A serious vulnerability in the Windows version of Google Chrome.
A serious vulnerability in the Windows version of Google Chrome has been discovered that could potentially allow hackers to steal user credentials and launch Server Message Block relay attacks.
Spotted by Bosko Stankovic, the vulnerability in the default configuration of the latest
version of Chrome allows malicious websites to trick users into downloading a .scf (Shell
Command File format) file without prompting the user.
The malicious .scf file remains dormant in the downloads folder until the user opens it, at
which point the file runs automatically without the user clicking the file.
Attacker can gain access to a victim’s username and Microsoft LAN Manager password
hash, leaving the victim open to attacks including an SMB relay attack that allows the
hacker to use the gained credentials to authenticate to a PC or network resource.
Number of Microsoft services will accept the password in its hashed form for
authentication. Services that could potentially be accessed include OneDrive, Outlook.com,
Office 365, Office Online, Skype, Xbox Live and others.
Google has been informed of the vulnerability and is said to be working on a fix.
All Net Protector users are protected from such attacks and threats.
Courtesy :
https://siliconangle.com/blog/2017/05/16/serious-google-chrome-vulnerability-give-hackers-access-user-credentials/
- Other (42)
- Ransomware (128)
- Events and News (26)
- Features (45)
- Security (433)
- Tips (79)
- Google (22)
- Achievements (9)
- Products (33)
- Activation (7)
- Dealers (1)
- Bank Phishing (42)
- Malware Alerts (195)
- Cyber Attack (221)
- Data Backup (11)
- Data Breach (80)
- Phishing (139)
- Securty Tips (1)
- Browser Hijack (16)
- Adware (15)
- Email And Password (67)
- Android Security (56)
- Knoweldgebase (38)
- Botnet (15)
- Updates (3)
- Alert (71)
- Hacking (57)
- Social Media (7)
- vulnerability (54)
- Hacker (31)
- Spyware (8)
- Windows (6)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (2)
- Website hacks (3)
- Paytm (1)
- Credit card scam (1)
- Telegram (3)
- RAT (5)
- Bug (3)
- Twitter (2)
- Facebook (7)
- Banking Trojan (5)
- Mozilla (2)
- COVID-19 (5)
- Instagram (2)
- NPAV Announcement (5)
- IoT Security (1)
- Deals and Offers (1)
- Cloud Security (8)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (2)
- WhatsApp (4)
- Amazon (1)
- DMart (1)
- Payment Risk (4)
- Occasion (2)
- firewall (1)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (7)
- Impersonation phishing (1)
- DDoS (4)
- Smishing (2)
- Whale (0)
- Whale phishing (3)
- WINRAR (2)
- ZIP (2)