as use Edge. He believes Microsoft should either give both browsers sufficient attention, or flat out tell people to stop using Internet Explorer. (Source: brokenbrowser.com)

What's Your Opinion?

Can you see any particularly risky ways this bug could be exploited? Is it a fuss over nothing or a bug worth highlighting? Do you still use Internet Explorer and are you happy Microsoft is doing enough to maintain it?

Rate this article: 
Average: 5 (4 votes)

Comments

Dennis Faas's picture

To suggest that people should abandon Internet Explorer in favor of Edge (or any other browser) because of this bug is just plain silly. Yes, it's a security issue - but on a level of 1 to 10 I would maybe rank this as a 3 or a 4.

I think the only real major issue is that some sites may record what search terms users are searching for, then produce spammy content based on those terms. Google already has algorithms in place to punish spammy articles that have little to no content value. So, web site owners looking to 'cash in' on this idea are going to be easily defeated. Besides that, there are other keyword tools available that don't require as much work.

Kookie's picture

I personally only use Google as my search, even at home where I am running version 10. At work, however, the company is "locked in" to an older version of IE, due to constraints with the software we run the business on. On that basis, Microsoft really should be paying much better attention to the "old" internet explorer. We have no alternative than to sign in to the "cloud" the software resides on with the older version from Microsoft!

ecash's picture

Sorry, this is almost a non-story.
Do any search on amazon, newegg, almost anyplace, and watch what happens when you visit another site..the SAME products start popping up..

TRY running around the net in Anonymous mode..you wont get to far..
IE and most of the browsers SHARE your DATA..the only thing is HOW MUCH they share.

I would think there are programs to SEARCH your kids computer to find ALL the info on where they have been..
Its not that hard..

lepitbull's picture

I loved IE for my new Windows 10. It was fast, safe and clean. But I notice Microsoft keeps
pushing me to Edge as the 'Go To' browser. I hate Edge, with so much Junk and all of those
useless posts that do not interest me at all. Just a big ADD campaign for Microsoft as the
background and all the kickbacks MS gets. MS should offer a choice of IE and / or Edge. Click
on IE, see the beauty of it, clean and sleek, with few posts on of the bottom of the page.
Then click on Edge and see the mess of ADDs with stupid Posts of Diet Foods, ED, Models, Movie
Stars and the useless news and filled with Video Posts that last 30 Minutes, until directed to
a page to pay money for those Wonder Pills, for everything from A to Z. Now a Bug in IE ? So
sad. It is such a shame that Windows does not support a loved IE. MS only pushes the old MSN
style garbage, with piles of Adds and such a pain to navigate through. I cannot use Chrome
either, it so slow and tracks usage and keeps using Yahoo as a Brower, even though I change it
to another and the next day it returns back to Yahoo. So now, do I go to Edge or keep using the clean IE and wait for the Bug ? Have a good day...

buzzallnight's picture

Micro$oft is a major user of H1b visas
and they believe that all programmers have the same skill level
and that foreign born and trained programmers are just as good as American programmers and will work for less money!
Thousands of patches to Micro$oft products
and constant moving and renaming of parts of the software
tell a much different story don't they?
This is also causing Americans to avoid computer jobs
because eventually they will be replaced with cheaper workers.

YOU DO GET WHAT YOU PAY FOR AND NOTHING MORE!!!!!!!!!!!!!!

Thanks bill