Google Chrome v69 fixed bugs that allow hacker attacking Wifi
Researchers at cybersecurity and penetration testing consultancy SureCloud found a vulnerability in Google Chrome and the Opera browser that could attack Wi-Fi.
Researchers say browsers based on the Chrome kernel can save router management page credentials in Wi-Fi and automatically re-enter them for user convenience, while most home routers do not use encrypted communication for background management, which allows researchers to take advantage of This automatic credential re-login to steal router login credentials and use them to capture Wi-Fi passwords (PSKs). The researchers also provided a demo video of the exploit.
This vulnerability applies to any browser based on the Chrome kernel Chromium, such as Chrome, Opera, Slimjet, and Torch. Any router that provides management pages via clear text HTTP is affected by this issue.
The researchers disclosed the vulnerability to Google’s Chromium project as early as March 2, but Chromium replied that the browser functionality works as designed and is not intended to be fixed.
“There is always a trade-off between security and convenience, but our research clearly shows that the functionality in a web browser that stores login credentials is exposing millions of home and business networks.” SureCloud’s network security Practice Director Luke Potter said: “We believe that this design issue needs to be fixed in the affected Web browser to prevent the vulnerability from being exploited and causing user losses.”
We recommend you to upgrade Chrome browser to the latest version.