Chrome is the preferred browser of many, and with an abundance of add-ons and customizable features available on desktop, it’s hard to deny its many benefits. That being said, bad actors are all too aware of how many people rely on Chrome for everyday web browsing — and this makes it an unfortunate target. Now, it seems that a fully functional API is being exploited bymalware, and little is being done about it.
BleepingComputeroriginally caught onto a Chrome API that is being exploited by bad actors to revive expired authentication cookies for Google accounts. In turn, this allows hackers to log into your accounts again, as long as you haven’t logged out of Chrome or ended your sessions. Once these bad actors are in, they can gain access to all of your authentication tokens across Chrome and continue to steal your data.
Google is supposedly aware of the vulnerability, but BleepingComputer suggests that it’s treating the problem like standard malware-based cookie theft. This isn’t to say that the company doesn’t care, and it specified that it has secured compromised accounts — but because the API is functioning as intended, Google seems to be skeptical of exploitation reports.
To protect yourself from any sort of attack based around this vulnerability, the best preventative measure is to log out of Chrome andlog out of active sessionsfrom your Google account security settings — this will make the refresh token useless to hackers. That being said, it’s fairly difficult to determine if your account or browser has been compromised. In many cases, it’s unclear until credentials are misused. Google recommends using Enhanced Safe Browsing mode while utilizing Chrome as a standard practice against malware.
This isn’t the first time that hackers have exploited Chrome vulnerabilities, and some recently turned to cookies to do so. At least six malware developers have started hunting down session cookies, which allow them to gain access to user accounts — evenafter they have logged outof sessions in Chrome. Google has already acknowledged the vulnerability and seems to be working on a fix. Again, the company is advising everyone to use Enhanced Safe Browsing while logged into Chrome.
Unfortunately, there is only so much that can be done when it comes to protecting your data on the web. In many instances, safeguarding your information against bad actors is as simple as changing your password — this is a common fail-safe that companies recommend in the event of an exploited vulnerability. However, it doesn’t hurt to pay extra attention to your accounts, if only for the sake of identifying suspicious activity. Doing this due diligence might just save you a hassle and a headache.
