Windows 10 credential theft: Google is working on fix for Chrome flaw | ZDNet
Google is addressing a problem that allows a crafty credential theft attack on Windows through Chrome’s default behavior.
Attackers can use Google’s Chrome browser to install and automatically run a malicious file on a Windows PC to steal passwords.
Chrome users can protect themselves by disabling automatic downloads. This can be done in Settings, and selecting Show advanced settings, followed by checking the option to ‘Ask where to save each file before downloading.
Source: Windows 10 credential theft: Google is working on fix for Chrome flaw | ZDNet