A possible attack may have very unpleasant consequences, because with one account we have access to the entire Google service empire. This includes Gmail, YouTube, Drive, Maps, Calendar, Docs, Keep notebook and many other applications belonging to the company.
Serious loophole. You can lose your entire Google account
As he explains, the existence of the exploit (a program that uses existing vulnerabilities in software) was first revealed in October 2023. CloudSEK researchers have now discovered that it uses a piece of code that allows login credentials to be synchronized between various Google services.
Thanks to the fact that this data in the form of login tokens is saved by the browser, we do not have to authenticate the login every time when going from Gmail to Docs, Notes or any other Google application. At least within the same browser. This is a very convenient solution for the user.
According to researchers, this data can be used to take over access to the entire Google account because cybercriminals have a way to extract and decrypt such information. In a similar way, they will also be able to decode and read passwords saved in Chrome. As if that were not enough, hackers can retain access to someone else’s account even after its owner has changed the login password.
Experts say that to protect yourself from losing your Google account, you must first log out of it, then change your password and log in again. This allows the keys stored by a given browser to be invalidated.
Google has also already commented on the matter and – as it explains in a statement to Bleeping Computer – it is aware of the matter and is constantly improving security to prevent this type of attacks. The company also states that attacks using software that steals cookies and tokens are nothing new. He adds that, contrary to what experts say, hijacked login sessions can be expired by logging out of the Google account on a given browser or closing it from the device manager page. Google also urges users to take steps to minimize the risk of their computers being infected with malware.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
