Cybersecurity researchers have sounded the alarm over a critical vulnerability allowing hackers to access Google accounts without passwords. This exploit, discovered in October 2023, leverages malicious malware that targets third-party cookies used by Google accounts for authentication.

Services like Malwarebytes offer multi-layered protection against exploits like the one targeting Google accounts through third-party cookies. Malwarebytes Personal and Premium can detect and remove the malicious software used in this attack, preventing them from stealing your cookies in the first place.
Browser Guard adds another line of defence by blocking malicious websites and trackers that might try to exploit vulnerabilities. Furthermore, Malwarebytes Privacy VPN encrypts your online traffic, making it significantly harder for hackers to intercept your cookies even if malware infects your device.
By using these services in combination, you can significantly reduce your risk of falling victim to this type of exploit and protect your Google account and other online identities.
What Google accounts users should know
The hack
Hackers exploit a flaw in how Google’s authentication system handles cookies. These cookies, meant to streamline logins, can be intercepted by the malware, granting attackers access to the account even after password resets. This bypasses even two-factor authentication, adding another layer of concern.
Impact and response
While Google has secured compromised accounts and continues to improve its defences, individual users remain vulnerable. Researchers and Google advise taking proactive steps like removing malware and enabling Chrome’s “Enhanced Safe Browsing” feature.
Complexity and Significance: This hack highlights the evolving sophistication of cyber threats. Pavan Karthick M, the researcher who first uncovered the vulnerability, emphasises the need for continuous monitoring and intelligence gathering to stay ahead of these evolving threats.
Call to action
All Google users should be vigilant and take recommended security measures to protect their accounts. This incident underscores the importance of staying informed about evolving cyber threats and adopting robust security practices.
Additional details:
- The exploit leverages an undocumented Google OAuth2 functionality.
- The hack was first made public on a Telegram channel in October 2023.
- A detailed report on the vulnerability titled “Compromising Google Accounts: Malware Exploiting Undocumented OAuth2 Functionality for session hijacking” is available from CloudSEK.
10 Steps users can follow to protect Google accounts
Here are 10 steps you can follow to protect yourself from the Google account cookie exploit:
Install and regularly update antivirus and anti-malware software
Use reputable software like Malwarebytes Personal or Premium to detect and remove malware that could steal your cookies.
Enable enhanced safe browsing in Chrome
This feature helps block malicious websites and downloads that could lead to malware infections.
Use a VPN
A VPN encrypts your online traffic, making it harder for hackers to intercept your cookies, even if malware is present. Malwarebytes Privacy VPN is a good option.
Be cautious about email attachments and links
Don’t open attachments or click links from unknown or suspicious sources, as they could contain malware.

Why use a VPN
SECURITY: Our secure VPN sends your internet traffic through an encrypted VPN tunnel, so your passwords and confidential data stay safe, even over public or untrusted Internet connections.
PRIVACY: Keep your browsing history private. As a Swiss VPN provider, we do not log user activity or share data with third parties. Our anonymous VPN service enables Internet without surveillance.
FREEDOM: We created ProtonVPN to protect the journalists and activists who use ProtonMail. ProtonVPN breaks down the barriers of Internet censorship, allowing you to access any website or content.
Avoid downloading software from untrusted websites
Stick to official app stores and websites to download software to reduce the risk of malware infections.
Keep your software and operating system up to date
Install security patches promptly to address newly discovered vulnerabilities.
Use strong, unique passwords for all your online accounts
Avoid using the same password for multiple accounts, and make sure your passwords are complex and difficult to guess.
Enable two-factor authentication (2FA) on your Google account
This adds an extra layer of security, even if your password is compromised.
Regularly check your Google account activity
Look for any suspicious logins or activity that you don’t recognise.
Be vigilant about phishing scams
Phishing emails try to trick you into revealing personal information or clicking on malicious links. Be cautious of emails that claim to be from Google or other reputable companies.
Google accounts remain vulnerable despite hack fix: Protect yourself!
While Google has addressed a recent vulnerability that allowed attackers to hijack Google accounts even after password resets, individual users still face risks. This incident highlights the ever-evolving nature of cyber threats and the importance of robust security practices for all Google accounts users.
Here’s a call to action:
- Be vigilant and take recommended security measures to safeguard your Google accounts.
- Stay informed about evolving cyber threats and adopt robust security practices.
Remember, protecting your Google accounts is crucial in today’s digital landscape. Follow the recommended steps and stay vigilant to stay ahead of potential threats.
______________________________________

Every month in 2025 we will be giving away one PlayStation 5 Pro. To qualify subscribe to our newsletter.
When you buy something through our retail links, we may earn commission and the retailer may receive certain auditable data for accounting purposes.
Recent Articles
- Why China imposed 100% tariffs on Canada: A comprehensive analysis
- Day 16 of Ramadan: The power of dua (supplication) during Ramadan – how to pray effectively
- Day 12 of Lent: How to practise gratitude during Lent – a path to spiritual growth
- Why some people lose weight faster than others
- The benefits of online tax filing and e-file tax prep
You may also like: