Recent reports from BleepingComputer, CloudSEK, and Hudson Rock has reported a new
critical vulnerability affecting
Google Chrome
users. The new
malware
appears to be bypassing Chrome's security and allowing access to Google account and also
login tokens
stored in the browser.
What is this new malware?
This security flaw involves the installation of malware on desktops, allowing attackers to extract and decrypt login tokens stored in Chrome's local database.
The compromised tokens are then utilised to trigger requests to a
Google API
, typically employed by Chrome for account synchronisation across Google services. This process results in the creation of persistent Google cookies, facilitating unauthorised access to user accounts.
This new vulnerability is particularly different because it has the ability to bypass two-factor authentication as well. Also, it continues to gain access despite changing the password. This raises concerns about the efficacy of this additional security layer.
The attack leverages a key infusion from restore files, enabling the reauthorisation of cookies even after a password change. The alarming aspect is that this "restoration" process can be repeated multiple times without the victim's awareness of compromise.
This vulnerability, in particular, isn't new. It was initially surfaced in mid-November and the report has mentioned a total of six malware groups with access to and actively selling this vulnerability.
Some sellers claim to have updated the exploit to counter the security measures implemented by Google, adding a layer of complexity to mitigation efforts.
What's the solution
Right now, there's no details available on how to stay protected against it. We expect a good malware software or keeping the entire device protected can help.
English (US) ·