Reports are emerging regarding a new Google Chrome vulnerability that allows attackers to steal login tokens stored in the browser.
It is said that the new Google Chrome security flaw involves the installation of malware on desktop computers, which will then extract and decrypt login tokens stored on the browser’s local database.
The compromised tokens are then used to trigger requests to a Google API, which is usually used by Chrome for account synchronization across Google’s different services.
This process will create persistent Google cookies that facilitate unauthorized access to user accounts.
- Why you should always update your antivirus software
- Guide: Running a virus scan on your Android device
What makes this vulnerability unique is its ability to bypass two-factor authentication. It can also keep gaining access despite the user changing the password. This is made possible by the attack’s utilization of key infusion from restore files, allowing for the reauthorization of cookies even after the password has been changed.
That restoration process is what makes the attack alarming, as the attacker can continuously compromise the account without the user’s awareness.
But this isn’t particularly new as it was first spotted in November. It is said that six malware groups have access to it and are actively selling the vulnerability. Some of the sellers say that they’ve updated the attack to beat Google’s security measures.
Unfortunately, there’s no official way to be protected from the attack.
Via: Bleeping Computer