Google tries to downplay cookie security risk as nothing new

Security researchers have warned of new malware that can revive expired authentication tokens via a Google Chrome API, allowing threat actors to stay logged into victims’ Google accounts. However, Google downplays the threat, arguing that it’s akin to simple session cookie theft rather than a vulnerability. Google advises users to log out of Chrome and end all sessions, despite this being a step most users rarely take proactively.