The Broadband Guide
search advanced
 forgot password?

Chrome vulnerability allows hackers to steal user credentials

2017-05-18 10:42 by
Tags: ,


DefenseCode security researcher Bosko Stankovic has discovered a flaw in Google's Chrome browser that allows hackers to install and automatically run a malicious file on a Windows PC to steal passwords. The vulnerability is in the default configuration of Chrome and all Windows versions supporting the browser.

Due to the flaw, hackers may trick a Chrome user into downloading a Windows Explorer Shell Command File or SCF (.scf), a format that's been used since Windows 98 as a Show Desktop icon shortcut. Such a malicious file could then be used to siphon off Windows credentials and initiate a Server Message Block (SMB) relay attack.

"With its default configuration, Chrome browser will automatically download files that it deems safe without prompting the user for a download location but instead using the preset one," Stankovic wrote.

Stankovic said he notified Google of the vulnerability, and the company has since confirmed that "it's aware of this and taking the necessary actions.

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About