Now it is possible to hack Windows with Google Chrome

After the shocking cyber attack last week, a security hole has now been discovered showing that it is not possible to be sure what is safe on the Internet. This new vulnerability is related to Google Chrome and Windows, based on issues that Microsoft should have handled years ago.

Along with certain Chrome settings, it opens a door for hackers to steal user's Windows data. The more frightening thing is that it goes through infected websites without the user having to execute any file on the computer.

New problem with Windows and Chrome

A DefenseCode member said it may continue to exploit errors on SMB. The Shell Command File will retrieve the hash of the user password information, which will then be used to find the password.

When visiting an infected site, it will automatically download the file of this type and users will not need to open it. Just that file in Windows Explorer is enough to start the attack. This is possible because these files allow you to place shortcuts that contain icons from the network share and execute those commands.

How to exploit the vulnerability

When trying to access the icon outside Windows, the authentication data will be sent to the attacker. Microsoft fixed the date with the in.LNK file when Stuxnet was discovered but the fact is that the SCF files have not been fixed.

SCF file is said to be harmless to Chrome, using its default behavior to download reliable files. That means it doesn't ask users if they want to download the file to any folder in the computer.

Fix Chrome related issues

While Microsoft has not fixed this error and Windows Update has not been able to change the behavior of SCF files, the solution is to change Chrome's behavior so that it does not automatically save these files. Go to Settings, select Advanced Settings and select Ask Where To Save Each File Before Downloading before downloading.