"Google Accounts at Risk: OAuth Flaws and Malware Enable Unauthorized Access"
Originally Published 2 years ago — by TechSpot
A vulnerability in Google's OAuth protocol, named "MultiLogin," was exploited by a malware developer, allowing cyber-criminals to hijack Google accounts by synchronizing them across services. The exploit enables persistent access to Google services even after a password reset, by generating valid session cookies. Google has acknowledged the issue and taken steps to secure affected accounts, advising users to log out to invalidate stolen tokens and recommending the use of Enhanced Safe Browsing in Chrome for additional protection.