A researcher has pointed out flaws in the Microsoft Edge Web browser. The InPrivate (incognito or private) feature on Microsoft’s new default Web browser for Windows 10, the researcher claims, is leaking data, allowing an attacker to find out the websites visited by a user. Microsoft says that it is currently investigating the issue.
Security researcher Ashish Singh has found that several trackable pieces of information can be found from browsing sessions in Edge’s InPrivate mode. One such information comes via Container_n table, which is designed to store information such as cookies, websites history, and cache file. Furthermore, additional details such as timestamp can be obtained.
Singh further reports that these bits of information can be easily decoded by accessing the WebCache file, which is available on a user’s hard drive. “The forensic examination of most Web browsers has proven that they don’t have a provision for storing the details of privately browsed Web sessions. Private browsing is provided for a purpose, i.e. privately browsing the web, which is being delivered,” he wrote.
“However, in the case of Microsoft Edge even the private browsing isn’t as private as it seems. Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser’s WebCache file,” he added.
It is worth pointing out that the discovery was made in October last year, but at least some of these flaws still exist, reports The Verge. Furthermore, Microsoft said that it was investigating Singh’s claims. “We recently became aware of a report that claims InPrivate tabs are not working as designed,” it told the publication.