IE浏览器漏洞,无论你在地址栏输入什么都会被泄露

BaCde  2640天前

ie-address-bar-leak.jpg

There's a bug in the latest version of Internet Explorer that leaks the addresses, search terms, or any other text typed into the address bar.

The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services.

The flaw was disclosed Tuesday by security researcher Manuel Caballero. This proof-of-concept site shows the exploit works as described on the latest version of IE.

The proof-of-concept makes it transparent that the attacking website is viewing the entered text. The hack, however can easily be modified to make the information theft completely stealthy. Either way, this weakness may allow malicious sites to view information the user presumed was private. People should strongly consider using Google Chrome, Microsoft Edge, or another non-IE browser. In an e-mailed statement, Microsoft officials wrote: "Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule."

Post updated to add comment from Microsoft.

最新评论

昵称
邮箱
提交评论