Chrome vulnerability allows hackers to steal user credentials2017-05-18 10:42 by Daniela
Tags: Chrome, vulnerability
DefenseCode security researcher Bosko Stankovic has discovered a flaw in Google's Chrome browser that allows hackers to install and automatically run a malicious file on a Windows PC to steal passwords. The vulnerability is in the default configuration of Chrome and all Windows versions supporting the browser.
Due to the flaw, hackers may trick a Chrome user into downloading a Windows Explorer Shell Command File or SCF (.scf), a format that's been used since Windows 98 as a Show Desktop icon shortcut. Such a malicious file could then be used to siphon off Windows credentials and initiate a Server Message Block (SMB) relay attack.
"With its default configuration, Chrome browser will automatically download files that it deems safe without prompting the user for a download location but instead using the preset one," Stankovic wrote.
Stankovic said he notified Google of the vulnerability, and the company has since confirmed that "it's aware of this and taking the necessary actions.
Read more -here-