A serious vulnerability related to Cookies in Chrome is allowing attackers take over other people’s Google accounts without permission, even if the user has recently changed the password. This is malware that, fortunately, the company is already aware of. Google has, in fact, shared a solution.
Specifically, the vulnerability, initially discovered by a developer, as detailed in an article by CloudSEKallows attackers to install malware on computers to “extract and decrypt login tokens stored in Chrome’s local database.”
These tokens are then used to send a request to a Google API intended to synchronize accounts in the different services that the company has, which allows the creation of “stable and persistent Google cookies” related to authentication and, therefore, access different Google accounts. The problem is that attackers can perform this same process repeatedly, even if the user changes their Google account password. It is also unclear whether two-factor authentication prevents attackers from accessing accounts.
On the other hand, and as detailed BleepingComputer“at least six data thieves currently claim to have the ability to regenerate Google cookies using this API endpoint,” so The vulnerability has been exploited by hackers repeatedly.
Google is already aware of this malware: this is the solution
9to5Google has had access to Google’s statements about this vulnerability that can seriously affect user accounts. The company claims that “is aware of recent reports about a malware family that steals session tokens”. It also highlights that these types of vulnerabilities are not new, and that they are constantly working to avoid them.
In this case, the company emphasizes that there are some errors in the reports shared by the different portals and that, in fact, there is a way to prevent attackers from accessing a user’s Google account. Simply, must log out of the affected browser or device. It can even be done remotely.
“It is important to note that there is a misconception in reports that suggests that the user cannot revoke stolen tokens and cookies. This is incorrect, as stolen sessions can be invalidated by simply logging out of the affected browser or revoked remotely via the device page of the user. “We will continue to monitor the situation and provide updates as necessary.”
Google.