The attack vector used – which centers on an MHTML vulnerability – involves the way in which Windows manages web pages featuring content formatted to the MIME internet standard.
Microsoft's take on the issue that an attacker could exploit the vulnerability by convincing the user to click on a link to a page containing a malicious script that subverts the MHTML component.
Once exploited, Microsoft says that the vulnerability could give an attacker access to the user's browser, creating a cross-site scripting or similar type of attack.
According to a security team blog posting from Google, the team said they had noticed attacks against Google and Facebook, all of which affect users of Internet Explorer.
"For now, we recommend concerned users and corporations seriously consider deploying Microsoft's temporary Fixit to block this attack until an official patch is available", say the team.
In addition, Google says it has deployed a number of server-side defenses to make the MHTML vulnerability harder to exploit.
Whilst these are not long-term solutions, the security team say that they are working with Microsoft to develop a comprehensive solution for the issue.
"The abuse of this vulnerability is also interesting because it represents a new quality in the exploitation of web-level vulnerabilities. To date, similar attacks focused on directly compromising users' systems, as opposed to leveraging vulnerabilities to interact with web services", noted the Google security team.
Commenting on the attacks and the vulnerability that is being exploited, Paul Vlissidis, technical director of NGS Secure, part of NCC Group, said that the attack vector was originally reported as a theoretical in nature.
"It is now clearly very real and needs to be taken seriously. The time between a theoretical attack and real one is reducing all the time", he said.
According to Vlissidis, deceiving an individual online and actually convincing them to click on a false link is – unfortunately – not the hardest thing to do.
Because of this, the NGS Secure technical director advises that robust systems are a key issue.
"This case comes in a long line of similar web based attacks where hacktivists are showing both their power and ability to trick web users into gaining access to the victims' browsers", he said.
"And as a result, access personal information. To avoid further attacks, users should consider switching browsers until a proper patch is available", he added.