A researcher (mrd0x) has developed a new phishing technique that can bypass MFA and steal login cookies through Microsoft Corp.’s Edge WebView2.
Mrd0x also explains that WebView2 can be used to steal all available cookies for the current user in Google LLC’s Chrome. WebView2 allows an attacker to launch with an existing user data folder rather than creating a new one. The UDF contains all passwords, sessions, and bookmarks relating to the user.
This could be easily used to steal and import cookies using a simple Chrome extension such as EditThisCookie, the alarming thing is that the attack methodology completely bypasses MFA, one-time passwords, and security keys, since the cookies are stolen after the user is already logged in.
To protect against attacks such as this, having a policy against downloading or running unapproved software or browser add-ins, and educating users on the dangers of running this type of software, can have a significant reduction in risk for the organization.