THE LATEST VERSION of Microsoft's Internet Explorer (IE) browser carries a serious bug that leaks whatever you type into the address bar.
The bug, disclosed by security researcher Manuel Caballero earlier this week, allows the website the user is currently visiting to view any text they type into the browser' address bar, with that text becoming readable as soon as they hit the enter key.
"When a script is executed inside an object-HTML tag, the location object will get confused and return the main location instead of its own," Caballero wrote. "To be precise, it will return the text written in the address bar so whatever the user types there will be accessible by the attacker."
As noted by Ars Technica, as well as web addresses, this flaw could also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services.
Caballero, in his damning exposé, said it's likely that Microsoft is trying to get users off of Internet Explorer and onto its Edge web browser, hence why it's making the latter more secure.
"Imagine what black hats can do right now: they can stay in your browser even if you navigate to a different site, which gives them plenty of time to do ugly stuff like mining digital currencies while abusing of users CPUs," he wrote. "Also, IE has its popUp blocker is completely broken and nobody seems to care."
However, Internet Explorer remains the most popular version of Microsoft's browser, with 17 per cent of the global market compared to Edge's six.
Microsoft acknowledged the bug and said that it a fix likely will arrive in its next Patch Tuesday release.
"Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible," a spokesperson said. "Our standard policy is to provide solutions via our current Update Tuesday schedule." µ
It's the week in Google news
Erik Estrada wouldn't have stood for this
Hacks in support of WikiLeaks founder target gov websites