Skip to main content
  1. Home
  2. Computing
  3. News

Internet Explorer users, be warned, a critical XSS bug is lurking in the shadows

By

microsoft browser loss internet explorer
Image used with permission by copyright holder
As if smears of past vulnerabilities and bugs weren’t enough to tarnish Internet Explorer’s reputation, a new security hole has been made public before Microsoft can plug it. This time, the discovery is quite clearly not a “gotcha” moment or the result of a rival holding a grudge.

David Leo from British security consultancy firm Deusen made the vexing disclosure, stressing there’s no universal fix available or patch downloadable. Tested on Windows 7 and 8.1 computers with IE’s version 11, the glitch allows cyber-aggressors to essentially hijack your browser.

Recommended Videos

Once a cross-site scripting (XSS) attack is remotely launched, the entire appearance of any given website can be manipulated at the hacker’s will in a matter of seconds. To illustrate the cataclysmic prospective effects of the malfunction, David Leo needs ten seconds and your approval here to plaster a “Hacked by Deusen” message on Daily Mail’s webpage.

Related

Obviously, the publication’s actual site isn’t “hacked,” but if it’s so easy to make it look that way, think of what else a cyber-criminal could feed you. They could deceive you into handing them personal info, passwords, bank account numbers, you name it, simply by taking over trusted portals.

And the worst thing about it is you’re not even safe behind SSL encryptions. You know, addresses that start with “https.” Yup, those can be cracked too, due to the browser flaw allowing complete bypass of Same Origin Policy (SOP).

Don’t ask us to explain how the universal XSS bug came to be, we just know it’s bad. Really, really bad, and there’s no way to avoid it other than stop using Internet Explorer at once. In theory, invasions of privacy of this nature shouldn’t be possible in a pre-11 IE. But better safe than sorry, and better on Chrome or Firefox than IE.

For what it’s worth, Microsoft acknowledged the security snag without making a fuss, and confirmed work on an “update” while stating it’s not “aware of this vulnerability being actively exploited.” Whew, good thing Internet Explorer is going away.

Editors’ Recommendations

Adrian Diaconescu
Adrian Diaconescu
Former Digital Trends Contributor
Adrian is a mobile aficionado since the days of the Nokia 3310, and a PC enthusiast since Windows 98. Later, he discovered…
In a year, we’ll finally be able to say goodbye to Internet Explorer for good
microsoft issues emergency windows patch internet explorer 6 768x768

It's official -- the end of Internet Explorer is on the horizon. Microsoft confirmed what most of us already expected in a blog post released today. The company made the announcement over a year in advance. Starting on June 15, 2022, Internet Explorer will be retired and no longer supported on most versions of Windows 10. However, the legacy of IE11 lives on in Microsoft Edge.

While the vast majority of Windows 10 versions will no longer support IE11, Microsoft said that it won't be retired from all of them. This change will affect devices running Windows 10 version 20H2 and later, on both SKUs and IoT units. This means that most people are soon going to see the official retirement of Internet Explorer.

Read more
Intel’s promised Arrow Lake autopsy details up to 30% loss in performance
The Core Ultra 9 285K socketed into a motherboard.

Intel's Arrow Lake CPUs didn't make it on our list of the best processors when they released earlier this year. As you can read in our Core Ultra 9 285K review, Intel's latest desktop offering struggled to keep pace with last-gen options, particularly in games, and showed strange behavior in apps like Premiere Pro. Now, Intel says it has fixed the issues with its Arrow Lake range, which accounted for up to a 30% loss in real-world performance compared to Intel's in-house testing.

The company identified five issues with the performance of Arrow Lake, four of which are resolved now. The latest BIOS and Windows Updates (more details on those later in this story) will restore Arrow Lake processors to their expected level of performance, according to Intel, while a new firmware will offer additional performance improvements. That firmware is expected to release in January, pushing beyond the baseline level of performance Intel expected out of Arrow Lake.

Read more
You can get this 40-inch LG UltraWide 5K monitor at $560 off if you hurry
A woman using the LG UltraWide 40WP95C-W 5K monitor.

If you need a screen to go with the upgrade that you made with desktop computer deals, and you're willing to spend for a top-of-the-line display, then you may want to set your sights on the LG 40WP95C-W UltraWide curved 5K monitor. From its original price of $1,800, you can get it for $1,240 from Walmart for huge savings of $560, or for $1,275 from Amazon for a $525 discount. You should complete your purchase quickly if you're interested though, as there's no telling when the offers for this monitor will expire.

Why you should buy the LG 40WP95C-W UltraWide curved 5K monitor
5K monitors are highly recommended for serious creative professionals, such as graphic designers and filmmakers, for their extremely sharp details and precise colors, and the LG 40WP95C-W UltraWide curved 5K monitor is an excellent choice. We've tagged it as the best ultrawide 5K monitor in our roundup of the best 5K monitors, with its huge 40-inch curved screen featuring 5120 x 2160 resolution, 98% coverage of the DCI-P3 spectrum, and support for HDR10 providing striking visuals that you won't enjoy from most of the other options in the market.

Read more