How could this be exploited?: OAuth provides a way of giving access to something without the need for a password. It’s useful in multiple scenarios, for example, in single sign-on (SSO). Users might also encounter it when giving a contact access to a file or document in a cloud service such as Microsoft 365 without passing on their account credentials.Importantly, OAuth kicks in after MFA, which means that if an attacker can trick users into revealing their OAuth token in a URL, they can effectively bypass this control.The flaw Kokorin discovered is that Chrome was including sensitive data such as this in its query parameters, making it a tempting target for an attacker able to lure someone to a bogus site where this data can be stolen.Probably not coincidentally, recent weeks have seen a spate of sometimes elaborate attacks attempting to do just this, as documented by security vendors. These might or might not be related to the attacks Google talks about in its alert.The Google update also mentions one other critical flaw, CVE-2025-4609, which, as far as the company knows, is not being exploited. The final two vulnerabilities are not itemized so are, presumably, less serious.Enterprises looking to patch the vulnerability should look for versions 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux.Enterprises should always triage this type of flaw carefully. They need to patch it quickly, but how quickly depends on the likelihood of their being targeted by the exploit.That risk will currently be modest. However, given that the attackers most likely to be exploiting it are Russian, there is a risk it will spread to ransomware attacks fairly soon.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3986931/google-patches-chrome-vulnerability-used-for-account-takeover-and-mfa-bypass.html
