Chrome on Windows has credential theft bug

.SCF files present ID, password to fetch icons for attack file

By Richard Chirgwin

Google’s Chrome team is working to fix a credential theft bug that strikes if the browser is running on Microsoft Windows.

The bug is exploited if a user is tricked into clicking a link that downloads a Windows .scf file (the ancient Shell Command File format, a shortcut to Show Desktop since Windows 98).

To read the entire article, please click here.