Microsoft is investigating into reports of Edge leaking URLs to Bing

A bug in a recent version of Redmond’s Chromium clone appears to be redirecting URLs you visit back to the Bing API, so you might want to think twice before typing anything into Microsoft Edge.

It appeared to have worked somewhat like this: The Bing API would receive the URL from whitelisted pages to determine whether a recommendation popup should be displayed in the browser.

More about Microsoft bugs

The user’s address bar would display this recommendation. In the event that the client navigates the popup, content from that maker would be added to and arranged in Edge’s Assortments highlight.

However, according to the findings of HackerMcHackface, as of the release of Edge on April 7, all URLs entered into the address bar appear to be sent to the Bing API. This permits Microsoft to monitor Edge users’ online activities if it so chooses.

The Register couldn’t freely affirm the bug. Nonetheless, engineer Rafael Rivera let The Edge know that the component was inadequately carried out and didn’t have all the earmarks of being working accurately.

On the off chance that you’re stressed over Edge releasing each page you visit to Bing, impairing the usefulness by exploring to the “Security, search, and administrations” tab on the “Settings” page and unticking “Show ideas to follow makers in Microsoft Edge” close to the lower part of the page should moderate the issue. However, you could always use a different browser if you are extremely concerned.

Microsoft Edge has not always had the best reputation for protecting users’ privacy, despite the fact that it provides a plethora of privacy toggles. Douglas Leith, a professor at Trinity College, found in a 2020 paper that Edge was one of the most intrusive browsers on the market because it used hardware identifiers.

However, Edge is not the only browser to encounter a privacy or security flaw in recent times. An emergency Chrome update was released by Google earlier this month to fix a zero-day vulnerability that could be used to steal a user’s device. It likewise fixed an additional zero-day not more than a day or two ago.