A new flaw has been discovered in Google Chrome which could allow malicious actors to steal credentials on Windows PCs.
Discovered by DefenseCode security researcher Bosko Stankovic (via ZDNet), the flaw works through a clever trick in the way Chrome and Windows both treat Windows Explorer Shell Command File (SCF) files, which are used as a Show Desktop icon shortcut. The end result is that the SCF file can be used to obtain a users LAN Manager (NTLMv2) password hash.
Speaking with Kaspersky's ThreatPost, Google noted that it is "aware of this and taking the necessary actions."
If you rely on Google Chrome for browsing the web, you can protect yourself by heading to Settings > Show advanced settings and checking the box next to "Ask where to save each file before downloading" under the "Downloads" section. Given that this appears to work on all versions of Windows, even Windows 10, hopefully we see a resolution from Google soon.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.