Previously Microsoft Edge got a feature that allows users to follow contentcreators but features followcreator it seems to have a vulnerability in the latest update.

According to a report from The Vergethis problem is quite big because it concerns user privacy, this is because every website URL visited seems to be sent to the Bing API server “bingapis.com/api/v7/followweb/isfollowable”.

This problem was first discovered by a Reddit user hackermchackfacewhere he wrote in full as in the thread following.

What is causing Edge to leak all visited URLs following latest update? API is: bingapis.com/api/v7/followweb/isfollowable ?

GET request includes full url of every page navigate to.

Searching for References to this url give very few results, no documentation on this feature at all. Json response shows type as “FollowableStatus” which yields zero Google results, which is rare.

Meanwhile, Microsoft MVP and Stardock Engineer provided a statement regarding the matter to The Verge, where he said:

Microsoft Edge sekarang memiliki fitur kreator ikuti yang diaktifkan secara default, tampaknya tujuannya adalah untuk memberi tahu Bing saat Anda berada di halaman tertentu, seperti YouTube, The Verge, dan Reddit. Namun tampaknya tidak berfungsi dengan benar, alih-alih mengirimkan hampir setiap domain yang Anda kunjungi ke Bing

Now Microsoft itself seems to have responded to this and confirmed that they were aware of the report, Caitlin Roulston director of communications at Microsoft itself has given a statement that they are conducting an investigation and will fix this problem as soon as possible.

via: The Verges


Source link


Please enter your comment!
Please enter your name here