ijeffM to [email protected]English • 6 months agoMalware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accountswww.bleepingcomputer.comexternal-linkmessage-square4fedilinkarrow-up1100arrow-down12cross-posted to: [email protected]
arrow-up198arrow-down1external-linkMalware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accountswww.bleepingcomputer.comijeffM to [email protected]English • 6 months agomessage-square4fedilinkcross-posted to: [email protected]
minus-square@[email protected]linkfedilinkEnglish20•edit-26 months agoLooks like another good reason not to ever use Chrome – even on Mobile.
minus-square@epyon22linkEnglish20•6 months agoThey seemed to have demonstrated it on chrome and leveraged by the chrome browser but I don’t see why this couldn’t be exploited on any browser.
minus-square@[email protected]linkfedilinkEnglish4•6 months agoChromium is implied. Firefox isn’t based on that code base unlike most every other browser.
minus-square@epyon22linkEnglish4•6 months agoIt’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else
Looks like another good reason not to ever use Chrome – even on Mobile.
They seemed to have demonstrated it on chrome and leveraged by the chrome browser but I don’t see why this couldn’t be exploited on any browser.
Chromium is implied. Firefox isn’t based on that code base unlike most every other browser.
It’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else