Browser cookies are designed to enhance your browsing experience – remembering items in your shopping cart, data you enter in forms, and keeping you logged into websites.
However, the same cookies that provide a better user experience can also expose your personal details to risk. They create an avenue for malware to capture information like banking credentials as you browse online.
A recently discovered zero-day exploit allows hackers to restore expired Google session cookies used for authentication.
What is a Zero-Day Exploit?
A zero-day exploit refers to a vulnerability that is unknown to the party who would need to address it (like Google). The term comes from the fact that the vulnerable party has “zero days” to fix it before attackers exploit it.
Also Read: Cybersecurity in 2024: Towards ever greater sophistication of tactics
Hackers can take advantage of these vulnerabilities before patches are available since they are undisclosed.
The Cookie Vulnerability in Google Chrome
Google Chrome, like many other web browsers, uses cookies to save login credentials when you sign into your account.
A recently discovered zero-day exploit allows cybercriminals to retrieve these session cookies and gain unauthorized access to user accounts. This is significant because these cookies bypass passwords and two-factor authentication typically used to secure Google accounts.
This means hackers can sign in to accounts even if the real user resets their password or signs out. The vulnerability was first revealed in October 2023 by a bad actor who goes by PRISMA.
CloudSek researchers reverse-engineered this vulnerability and successfully revived Google authentication cookies, which should have expired with the session.
Also Read: Remote app uninstallation is coming to the Play Store
While resetting your password currently blocks renewed access, there seems to be no limit to how many times a cookie can be regenerated otherwise. And malware developers are working to bypass Google’s safeguards too
Google’s Response and User Protection
Google seems to be working on fixing the issue, as evidenced by one of the malware developers exploiting this vulnerability issuing an update to bypass Google’s countermeasures.
For now, these session cookies are a zero-day vulnerability being exploited by at least six malware developers actively. So, there’s no immediate way to know if you’ve been compromised in such an attack.
To protect against such attacks, we strongly advise you to do the following:
- Avoid installing software from unknown sources
- Watch closely for unrecognized account activity
- Change passwords routinely
- Enable two-factor authentication
It’s also wise to minimize cookies generally and clear your browser data regularly. Stay vigilant for other unusual behaviors that could signal account takeover or identity theft.
If you use Google Chrome and you notice any abnormal activity on your Google account, do not hesitate to change your password immediately.
As cybercriminals become more sophisticated, vulnerabilities like this cookie exploit pose serious threats even to trusted platforms like Google accounts. Following best security practices is essential.
