Bug found in Google Chrome lets hackers steal your Windows login

0

Chrome users have been warned that there is a bug that could potentially allow hackers access to your login details for Windows.

The warning stated that login details can be immediately reused and allows cybercriminals to “impersonate members of the organisation” and launch further attacks “on other users or gain access and control of IT resources”.

The vulnerability was revealed by Bosko Stankovic, a security engineer in his security blog DefenseCode.

“Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his web site to be able to proceed and reuse victim’s authentication credentials,” Stankovic wrote.

In order to obtain the information, he combined two previously used attack techniques, one by Stuxnet and another demonstrated at the Black Hat security conference by Jonathan Brossard and Hormazd Billimoria. Stankovic believes that the attack is easy to execute.

“With its default configuration, Chrome browser will automatically download files that it deems safe without prompting the user for a download location but instead using the pre-set one,” Stankovic writes.

“From a security standpoint, this feature is not an ideal behaviour but any malicious content that slips through still requires a user to manually open/run the file to do any damage.

“However, what if the downloaded file requires no user interaction to perform malicious actions?”

Google told ThreatPost: “Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his web site to be able to proceed and reuse victim’s authentication credentials,” Stankovic wrote.

Share.

Comments are closed.