A serious cookie-related vulnerability, which first involves exfiltration of Chrome files by malware, appears to allow access to your Google account even if you change your password. So let’s look at this threat that accesses your Google account.
Threat accesses your Google account even if you change your password
Several information-stealing malware families are abusing a system to restore expired authentication cookies and log into user accounts, even if the password has been reset.
Session cookies are a special type of cookie that contains authentication information, allowing a person to automatically log in to websites and services without entering their credentials. These types of cookies are intended to have a limited lifespan. This means they cannot be used indefinitely by criminals to log into accounts if they are stolen.
Either way, they allow criminals to gain unauthorized access to Google accounts. This is after the rightful owners have logged out, reset their passwords or their session has expired.
The most worrying thing is the way in which this “restoration” process can be done several times. All without the victim ever realizing the attack on their account. Even worse is the fact that, even after a Google Account password reset, this exploit can be used once again by the bad actor to gain access to your account.
Several malware groups, six according to BleepingComputer’s count, have access to this vulnerability and are selling it. This exploit first received special attention in mid-November. Some of these groups claim that they have already updated this vulnerability to combat the countermeasures that Google has implemented.
In fact, it is a threat that must be taken very seriously and at the moment there is no great form of protection. Therefore, it is up to Google to resolve this situation quickly.