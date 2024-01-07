Cybercriminals have found a way to gain access to people's Google accounts without needing their password, and the new exploit gives hackers continued access to Google services even after a user's password has been reset. {{^adFree}} {{/adFree}}

The new vulnerability was analysed by security firm CloudSEK and reported by The Independent. Furthermore, the issue first came to the fore when a hacker posted about it on a Telegram channel in October 2023.

The Independent report noted how Google accounts could be compromised due to a vulnerability in third-party cookies, which are used by websites and browsers to track users and increase their efficiency.

In addition, Google's authentication cookies help users save their login details and log in without having to re-enter them. However, hackers have now found a way to bypass two-factor authentication and retrieve these cookies.

The blogpost by CloudSEK noted, "This exploit enables continuous access to Google services, even after a user's password is reset…It highlights the necessity for continuous monitoring of both technical vulnerabilities and human intelligence sources to stay ahead of emerging cyber threats."

Meanwhile, The Independent report noted that Google Chrome is currently in the process of upgrading its defences and securing users from falling victim to malware. A Google statement quoted by The Independent read, "We routinely upgrade our defences against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected," Google said in a statement.

"Users should continually take steps to remove any malware from their computer, and we recommend turning on Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads." the company further noted

