ijeff@lemdro.idM to Android@lemdro.idEnglish · 9 months agoMalware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accountswww.bleepingcomputer.comexternal-linkmessage-square4fedilinkarrow-up199arrow-down12
arrow-up197arrow-down1external-linkMalware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accountswww.bleepingcomputer.comijeff@lemdro.idM to Android@lemdro.idEnglish · 9 months agomessage-square4fedilink
minus-squareepyon22@programming.devlinkfedilinkEnglisharrow-up18·9 months agoThey seemed to have demonstrated it on chrome and leveraged by the chrome browser but I don’t see why this couldn’t be exploited on any browser.
minus-squarePretzilla@lemmy.worldlinkfedilinkEnglisharrow-up6arrow-down2·9 months agoChromium is implied. Firefox isn’t based on that code base unlike most every other browser.
minus-squareepyon22@programming.devlinkfedilinkEnglisharrow-up4·9 months agoIt’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else
They seemed to have demonstrated it on chrome and leveraged by the chrome browser but I don’t see why this couldn’t be exploited on any browser.
Chromium is implied. Firefox isn’t based on that code base unlike most every other browser.
It’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else