A severe cookie-related vulnerability that first involves malware exfiltrating files from Chrome looks to allow access to Google Accounts even after passwords are changed.
This is according to BleepingComputer and a writeup by CloudSEK and Hudson Rock. At a high level, this vulnerability requires malware to be installed on a desktop in order to “extract and decrypt login tokens stored within Google Chrome’s local database.”
What’s attained is then used to send a request to a Google API – normally used by Chrome to sync accounts across different Google services – and create “stable and persistent Google cookies” responsible for authentication that can be used to access your account. In this case, it’s not clear whether two-factor authentication provides any protection.
Essentially, the infusion of the key from restore files enables the reauthorization of cookies, ensuring their validity even after a password change.
What’s most concerning is how this “restoration” process can be done multiple times if the victim never becomes aware that they’ve been compromised. Even worse is how even after a Google Account password reset, this exploit can be used one more time by the bad actor to get access to your account.
Multiple malware groups, six by BleepingComputer’s count, have access to this vulnerability and are selling it. This exploit was first advertised in mid-November. Notably, some of these parties say they have already updated this vulnerability to combat the countermeasures Google has implemented.
We’ve reached out to Google for more information. In terms of immediate measures you can take, do not install software you’re not familiar with (as it could be malware).
Kyle Bradshaw contributed to this post.
FTC: We use income earning auto affiliate links. More.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : 9to5google.com – https://9to5google.com/2023/12/29/google-account-cookies/