ijeff@lemdro.idM to Android@lemdro.idEnglish · 11 months agoMalware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accountswww.bleepingcomputer.comexternal-linkmessage-square4fedilinkarrow-up192arrow-down13cross-posted to: hackernews@derp.foo
arrow-up189arrow-down1external-linkMalware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accountswww.bleepingcomputer.comijeff@lemdro.idM to Android@lemdro.idEnglish · 11 months agomessage-square4fedilinkcross-posted to: hackernews@derp.foo
minus-squarethantik@lemmy.worldlinkfedilinkEnglisharrow-up23arrow-down5·edit-211 months agoLooks like another good reason not to ever use Chrome – even on Mobile.
minus-squareepyon22@programming.devlinkfedilinkEnglisharrow-up17·11 months agoThey seemed to have demonstrated it on chrome and leveraged by the chrome browser but I don’t see why this couldn’t be exploited on any browser.
minus-squarePretzilla@lemmy.worldlinkfedilinkEnglisharrow-up6arrow-down2·11 months agoChromium is implied. Firefox isn’t based on that code base unlike most every other browser.
minus-squareepyon22@programming.devlinkfedilinkEnglisharrow-up4·11 months agoIt’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else
Looks like another good reason not to ever use Chrome – even on Mobile.
They seemed to have demonstrated it on chrome and leveraged by the chrome browser but I don’t see why this couldn’t be exploited on any browser.
Chromium is implied. Firefox isn’t based on that code base unlike most every other browser.
It’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else