Another new huge flaw has been discovered in Google Chrome which could allow malicious actors to steal credentials on Windows PCs.
zdnet.com
Discovered by DefenseCode security researcher Bosko Stankovic (via ZDNet), the flaw works through a clever trick in the way Chrome and Windows both treat Windows Explorer Shell Command File (SCF) files, which are used as a Show Desktop icon shortcut. The end result is that the SCF file can be used to obtain a users LAN Manager (NTLMv2) password hash.
Other urls found in this thread:
defensecode.com
twitter.com
>Chrome users can protect themselves by disabling automatic downloads. This can be done in Settings, and selecting Show advanced settings, followed by checking the option to 'Ask where to save each file before downloading'.
Yawwwwwwwwwn
>load up bugzilla
>over 100 pages of critical security issues
niiiice
>Windows
Not this thread again...
>Another
>it's the same as posted yesterday
ḧmmm
>Ungoogled Chromium
>Windows 7
>Encrypted
I think im safe senpai-desu
Explanation in full defensecode.com
Naturally, when a browser fails to warn on or sanitize downloads of potentially dangerous file types, one relies on security solutions to do that work instead. We tested several leading antivirus solutions by different vendors to determine if any solution will flag the downloaded file as dangerous.
All tested solutions failed to flag it as anything suspicious, which we hope will change soon. SCF file analysis would be easy to implement as it only requires inspection of IconFile parameter considering there are no legitimate uses of SCF with remote icon locations.
Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his web site to be able to proceed and reuse victim's authentication credentials. Even if the victim is not a privileged user (for example, an administrator), such vulnerability could pose a significant threat to large organisations as it enables the attacker to impersonate members of the organisation. Such an attacker could immediately reuse gained privileges to further escalate access and perform attacks on other users or gain access and control of IT resources.
We hope that the Google Chrome browser will be updated to address this flaw in the near future.
You're not safe
He is since Chromium doesn't have auto-updates,
you are not capable of reading the article,
and you don't know Chromium's nuances.
You don't need updates for this to work, it just requires visiting a site. If you're on Chromium you're even further behind in security.
As i've said, you are incapable of reading English and the article.
The first user in this thread is though.
>Windows 10
HA
The Apple MacBook Pro with Retina Display doesn't have this problem.
wtf is wrong with her feet? o_O god fucking damn it, nigger genetics are complete shit
>proceeds to post a hair dyed gypsie whore
stop posting orangutans on my board
what kind of mystery meat is that?
tanya :3
check the latest build of chromium and the latest autoupdated version of chrome idiot. chrome is far behind chromium.
WHO
IS
THIS
SEMEN
DEMON
Kek
no one posted trump
...
>posting a dyed hair brown eyed Ukrainian gypsy whore who's parents sold her into sex slavery when she was a child
SAUCE
...
I didn't ask you, you 12yo edgelord.
>Guy finds exploit
>Google will fix with an update
>Chrome now has 1 less exploit
Wouldn't it be better to use Chrome after this?
Is there anything in this world that's not a complete piece of shit security wise?
no, read vault7
>being this ass blasted
SAUCE ME UP
...
>he thinks he can troll people with something like this
are you from reddit?
>"There is no need to click or open the downloaded file -- Windows File Explorer will automatically try to retrieve the 'icon'," notes Stankovic.
Well, shit
nobody asked you to link sheboons there bud. here is a picture of a human being with a developed neo cortex. faggot.
what if you use 3rd party thumbnail generators? I do.
I help you, friend. I not troll :) You asked for brown persons, I gave you. Enjoy.
ok it's reddit then
How can you post with no picture? Are you hacker?
>on Windows PCs
lel
>file deleted