Most websites you visit in your browser will ask you to accept or reject cookies, and for the most part, these cookies can be helpful and they're supposed to have a limited lifespan. Browser cookies can remember what's in your shopping cart or save your login status on a website, making your browsing experience easier.
Unfortunately, a recent report from CloudSEK researchers (via BleepingComputer and Android Police) outlines how hackers have been using a zero-day exploit to restore expired Google authentification cookies. Put simply, this exploit means that hackers can use your expired browser cookies to bypass two-factor authentication and gain access to your Google account.
How can you protect your Google account login details?
Six malware groups are currently selling this exploit, and with no word from Google yet on the exploit or their plans to combat it, there's no way to know how long your login details will be vulnerable or even if you've been affected.
According to a discussion between BleepingComputer and CloudSEK researcher Pavan Karthick, the company was able to reverse-engineer the exploit and "use it to regenerate expired Google authentication cookies, as shown below."
Although Karthick and other CloudSEK researchers were able to successfully regenerate authentication cookies for Google account login details (thus verifying the exploint), here's some good news. Karthick explained to BleepingComputer that "the authentication cookie can only be regenerated once if a user resets their Google password."
This means that if you reset your Google account password, hackers can still gain access one more time by regenerating authentication cookies, but not after that. If you don't change your password, the authentication cookie can be regenerated multiple times, giving hackers continuous access to your account. Simply signing out of your account won't prevent authentication cookies from being used to access your account.
And unfortunately, until the exploit is addressed by Google and fixed, hackers could repeat the process again with your new login credentials after you change your password. Google hasn't officially said anything about this security exploit, but the company issued countermeasures to seemingly fight off hackers, but malware group Lumma issued an updated exploit that bypassed Google's countermeasures.
There doesn't seem to be a permanent fix to protect yourself from this vulnerability. Your best chance will be changing your Google account password regularly, and hoping that Google updates its users soon with a plan of action. Check out the best password managers to keep track of all your passwords.