A serious vulnerability in the Windows version of Google Chrome.
A serious vulnerability in the Windows version of Google Chrome has been discovered that could potentially allow hackers to steal user credentials and launch Server Message Block relay attacks.
Spotted by Bosko Stankovic, the vulnerability in the default configuration of the latest
version of Chrome allows malicious websites to trick users into downloading a .scf (Shell
Command File format) file without prompting the user.
The malicious .scf file remains dormant in the downloads folder until the user opens it, at
which point the file runs automatically without the user clicking the file.
Attacker can gain access to a victim’s username and Microsoft LAN Manager password
hash, leaving the victim open to attacks including an SMB relay attack that allows the
hacker to use the gained credentials to authenticate to a PC or network resource.
Number of Microsoft services will accept the password in its hashed form for
authentication. Services that could potentially be accessed include OneDrive, Outlook.com,
Office 365, Office Online, Skype, Xbox Live and others.
Google has been informed of the vulnerability and is said to be working on a fix.
All Net Protector users are protected from such attacks and threats.
Courtesy :
https://siliconangle.com/blog/2017/05/16/serious-google-chrome-vulnerability-give-hackers-access-user-credentials/
6 Comment(s)
B B SHARMA
Aug 17, 2017 18:43
greatful to NPAV
prasenjit MAHATA
Jul 22, 2017 16:52
good
saurabh jaiswal
Jul 15, 2017 14:01
i am satisfied npav
Vilas Ganpat Walake
Jul 10, 2017 15:41
I am satisfied NPAV
Dileep Kumar Gupta
Jun 23, 2017 20:14
I am satisfied NPAV
tushar rajendra joshi
May 19, 2017 01:41
thanku
Recent Posts
November 15, 2024
November 13, 2024
