A new security problem affects Google cookies. And this is a problem, since it puts user privacy at serious risk. They can have access to stored information, such as authentication data to log into an account. It can lead to identity theft, for example. We are going to explain to you what it is and what you can always do to avoid problems of this type when browsing the web.
This is a critical exploit that allows an attacker to steal and manipulate Google cookies. It has been identified by a group of Cloudsek security researchers. In addition, it is persistent, since it remains valid once the access password has been changed.
Problem for Google cookies
This exploit is capable of generating valid cookies to achieve uninterrupted access. You can decrypt Chrome’s encryption key, which is stored in the UserData directory. Therefore, an attacker could steal the cookies stored by the browser, as well as manipulate them and put the security of users at risk.
It should be noted that the Chromium source code reveals the MultiLogin endpoint, an internal synchronization mechanism for Google accounts. It is managed through simultaneous sessions where they accept the account ID and tokens to log in. It is a fundamental part of Google’s 0Auth system for cookie regeneration.
The exploit is capable of manipulating the token and, in this way, achieving continuous cookie regeneration for Google services. Even after resetting the password, you can continue. This can lead to ongoing account exploitation, without leaving a trace.
This is not new, since this exploit was identified for the first time on October 20, but it is now that many more details are known. You can see all the information and documentation in the Cloudsek websitethe group of cybersecurity researchers behind this discovery.
Avoid these problems
These types of exploits are quite sophisticated and require advanced techniques. However, there are many similar problems that may affect home users to a greater extent. We continually see vulnerabilities that affect programs that we use on a daily basis, failures in platforms such as social networks, and errors of all kinds that can expose privacy and security.
What you should always do is keep your devices correctly updated. Make sure you have the latest versions, as that is what will help you fix problems and prevent others from exploiting them. Install all available patches, check that you have updated device firmware, the latest version of the operating system, etc.
In addition, it is advisable to have security programs. A good antivirus can help you eliminate the entry of threats that put your passwords or personal data at risk. Always check that you have warranty software that has good reviews and is really helpful.
In short, as you see, there is a new exploit capable of putting Google cookies at risk. A problem that can put the sessions of the different services on this platform at risk. As a user, always make sure you have your accounts well protected and everything correctly updated. Just as you can see who has permissions in Drive, you can apply it to other services.
