Chrome + SCF + SMB = Stealing Windows Credentials, says researcher Bosko Stankovic of DefenseCode. Attackers can trick victims into visiting a website containing a maliciously crafted shortcut file, which gets downloaded automatically onto the target systems without prompting confirmation from the users. This technique is not new and was exploited by the a powerful malware specially designed to destroy Iran’s nuclear program that used the Windows shortcut LNK files to compromise systems. The vulnerability is first time demonstrated on Google Chrome publicly, after Internet Explorer (IE) and Edge.
Source: https://thehackernews.com/2017/05/chrome-windows-password-hacking.html