A new flaw has been discovered in Google Chrome which could allow malicious actors to steal credentials on Windows PCs.
Discovered by DefenseCode security researcher Bosko Stankovic (via ZDNet), the flaw works through a clever trick in the way Chrome and Windows both treat Windows Explorer Shell Command File (SCF) files, which are used as a Show Desktop icon shortcut. The end result is that the SCF file can be used to obtain a users LAN Manager (NTLMv2) password hash.
Once downloaded, the request is triggered the very moment the download directory is opened in Windows File Explorer to view the file, delete it or work with other files (which is pretty much inevitable). There is no need to click or open the downloaded file – Windows File Explorer will automatically try to retrieve the "icon ".
The remote SMB server set up by the attacker is ready to capture the victim's username and NTLMv2 password hash for offline cracking or relay the connection to an externally available service that accepts the same kind of authentication (e.g. Microsoft Exchange) to impersonate the victim without ever knowing the password.
Speaking with Kaspersky's ThreatPost, Google noted that it is "aware of this and taking the necessary actions."
If you rely on Google Chrome for browsing the web, you can protect yourself by heading to Settings > Show advanced settings and checking the box next to "Ask where to save each file before downloading" under the "Downloads" section. Given that this appears to work on all versions of Windows, even Windows 10, hopefully we see a resolution from Google soon.
Benchmarking the new Surface Book 3 15 with GTX 1660 Ti and 10th Gen i7
Although it's too early for a review, here are some initial benchmarks from the new Surface Book 3 15-inch with a Core i7 and NVIDIA GeForce 1660 Ti (Max-Q) and how it compares to Surface Book 2 and other premium laptops. Spoiler: While the CPU is just OK, that 1660 Ti definitely bumps up the Book 3's potential.
HP devices are facing BSOD and boot loops, but HP appears to have a fix
HP users saw some serious issues with PCs over the weekend, including the Blue Screen of Death and boot loops. Now, an update from HP might fix the issue.
Minecraft Dungeons Ultimate Guide: Everything you need to know
Minecraft Dungeons is here, and it's time to run through everything you need to know about the game.
Set up a Surface Pro workstation with one of these external monitors
The Surface Pro is great on its own, but that doesn't mean you can't add one or two external monitors to it and create a sweet battlestation. Here are the best overall picks available now.