Home > News > Google on Cookie Risk: “No New Threat” 🍪🚫

Google on Cookie Risk: “No New Threat” 🍪🚫

dall·e 2024 02 16 17.24.18 create a feature image for the article titled google downplays security risk of cookies as nothing new. imagine a relaxed or dismissive figure perh

Google Downplays Security Risk of Cookies as Nothing New

Security researchers have recently uncovered a new malware that can reactivate expired authentication tokens through a Google Chrome API. This feature can be exploited by cybercriminals to remain logged into their victims' Google accounts for longer periods, potentially compromising sensitive information. Despite the severity of this vulnerability, Google has attempted to downplay its significance, stating that it is simply a case of session cookie theft.

This has left many users wondering whether the vulnerability is a real threat or not. In this article, we will explore the facts behind this issue and answer some frequently asked questions to provide a clearer understanding of the situation.

Vulnerability, or not?

Google Downplays the API Vulnerability

Google has downplayed the recent API vulnerability in Chrome, which allows hackers to steal session tokens and cookies. In a statement shared with BleepingComputer, the search engine giant stated that “attacks involving malware that steal cookies and tokens are not new; we routinely upgrade our defenses against such techniques and to protect users who fall victim to malware.” Google does not see this as a vulnerability but believes that the API works as intended.

Google's Advice to Users

Google has advised users to log out of their Chrome browser and end all active sessions via g.co/mydevices to invalidate the Refresh token. Additionally, Google recommends that users remove any malware from their computers and enable Enhanced Safe Browsing in Chrome to protect against phishing and malware downloads. However, users rarely take proactive steps to protect themselves from malware, and by the time they are infected, it is often too late.

Lumma Infostealer Can Recover Expired Google Cookies

In November 2023, cybersecurity researchers at Hudson Rock warned that the latest version of the Lumma infostealer was observed to be able to recover expired Google cookies. The team discovered an advertisement for the feature posted on a dark web forum, stating that the version released on November 14 “can recover dead cookies using a key from recovery files.” The advertisement emphasizes that this only applies to Google cookies.

Google's response to the API vulnerability has been criticized by privacy advocates and regulators who argue that the company should be doing more to protect user privacy. However, Google's defenders argue that the company is doing its best to balance user privacy with the needs of the ad tech industry, which relies on tracking and ad targeting to generate profit. Despite the controversy, Google continues to develop new tools and defenses to protect user privacy, although only a small percentage of users opt out of cross-site tracking and profile building.

In conclusion, the recent API vulnerability in Chrome highlights the ongoing struggle between user privacy and the needs of advertisers and the ad tech industry. While Google's response to the vulnerability has been criticized by some, the company continues to take steps to enhance user privacy and security. Users can protect themselves by following Google's advice to log out of their Chrome browser, remove malware from their computers, and enable Enhanced Safe Browsing.

Frequently Asked Questions

What Are the Implications of Google's Decision to Phase Out Third-Party Cookies?

Google's decision to phase out third-party cookies is expected to have significant implications for the digital advertising industry. Third-party cookies are used to track user behavior across the web, and advertisers use this data to deliver targeted ads. Without third-party cookies, advertisers will need to find new ways to track user behavior and deliver targeted ads.

How Will Google's New Advertising Technology Affect User Privacy?

Google is developing new advertising technology that it claims will be more privacy-friendly than third-party cookies. The new technology, called Federated Learning of Cohorts (FLoC), groups users into cohorts based on their browsing behavior. Advertisers can then target these cohorts with ads, rather than targeting individual users. Google claims that FLoC is more privacy-friendly because it does not track individual user behavior. However, some privacy advocates have raised concerns that FLoC could still be used to identify individual users.

What Alternatives to Cookies is Google Considering for Targeted Advertising?

In addition to FLoC, Google is exploring other alternatives to cookies for targeted advertising. One alternative is to use first-party data, which is data collected directly from users by websites and apps. Google is also exploring the use of machine learning to analyze user behavior and deliver targeted ads.

How Does Google's Approach to Cookies Impact the Digital Advertising Industry?

Google's decision to phase out third-party cookies is expected to have a significant impact on the digital advertising industry. Advertisers will need to find new ways to track user behavior and deliver targeted ads. Some experts predict that this could lead to a shift towards first-party data and contextual advertising.

What Measures is Google Taking to Address Security Concerns with Cookies?

Google is taking several measures to address security concerns with cookies. For example, Google is working to improve the security of its cookies by using HTTP-only cookies, which can only be accessed through HTTP requests. Google is also working to improve the security of its advertising technology by using encryption and other security measures.

What is the Timeline for Google's Proposed Changes to Cookie Usage in Chrome?

Google has announced that it plans to phase out third-party cookies in Chrome by 2023. However, the exact timeline for this change is still unclear. Google has stated that it will work with the digital advertising industry to develop new privacy-friendly advertising technologies.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.