Google has identified a vulnerability that allows malware to exfiltrate files from Chrome and gain access to Google Accounts, exploiting an undocumented Google OAuth endpoint called MultiLogin to steal session tokens and generate persistent Google cookies, granting continuous access to Google services even after a password reset or logging out.
View full story…
Google Acknowledges Severe Vulnerability Allowing Malware to Steal Files from Chrome and Gain Unauthorized Access to Google Accounts
