{"id":108112,"date":"2018-09-06T16:12:57","date_gmt":"2018-09-06T16:12:57","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=108112"},"modified":"2025-07-01T23:05:02","modified_gmt":"2025-07-02T06:05:02","slug":"google-chrome-wi-fi-vulnerability","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/google-chrome-wi-fi-vulnerability\/","title":{"rendered":"Google Chrome could be leaving your home Wi-Fi network open to hackers"},"content":{"rendered":"<h2><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-108115 size-large\" src=\"https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-1024x576.jpg\" alt=\"hacker\" width=\"840\" height=\"473\" srcset=\"https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-1024x576.jpg 1024w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-300x169.jpg 300w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-768x433.jpg 768w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-800x450.jpg 800w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-664x374.jpg 664w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-238x134.jpg 238w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-436x246.jpg 436w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-370x208.jpg 370w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-304x170.jpg 304w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack-1200x675.jpg 1200w, https:\/\/articles-img.sftcdn.net\/auto-mapping-folder\/sites\/3\/2018\/09\/WiFi-Hack.jpg 1280w\" sizes=\"auto, (max-width: 840px) 100vw, 840px\" \/><\/h2>\n<h2>The way Google Chrome interacts with your router could be putting your home Wi-Fi network at risk<\/h2>\n<p>Anybody who has ever asked somebody for a Wi-Fi password will know just how long and crazy they can be. In the interest of securing the network, Wi-Fi passwords are often long and contain both capital and lower-case letters, numbers, and symbols.<\/p>\n<!-- Shortcode [playwire] does not match the conditions -->\n<p>Using strong passwords is highly recommended, but researchers at cybersecurity consultants SureCloud have found that even networks protected by the strongest passwords could be vulnerable to attack thanks to a weakness in the way Google Chrome and Opera browsers communicate with routers.<\/p>\n<p>The vulnerability, <a href=\"https:\/\/www.surecloud.com\/sc-blog\/wifi-hijacking\" target=\"_blank\" rel=\"noopener noreferrer\">called Wi-Jacking<\/a>, stems from browsers based on Google\u2019s Chromium open source project, which include <strong>Chrome and Opera.<\/strong> Chromium browsers save Wi-Fi router admin credentials and then re-enter them automatically to save time and effort. This credential saving, combined with the fact that most home Wi-Fi networks don\u2019t use encrypted communications for management tasks, enabled the researchers to <strong>steal the router login credentials and then capture the Wi-Fi network password.<\/strong><\/p>\n<p><iframe loading=\"lazy\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/YW0drHztgJY?feature=oembed\" frameborder=\"0\" allow=\"autoplay; encrypted-media\" allowfullscreen><\/iframe><\/p>\n<p>SureCloud listed five factors that are required before the vulnerability can be exploited. They are:<\/p>\n<ol>\n<li><em>\u201cThere MUST be an active client device on the target network.<\/em><\/li>\n<li><em>Client device MUST have previously connected to any other open network and allowed automatic reconnection.<\/em><\/li>\n<li><em>Client device SHOULD* be using a Chromium-based browser such as Chrome or Opera.<\/em><\/li>\n<li><em>Client device SHOULD** have the router admin interface credentials remembered by the browser.<\/em><\/li>\n<li><em>Target network\u2019s router admin interface MUST be configured over unencrypted HTTP\u201d.<\/em><\/li>\n<\/ol>\n<p>Although there are five prerequisites, they are pretty common. <strong>Most of us use Chrome, most of us will have connected to an open network and hit connect automatically, and most browsers prompt us to save credentials automatically.<\/strong> SureCloud points out that even with two other pre-requisites necessary there are still a lot of people who are vulnerable to this type of attack.<\/p>\n<div class=\"sc-card-starred-link\">\r\n  <div class=\"sc-card-starred-link__body\">\r\n    <div class=\"sc-card-starred-link__row clearfix\">\r\n      <div class=\"sc-card-starred-link__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-starred-link__img\" src=\"https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/3\/2018\/06\/WPA3.jpg\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-starred-link__col-title\">\r\n        <p class=\"sc-card-starred-link__title\">This could be the beginning of the end for WPA2 Wi-Fi<\/p>\r\n        <a class=\"sc-card-starred-link__button\" href=\"https:\/\/en.softonic.com\/articles\/wpa3-wifi-certification-begins\" target=\"_blank\" rel=\"noopener noreferrer sponsored\">Discover the future of Wi-Fi<\/a>\r\n      <\/div>\r\n    <\/div>\r\n    <a class=\"sc-card-starred-link__link\" href=\"https:\/\/en.softonic.com\/articles\/wpa3-wifi-certification-begins\" target=\"_blank\" rel=\"noopener noreferrer sponsored\"><\/a>\r\n  <\/div>\r\n<\/div>\n<p>Fortunately, SureCloud reported this vulnerability to the Chromium project and Google has already responded. According to SureCloud, <strong>the latest Chrome update has changed the security protocol<\/strong>, which means a successful attack would need much more specific action to be taken by the individual user.