Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
It’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else
They seemed to have demonstrated it on chrome and leveraged by the chrome browser but I don’t see why this couldn’t be exploited on any browser.
Chromium is implied. Firefox isn’t based on that code base unlike most every other browser.
It’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else