Google Chrome Faces Serious Security Threat: New Vulnerability Allows Unauthorized Account Access
Recent reports from BleepingComputer, CloudSEK, and Hudson Rock highlight a critical vulnerability affecting users of Google Chrome. This new malware is capable of bypassing Chrome's security measures, providing unauthorized access to Google accounts and login tokens stored within the browser.
Nature of the Malware
The security flaw involves the installation of malware on desktops, enabling attackers to extract and decrypt login tokens from Chrome's local database. These compromised tokens are then used to initiate requests to a Google API, typically employed by Chrome for account synchronization across various Google services. This process leads to the creation of persistent Google cookies, allowing unauthorized access to user accounts.
What sets this vulnerability apart is its ability to bypass two-factor authentication and gain access even after a password change. The attack leverages a key infusion from restore files, facilitating the reauthorization of cookies without the victim's awareness. The concerning aspect is that this "restoration" process can be repeated multiple times.
Although the vulnerability was initially identified in mid-November, recent reports indicate that six malware groups have access to and actively sell this exploit. Some sellers claim to have updated the exploit to counter security measures implemented by Google, introducing an additional layer of complexity to mitigation efforts.
Solution and Mitigation
As of now, there are no specific details available on how to protect against this vulnerability. It is recommended to employ robust malware protection software and ensure the overall security of the device. Users should stay vigilant and follow updates from trusted sources to stay informed about potential solutions as they emerge.