Skip to main content
  1. Home
  2. Computing
  3. Legacy Archives

Internet Explorer users, be warned, a critical XSS bug is lurking in the shadows

Add as a preferred source on Google

As if smears of past vulnerabilities and bugs weren’t enough to tarnish Internet Explorer’s reputation, a new security hole has been made public before Microsoft can plug it. This time, the discovery is quite clearly not a “gotcha” moment or the result of a rival holding a grudge.

David Leo from British security consultancy firm Deusen made the vexing disclosure, stressing there’s no universal fix available or patch downloadable. Tested on Windows 7 and 8.1 computers with IE’s version 11, the glitch allows cyber-aggressors to essentially hijack your browser.

Recommended Videos

Once a cross-site scripting (XSS) attack is remotely launched, the entire appearance of any given website can be manipulated at the hacker’s will in a matter of seconds. To illustrate the cataclysmic prospective effects of the malfunction, David Leo needs ten seconds and your approval here to plaster a “Hacked by Deusen” message on Daily Mail’s webpage.

Obviously, the publication’s actual site isn’t “hacked,” but if it’s so easy to make it look that way, think of what else a cyber-criminal could feed you. They could deceive you into handing them personal info, passwords, bank account numbers, you name it, simply by taking over trusted portals.

And the worst thing about it is you’re not even safe behind SSL encryptions. You know, addresses that start with “https.” Yup, those can be cracked too, due to the browser flaw allowing complete bypass of Same Origin Policy (SOP).

Don’t ask us to explain how the universal XSS bug came to be, we just know it’s bad. Really, really bad, and there’s no way to avoid it other than stop using Internet Explorer at once. In theory, invasions of privacy of this nature shouldn’t be possible in a pre-11 IE. But better safe than sorry, and better on Chrome or Firefox than IE.

For what it’s worth, Microsoft acknowledged the security snag without making a fuss, and confirmed work on an “update” while stating it’s not “aware of this vulnerability being actively exploited.” Whew, good thing Internet Explorer is going away.

Adrian Diaconescu
Former Digital Trends Contributor
Adrian is a mobile aficionado since the days of the Nokia 3310, and a PC enthusiast since Windows 98. Later, he discovered…
This one app has single-handedly improved my Mac experience
It won't reinvent macOS. It will just quietly fix everything that annoys you about it.
Supercharge app

Every once in a while, you come across an app that fundamentally changes how you use your Mac. Over the past year, Supercharge has been that app for me. It packs hundreds of tweaks and features that solve macOS’s several annoyances and add improvements that upgrade the experience. 

While it will be hard to cover all its features in a single article, here are my favorite Supercharge features that have single-handedly improved my Mac experience. They've become such an integral part of my workflow that I now miss them whenever I use a Mac without Supercharge.

Read more
What is Copilot? Everything you need to know about Microsoft’s AI assistant
There’s a Copilot for almost everything now. Here’s which one you need
Microsoft Copilot Banner Featured

Microsoft has attached the Copilot name to so many products that a simple question like "What is Copilot?" now needs a little more context. There is the main Microsoft Copilot chatbot, Copilot inside Microsoft 365, GitHub Copilot for developers, Gaming Copilot for Xbox users, and a separate category of Windows laptops called Copilot+ PCs.

For most people, Microsoft Copilot means the company’s general-purpose AI assistant. So you'd expect it to answer questions, search the web, generate and edit images, and the rest of the usual AI chatbot features. You can access it through a browser or dedicated apps for Windows, macOS, Android, and iOS. It is also integrated into Microsoft Edge, the Xbox mobile app, and Game Bar on Windows 11.

Read more
I tried to parody the most absurd AI products, but the tech industry beat me to it
The joke was supposed to be that every household object gets cameras, AI insights, and a premium tier. Apparently, that’s now a business plan
Imaginary AI products

I wanted to invent an AI product so silly that no founder could turn it into a seed round.

It had to solve a problem nobody had, collect far more data than the problem deserved, and turn normal behavior into an insight that sounded vaguely disappointed in its owner. Somewhere around the third feature, it would ask for a subscription.

Read more