A malware developer was recently able to discover one of Google's OAuth secrets, a previously unknown feature named "MultiLogin" that is responsible for synchronizing Google accounts across...
  • AliasAKA@lemmy.worldEnglish
    431·
    1 year ago

    MultiLogin is a Chromium feature that can be abused to compromise a user’s Google account. The “bug” was unveiled by a malware developer known as PRISMA in October 2023. The cyber-criminal shared details about a critical exploit designed to generate persistent cookies for “continuous” access to Google services, even after a user’s password reset.

    Oof. Another good reason to use Firefox I guess?

    • Eggyhead@kbin.social
      16·
      1 year ago

      Recent infostealer malware can infect a user’s PC, scan the machine for Chromium session cookies, then exfiltrate and send the data to remote servers controlled by cyber-criminals.

      Just to add a little more weight to your point.

  • CyborganismEnglish
    19·
    1 year ago

    Oof… That not good. But I think they’ll just have to invalidate all the tokens, right? That should be pretty easy, right?