Cybercriminals can now access your Google account without needing your password, maintaining continuous entry even after a password reset. The security loophole, identified by cybersecurity firm CloudSEK and disclosed by The Independent, stems from third-party cookies used by websites and browsers to track and enhance user activity. Google’s authentication cookies, which store login details, are now vulnerable. Hackers can exploit this to bypass two-factor authentication, gaining persistent access to Google services.
CloudSEK stresses the need for vigilant monitoring of vulnerabilities and human intelligence sources to stay ahead of cyber threats, stating, “This exploit allows continuous access to Google services even after a password reset.”
Google Chrome is strengthening its defenses against malware to protect users. Google assured, “We routinely upgrade our defenses and take action to secure any compromised accounts detected.”
The Independent recommends users take precautions, like removing malware and enabling Enhanced Safe Browsing in Chrome. As Google addresses the security concern, users should stay informed and take necessary steps to protect their accounts from unauthorized access. Online safety is a shared responsibility, and proactive measures are crucial in our increasingly digital world.