news 
Google Chrome 2FA Bypass Attacks Confirmed—Millions Of Users At Risk
Recently, a severe security vulnerability was discovered in the Cyberhaven Chrome extension, which allows attackers to bypass two-factor authentication (2FA) and gain unauthorized access to user accounts. The vulnerability affects millions of users worldwide who rely on Google Chrome for their daily browsing needs.
Here is the context: An attacker could exploit this issue by injecting malicious code into a legitimate 2FA prompt. When the victim enters the correct 2FA code, the session cookie that verifies the successful authentication can be captured and stored for later use. This allows the attacker to re-run the session at their leisure, without needing to enter any additional 2FA codes.
The attackers used an attacker-in-the-middle (MitM) technique to manipulate the 2FA prompt, which is a critical security weakness that has been patched by Google Chrome developers. The vulnerability affects only version 24.10.4 of the Cyberhaven extension, and it’s essential to check your browser updates for any related patches.
In order to mitigate these types of attacks, Google recommends using passkeys instead of traditional two-factor authentication methods like SMS or app-based one-time passwords. Google claims that security keys provide stronger protection against automated bots, bulk phishing attacks, and targeted attacks than other forms of 2FA.
Vivek Ramachandran, the founder of SquareX, highlights another issue: “Employees often click through single sign-on and authorization screens, potentially granting permissions to unknown third-party apps.” He recommends disallowing apps that request risky OAuth scopes unless they are authorized. Additionally, using a client-side browser detection-response tool can help to prevent this.
For Cyberhaven’s part, the company has removed the malicious extension from the Chrome Web Store and deployed an updated version (24.10.5) to all affected users. They recommend verifying your extension has updated to this newer version if you were running 24.10.4 during the period of vulnerability.
This is a critical security issue that highlights the importance of regular browser updates, vigilance, and awareness in the fight against cybercrime.
Source: www.forbes.com
