A vulnerability in Google’s Chrome browser allows hackers to automatically download a malicious file onto a victim’s PC that could be used to steal credentials and launch SMB relay attacks.
Bosko Stankovic, information security engineer at DefenseCode, found the flaw in the default configuration of the latest version of Chrome running on an updated version of Microsoft’s Windows 10 operating system.
“Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his website to be able to proceed and reuse victim’s authentication credentials,” he wrote Monday in a description of the vulnerability.
