A vulnerability in the OAuth system could allow hackers to access your Google account information via cookies. Even recovering your password is not enough.

A hacker named PRISMA claimed in October to have discovered a flaw in Google security that could recover expired Google authentication tokens. These cookies contain your Google Account login details and can therefore be misused by an attacker to log in to your Google Account. Since then, at least six malware viruses have appeared in the Chrome browser attempting to exploit the vulnerability.

A cookie of your own medicine

The flaw lies in a 0Auth API called MultiLogin, as CloudSek detailed in a blog post at the end of December. The API is responsible for synchronizing your account information across different Google services. Therefore, it stores a vector of account IDs and login tokens to manage concurrent sessions or switch between user profiles.

The malware virus tries to retrieve and unblock this data from the local web database in the Chrome browser. The authentication tokens can then be used to generate session cookies that reveal your Google account information. Session cookies are typically deleted from your browser after each active surfing session. CloudSek discovered that this exploit can be used again even if the user resets their password.

Google: “Sign out of your account”

Google has now responded to the vulnerability via 9to5Google. According to Google, such attack techniques are not new and measures have been taken to secure compromised accounts. Google also contradicts reports that stolen credentials can no longer be recalled.

These can be reversed by logging out of your account or ending active sessions within it Your devicesMenu in Settings. Google also recommends being careful when installing unknown software or opening email attachments, as these are the most common ways malware can infect your device. Safe Browsing mode in Chrome increases the browser’s built-in security, although you sacrifice some privacy in the process.