news 
Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk
A recent attack on the Cyberhaven Chrome extension has revealed a major vulnerability in two-factor authentication (2FA) systems. The malicious extension, version 24.10.4, was available for download and installation between Christmas Day and Boxing Day last year.
The vulnerability exploited an attacker-in-the-middle technique, where credentials were entered normally, but when it came to the 2FA code entry part, an attacker would intercept the session cookie that is created after a correct code is entered. This captured cookie could then be used to re-run the authenticated user’s session at a later time.
This means that millions of Google Chrome users who installed and updated their browsers during this period are now at risk of having their sessions compromised. According to Cyberhaven, only customers using Chrome-based browsers that auto-updated during the attack would have been affected.
The impact is significant as 2FA bypass attacks can be used to access sensitive information such as social media advertising accounts, AI platforms, and more. The Federal Bureau of Investigation has already warned people about session cookie theft, which can be used to bypass 2FA account protections.
To mitigate the risk of these attacks, Google recommends using passkeys, which provide stronger protection against phishing and other social engineering attacks compared to SMS, app-based one-time passwords, and traditional two-factor authentication methods. Additionally, a client-side Browser Detection-Response tool can prevent unknown third-party apps from requesting dangerous OAuth scopes.
It is essential for users to verify that their Chrome extension has updated to the latest version, 24.10.5 or newer. Cyberhaven has also removed the malicious extension from the Chrome Web Store and notified all affected customers and those who were not impacted in a show of transparency.
While some may think that 2FA bypass attacks are a rare occurrence, this incident proves otherwise. It is crucial for users to remain vigilant and take proactive steps to secure their online accounts.
Sources:
Forbes Beware: Cyberhaven Chrome Extension Users Targeted By 2FA Bypass Attack
FBI Warns Of Brute-Force Password Spy Attacks—What You Need To Know
Source: www.forbes.com
