Chrome Vulnerability Allows Hackers to Access Home Wi-Fi

Researchers at SureCloud have discovered a vulnerability in Google Chrome that allows attackers to infiltrate a home Wi-Fi network and steal confidential data. The attack takes less than a minute, and even the strongest password cannot protect against it.

How the Attack Works

To carry out the attack, a hacker must be within range of the target’s home Wi-Fi network while the victim’s device (such as a smartphone, tablet, or laptop) is actively connected. The attacker can use a well-known sniffer tool called Karma to exploit the vulnerability.

During the attack, a page resembling the router’s control panel appears on the victim’s device. Chrome and other browsers based on the open-source Chromium project offer to save the router administrator’s credentials and, for user convenience, automatically fill them in.

Since most home routers use unencrypted connections for these tasks, the SureCloud researchers were able to steal the router administrator’s credentials and obtain the Wi-Fi network password through the autofill process. The victim only needed to click once for the attack to succeed.

Google’s Response

The researchers reported their findings to Google. However, the company stated that the browser’s functionality is working as intended and that it does not plan to make any changes.