14 DAY TRIAL // Microsoft Edge is Redmond’s big bet for the browser market, as it replaces Internet Explorer in Windows 10 and becomes the default browser on the operating system, with Redmond claiming that it’s more secure, faster, and more reliable than its predecessor.
But as far as security and privacy are concerned, it turns out that Edge might be failing where users least expect.
A recent investigation carried out by researcher Ashish Singh reveals that Edge browser’s InPrivate mode, which allows users to browse the web without having any type of browsing data stored on their computers, actually stores such information and can be accessed by hackers.
When launching Edge in InPrivate mode, the browser displays a notification saying that “when you use InPrivate tabs, your browsing data (like cookies, history, or temporary files) isn’t saved on your PC after you’re done. Microsoft Edge deletes temporary data from your PC after all of your InPrivate tabs are closed.” But it turns out that not only is this information stored, but it can also be accessed even after closing the session.
Browsing data available after ending the session
The investigation shows that the collected information is stored on the local hard drive in the WebCache file in a table called “Container_n,” which is by default used to save information regarding the normal browsing task. If a hacker gets access to the victim’s computers and reaches data stored on the hard drive, they can also analyze the WebCache files and see all websites visited in the InPrivate mode, the security researcher explains.
The default location of the file, which stores browsing history for both Internet Explorer and Microsoft Edge, is the following:
\Users\user_name\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
The cached file location is this:
\Users\user_name\AppData\Local\Packages\ Microsoft.MicrosoftEdge_xxxxx\AC\#!001\MicrosoftEdge\Cache\
“In the case of Microsoft Edge even the private browsing isn’t as private as it seems. Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser’s WebCache file,” the researcher says.
While other browsers currently on the market, including Firefox, Chrome, and Internet Explorer, got a similar problem a few years ago, parent companies managed to fix it quite quickly, but it’s still unexpected to see Microsoft having the same issue in Edge, especially after patching it in IE.
Redmond has already confirmed that it’s aware of the report, and in a statement for The Verge, it explains that it’s working around the clock to fix the bug as soon as possible.
“We recently became aware of a report that claims InPrivate tabs are not working as designed and we are committed to resolving this as quickly as possible.”