Hackers discover way to access Google accounts without a password::‘Exploit enables continuous access to Google services, even after a user’s password is reset,’ researcher warns
Hackers discover way to access Google accounts without a password::‘Exploit enables continuous access to Google services, even after a user’s password is reset,’ researcher warns
I thought session hijacking could only be done with 1st party cookies from google itself. I didn’t know you could session hijack with 3rd party cookies. That’s pretty interesting.
The article mentions third party cookies, but it’s talking about hackers stealing first party cookies (specifically authentication cookies).