Browser cookies let your web browser recall your activities on websites, like keeping track of items in your shopping cart, saving form data, and remembering your login status. On the flip side, these same cookies can also provide a gateway for harmful malware to access your personal information and banking details.
Even though Google Chrome is cracking down on third-party cookies, a newly found vulnerability in cookies puts Google accounts at risk, even if you change your passwords. To make matters worse, at least six malware groups are actively selling this exploit.
Normally, cookies can read data from a website and get saved on your device with the web browser. But here’s the catch – shady individuals can exploit cookies to snatch up your personal info. According to Bleeping Computer, there’s a recent case where hackers attempted to recover session cookies, which hold user authentication data. As the name implies, these session cookies are usually temporary and make logging in a breeze without having to type in your username and password every time, as reported by 9to5Google.
Google relies on these cookies to store your login details when you log in to your account. However, there’s a newly discovered zero-day exploit that lets cybercriminals grab these session cookies, giving them unauthorized access to user accounts.
The risks here are big because these cookies sidestep the usual password and two-factor authentication measures that secure Google accounts. This implies that hackers can log in to accounts, even if the actual user resets their password or logs out.
Back in October 2023, a troublemaker named PRISMA spilled the beans on this vulnerability, and CloudSek researchers reverse-engineered it. They managed to resurrect Google authentication cookies that were supposed to expire with the session. On a positive note, regenerating cookies only happens once if you change your password, but there’s no cap on how many times they can be regenerated.
While all this is going on, Google appears to be tackling the problem. One of the malware developers taking advantage of the vulnerability released an update to get around Google’s countermeasures. Despite this, the tech giant hasn’t responded to several questions from BleepingComputer regarding their plans to minimize the damage.
Right now, these session cookies pose a zero-day threat, and at least six malware developers are taking full advantage. So, it’s hard to tell right away if you’ve fallen victim to this kind of attack. To stay safe, steer clear of installing software from sketchy sources. If you’re a Google Chrome user and spot anything fishy happening with your Google account, don’t waste time – change your password ASAP.