Now it is possible to hack Windows with Google Chrome
After the shocking cyber attack last week, a security hole has now been discovered showing that it is not possible to be sure what is safe on the Internet. This new vulnerability is related to Google Chrome and Windows, based on issues that Microsoft should have handled years ago.
Along with certain Chrome settings, it opens a door for hackers to steal user's Windows data. The more frightening thing is that it goes through infected websites without the user having to execute any file on the computer.
New problem with Windows and Chrome
A DefenseCode member said it may continue to exploit errors on SMB. The Shell Command File will retrieve the hash of the user password information, which will then be used to find the password.
When visiting an infected site, it will automatically download the file of this type and users will not need to open it. Just that file in Windows Explorer is enough to start the attack. This is possible because these files allow you to place shortcuts that contain icons from the network share and execute those commands.
How to exploit the vulnerability
When trying to access the icon outside Windows, the authentication data will be sent to the attacker. Microsoft fixed the date with the in.LNK file when Stuxnet was discovered but the fact is that the SCF files have not been fixed.
SCF file is said to be harmless to Chrome, using its default behavior to download reliable files. That means it doesn't ask users if they want to download the file to any folder in the computer.
Fix Chrome related issues
While Microsoft has not fixed this error and Windows Update has not been able to change the behavior of SCF files, the solution is to change Chrome's behavior so that it does not automatically save these files. Go to Settings, select Advanced Settings and select Ask Where To Save Each File Before Downloading before downloading.
You should read it
- Chrome and Firefox have a serious security flaw, there is no way to fix it
- Google patched two more zero-day vulnerabilities in Chrome
- Google warns of 5 serious security holes in Chrome, recommends users to update the patch immediately
- Download Chrome 12: Browse with amazing speed
- How to Turn Off Google Chrome Updates Completely
- Dynamics of Google, Apple and Microsoft when the browser has a security error
- Google Chrome has an urgent update, patching a serious zero-day vulnerability being exploited by hackers
- Discovered seven extremely serious security holes in Google Chrome
- Google updates an urgent security vulnerability for 3.2 billion Chrome users
- Google launched Chrome 33, patched 7 new security bugs
- Chrome 19 syncs tabs on all devices
- Google Chrome uses Windows 10's new security feature to combat exploits