<\/p>\n<p>Chrome is still vulnerable, but a successful attack would be much more like a phishing attack with a fake site or being needed to prompt users to act in the way required to steal the Wi-Fi credentials. For more information on avoiding phishing attacks check out our <a href=\"https:\/\/en.softonic.com\/articles\/how-to-detect-fakescam-emails-and-avoid-phishing-attacks-hi-res-version\/\">infographic on detecting fake emails and avoiding phishing scams<\/a>:<\/p>\n<div class=\"sc-card-starred-link\">\r\n  <div class=\"sc-card-starred-link__body\">\r\n    <div class=\"sc-card-starred-link__row clearfix\">\r\n      <div class=\"sc-card-starred-link__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-starred-link__img\" src=\"https:\/\/articles-img.sftcdn.net\/sft\/articles\/auto-mapping-folder\/sites\/3\/2017\/11\/email-logo-192.jpg\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-starred-link__col-title\">\r\n        <p class=\"sc-card-starred-link__title\">How to detect scam emails<\/p>\r\n        <a class=\"sc-card-starred-link__button\" href=\"https:\/\/en.softonic.com\/articles\/how-to-detect-fakescam-emails-and-avoid-phishing-attacks-hi-res-version\/\" target=\"_blank\" rel=\"noopener noreferrer sponsored\">Find out now<\/a>\r\n      <\/div>\r\n    <\/div>\r\n    <a class=\"sc-card-starred-link__link\" href=\"https:\/\/en.softonic.com\/articles\/how-to-detect-fakescam-emails-and-avoid-phishing-attacks-hi-res-version\/\" target=\"_blank\" rel=\"noopener noreferrer sponsored\"><\/a>\r\n  <\/div>\r\n<\/div>\n<p>This is much more in-line with the vulnerability as it was first detected on other browsers like Edge and Safari. Unfortunately, however, at the time of publication Opera browser is still vulnerable to this type of attack. SureCloud offered the following ways to protect yourself against this particular type of attack:<\/p>\n<p><em>\u201cOnly login to your router using a separate browser or incognito session<\/em><\/p>\n<p><em>Clear your browser\u2019s saved passwords and don\u2019t save credentials for unsecure HTTP pages<\/em><\/p>\n<p><em>Delete saved open networks and don\u2019t allow automatic reconnection<\/em><\/p>\n<p><em>As it is nearby impossible to tell if this attack has already happened against your network, change your pre-shared keys and router admin credentials ASAP. Again, use a separate\/private browser for the configuration and choose a strong key.\u201d<\/em><\/p>\n<div class=\"sc-card-starred-link\">\r\n  <div class=\"sc-card-starred-link__body\">\r\n    <div class=\"sc-card-starred-link__row clearfix\">\r\n      <div class=\"sc-card-starred-link__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-starred-link__img\" src=\"https:\/\/secure.telkom.co.za\/today\/static\/web\/images\/icons\/downloads\/connecting_to_wi-fi.png\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-starred-link__col-title\">\r\n        <p class=\"sc-card-starred-link__title\">Ever wondered what WiFi actually looks like?<\/p>\r\n        <a class=\"sc-card-starred-link__button\" href=\"https:\/\/en.softonic.com\/articles\/ever-wondered-what-wifi-actually-looks-like\" target=\"_blank\" rel=\"noopener noreferrer sponsored\">Click Here to Find Out<\/a>\r\n      <\/div>\r\n    <\/div>\r\n    <a class=\"sc-card-starred-link__link\" href=\"https:\/\/en.softonic.com\/articles\/ever-wondered-what-wifi-actually-looks-like\" target=\"_blank\" rel=\"noopener noreferrer sponsored\"><\/a>\r\n  <\/div>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The way Google Chrome interacts with your router could be putting your home Wi-Fi network at risk<\/p>\n","protected":false},"author":9073,"featured_media":108115,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[2340],"usertag":[839],"vertical":[],"content-category":[],"class_list":["post-108112","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectiongoogle","usertag-vpn"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/108112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9073"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=108112"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/108112\/revisions"}],"predecessor-version":[{"id":327426,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/108112\/revisions\/327426"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/108115"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=108112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=108112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=108112"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=108112"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=108112"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=108112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}