Google’s Chrome team is working to fix a credential theft bug that strikes if the browser is running on Microsoft Windows. The bug is exploited if a user is tricked into clicking a link that downloads a Windows .scf file (the ancient Shell Command File format, a shortcut to Show Desktop since Windows 98).
Read full news article on The Register