Stealing Windows Credentials Using Google Chrome

It's only fair to share...Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Email this to someonePrint this pageShare on RedditShare on StumbleUpon

Acrobat Stealing Windows Credentials Using Google Chrome
Author/Researcher: Bosko Stankovic (bosko@defensecode.com)
Source: http://www.defensecode.com
Overview: Attacks that leak authentication credentials using the SMB file sharing protocol on Windows OS are an ever-present issue, exploited in various ways but usually limited to local area networks. One of the rare research involving attacks over the internet was recently presented by Jonathan Brossard and Hormazd Billimoria at the Black Hat security conference[1] [2] in 2015. However, there have been no publicly demonstrated SMB authentication related attacks on browsers other than Internet Explorer and Edge in the past decade. This paper describes an attack which can lead to Windows credentials theft, affecting the default configuration of the most popular browser in the world today, Google Chrome, as well as all Windows versions supporting it. Read More