Another new huge flaw has been discovered in Google Chrome which could allow malicious actors to steal credentials on Windows PCs.
http://www.zdnet.com/article/windows-10-credential-theft-google-is-working-on-fix-for-chrome-flaw/
Discovered by DefenseCode security researcher Bosko Stankovic (via ZDNet), the flaw works through a clever trick in the way Chrome and Windows both treat Windows Explorer Shell Command File (SCF) files, which are used as a Show Desktop icon shortcut. The end result is that the SCF file can be used to obtain a users LAN Manager (NTLMv2) password hash.
>>60511491
>Chrome users can protect themselves by disabling automatic downloads. This can be done in Settings, and selecting Show advanced settings, followed by checking the option to 'Ask where to save each file before downloading'.
Yawwwwwwwwwn
>>60511491
>load up bugzilla
>over 100 pages of critical security issues
niiiice
>Windows
Not this thread again...
>>60511491
>Another
>it's the same as posted yesterday
ḧmmm
>Ungoogled Chromium
>Windows 7
>Encrypted
I think im safe senpai-desu
Explanation in full http://defensecode.com/news_article.php?id=21
Naturally, when a browser fails to warn on or sanitize downloads of potentially dangerous file types, one relies on security solutions to do that work instead. We tested several leading antivirus solutions by different vendors to determine if any solution will flag the downloaded file as dangerous.
All tested solutions failed to flag it as anything suspicious, which we hope will change soon. SCF file analysis would be easy to implement as it only requires inspection of IconFile parameter considering there are no legitimate uses of SCF with remote icon locations.
Currently, the attacker just needs to entice the victim (using fully updated Google Chrome and Windows) to visit his web site to be able to proceed and reuse victim's authentication credentials. Even if the victim is not a privileged user (for example, an administrator), such vulnerability could pose a significant threat to large organisations as it enables the attacker to impersonate members of the organisation. Such an attacker could immediately reuse gained privileges to further escalate access and perform attacks on other users or gain access and control of IT resources.
We hope that the Google Chrome browser will be updated to address this flaw in the near future.
>>60511770
You're not safe
>>60511796
He is since Chromium doesn't have auto-updates,
you are not capable of reading the article,
and you don't know Chromium's nuances.
>>60511805
You don't need updates for this to work, it just requires visiting a site. If you're on Chromium you're even further behind in security.
>>60511815
As i've said, you are incapable of reading English and the article.
The first anon in this thread is though.
>>60511491
>Windows 10
HA
The Apple MacBook Pro with Retina Display doesn't have this problem.
>>60511491
wtf is wrong with her feet? o_O god fucking damn it, nigger genetics are complete shit
>>60512241
>proceeds to post a hair dyed gypsie whore
>>60512254
stop posting orangutans on my board
>>60512352
what kind of mystery meat is that?
>>60512384
tanya :3
>>60511805
check the latest build of chromium and the latest autoupdated version of chrome idiot. chrome is far behind chromium.
>>60511770
WHO
IS
THIS
SEMEN
DEMON
>>60512403
Kek
>>60512352
no one posted trump
>>60512254
>>60512352
>>60512393
>posting a dyed hair brown eyed Ukrainian gypsy whore who's parents sold her into sex slavery when she was a child
>>60512254
SAUCE
>>60513379
I didn't ask you, you 12yo edgelord.
>>60511491
>Guy finds exploit
>Google will fix with an update
>Chrome now has 1 less exploit
Wouldn't it be better to use Chrome after this?
Is there anything in this world that's not a complete piece of shit security wise?
>>60513400
no, read vault7
>>60513387
>being this ass blasted
>>60513434
<-
>>60513457
>he thinks he can troll people with something like this
are you from reddit?
>"There is no need to click or open the downloaded file -- Windows File Explorer will automatically try to retrieve the 'icon'," notes Stankovic.
Well, shit
>>60512254
nobody asked you to link sheboons there bud. here is a picture of a human being with a developed neo cortex. faggot.
>>60513464
what if you use 3rd party thumbnail generators? I do.
>>60513463
I help you, friend. I not troll :) You asked for brown persons, I gave you. Enjoy.
>>60513476
ok it's reddit then
>>60511491
How can you post with no picture? Are you hacker?
>>60511491
>on Windows PCs
lel
>>60511491
>file deleted