Wow, this is pretty significant. Does it work on all recent versions of IE?

Url changed from https://arstechnica.com/information-technology/2017/09/bug-i..., which points to this.

That's not the security vulnerability this article is talking about. The pages in iframes get live access of the URL in the address bar at all times, which can effectively send your search queries to whoever even with search suggestions disabled.

Correction: Pages in <object> tags, not iframes

I'm always confused by comments like these - they seem almost intentionally misleading, but of course it could also be just a mistake while quickly scanning an article.

I misread from the images. Should have slowed down and thought twice before posting that. Annoyingly was too late to put an edit in my reply.

Apologies.

The issue isn't that keystrokes are sent to bing, the article says they are sent to other sites other than bing. That is a legit security issue

Why do you think Microsoft implemented Bing suggestions by setting the window.location property?

It seems an odd choice...