Browser Experiments A comprehensive list of browser experiments. Date Experiment Sep 2017 Revealing the content of the address bar (IE) May 2017 SOP bypass / UXSS - Stealing Credentials Pretty Fast (Edge) Apr 2017 SOP bypass / UXSS - Tweeting like Charles Darwin (Edge) Apr 2017 SOP bypass courtesy of the reading mode (Edge) Apr 2017 Detecting Installed Extensions (Edge) Mar 2017 Defeating the popUp blocker, the XSS filter and SuperNavigate with our fake ticket to the Intranet Zone (Edge) Mar 2017 Referrer spoofing with iframe injection (Edge) Mar 2017 SOP bypass / UXSS - More Adventures in a Domainless World (IE) Mar 2017 Bypassing the patch to keep spoofing the Smartscreen/Malware warning (Edge) Feb 2017 The Attack of the Alerts and the Zombie Script (IE) Feb 2017 SOP bypass / UXSS htmlFile in IFrame (IE) Dec 2016 SOP bypass / UXSS - Adventures in a Domainless World (Edge) Dec 2016 Spoofing the address bar and the SmartScreen/Malware Warning (Edge) Nov 2016 Abusing of Protocols to Load Local Files, bypass the HTML5 Sandbox and Open Popups (Edge) Nov 2016 Bypassing Mixed Content Warnings - Loading Insecure Content in Secure Pages (Edge/IE) Oct 2016 Detecting Local Files to Evade Analysts (IE) Sep 2016 Workers SOP Bypass importScripts and baseHref (Edge/IE) Sep 2016 Detecting analysts before installing the malware (IE) Sep 2016 Referer spoofing and defeating the XSS filter (Edge/IE) Sep 2016 CSS History Leak or "I know where you've been" (Edge) Aug 2016 Grabbing data from Inputs and Textareas (Edge/IE)