A serious vulnerability in the Windows version of Google Chrome.

A serious vulnerability in the Windows version of Google Chrome has been discovered that could potentially allow hackers to steal user credentials and launch Server Message Block relay attacks.

Spotted by Bosko Stankovic, the vulnerability in the default configuration of the latest
version of Chrome allows malicious websites to trick users into downloading a .scf (Shell
Command File format) file without prompting the user.

Pict1

The malicious .scf file remains dormant in the downloads folder until the user opens it, at
which point the file runs automatically without the user clicking the file.

Attacker can gain access to a victim’s username and Microsoft LAN Manager password
hash, leaving the victim open to attacks including an SMB relay attack that allows the
hacker to use the gained credentials to authenticate to a PC or network resource.

Number of Microsoft services will accept the password in its hashed form for
authentication. Services that could potentially be accessed include OneDrive, Outlook.com,
Office 365, Office Online, Skype, Xbox Live and others.

Google has been informed of the vulnerability and is said to be working on a fix.

All Net Protector users are protected from such attacks and threats.

Courtesy :
https://siliconangle.com/blog/2017/05/16/serious-google-chrome-vulnerability-give-hackers-access-user-credentials/