GOOGLE CHROME FOR WINDOWS has a bug that enables hackers to download malware onto a victim’s PC in order to steal credentials and launch SMB relay attacks.
Bosko Stankovic, security engineer at DefenseCode, uncovered the vulnerability in the default configuration of the latest version of Chrome running on Windows 10.
The attack is pretty straightforward, according to Stankovic, who explains that once a user has been fooled into clicking on a malicous link, this triggers an automatic download a Windows Explorer Shell Command File or SCF file.
