GOOGLE CHROME FOR WINDOWS has a bug that enables hackers to download malware onto a victim's PC in order to steal credentials and launch SMB relay attacks.
Bosko Stankovic, security engineer at DefenseCode, uncovered the vulnerability in the default configuration of the latest version of Chrome running on Windows 10.
The attack is pretty straightforward, according to Stankovic, who explains that once a user has been fooled into clicking on a malicous link, this triggers an automatic download a Windows Explorer Shell Command File or SCF file.
The SCF file lies dormant until the victim opens the download directory folder, after which it attempts to exfiltrate data linked with a Windows icon located on the hacker's server. This, in turn, provides the attacker with the victim's username and hashed password.
"Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his web site to be able to proceed and reuse victim's authentication credentials," Stankovic explains.
He goes onto warn that the flaw shouldn't just have IT admins worried, as it also poses a "significant threat" to large companies.
"Even if the victim is not a privileged user (for example, an administrator), such vulnerability could pose a significant threat to large organisations as it enables the attacker to impersonate members of the organisation.
"Such an attacker could immediately reuse gained privileges to further escalate access and perform attacks on other users or gain access and control of IT resources."
While this attack can be used attempt to crack the hashed password, it can also be use the credential request in a SMB relay attack, Stankovic adds.
"Organizations that allow remote access to services such as Microsoft Exchange (Outlook Anywhere) and use NTLM as authentication method, may be vulnerable to SMB relay attacks, allowing the attacker to impersonate the victim, accessing data and systems without having to crack the password."
Stankovic said he notified Google of the vulnerability, and the company has since confirmed that "it's aware of this and taking the necessary actions. µ
Presumably 'Richard' is your next security worry
Good news if the kids need a summer job
Welcome back, Zoinkerberg
That's another good reason not to see it