Google OAuth secrets exposed as account-hijacking MultiLogin vulnerability discovered

https://www.techspot.com/news/101404-google-oauth-secrets-exposed-account-hijacking-multilogin-vulnerability.htmlOpen link View original on lemmy.nz

121

Comments6

AliasAKA

lemmy.world

MultiLogin is a Chromium feature that can be abused to compromise a user's Google account. The "bug" was unveiled by a malware developer known as PRISMA in October 2023. The cyber-criminal shared details about a critical exploit designed to generate persistent cookies for "continuous" access to Google services, even after a user's password reset.

Oof. Another good reason to use Firefox I guess?

Eggyhead reply

kbin.social

Recent infostealer malware can infect a user's PC, scan the machine for Chromium session cookies, then exfiltrate and send the data to remote servers controlled by cyber-criminals.

Just to add a little more weight to your point.

Cyborganism

lemmy.ca

Oof... That not good. But I think they'll just have to invalidate all the tokens, right? That should be pretty easy, right?