https://www.forbes.com/sites/daveywinder/2022/08/02/gmail-warning-as-new-attack-bypasses-passwords--2fa-to-read-all-email/?sh=26b2da4288d92
SHARPEXT can access Gmail without compromising login credentials

SHARPEXT reads Gmail emails silently without triggering Google unusual
usage protections.

According to cyber security firm Volexity, the threat research team has
found the North Korean 'SharpTongue' group, which appears to be part of, or
related to, the Kimsuky advanced persistent threat group, deploying malware
called SHARPEXT that doesn't need your Gmail login credentials at all.

There is nothing to alert Google and the user that someone has logged into
Gmail from a different browser, machine, or location. Bypassing this
protection is crucial as it means the threat actors can remain truly
persistent, reading all the received and sent emails as if they were the
user themselves.

The good news is that your system needs to be compromised by some means
before this malicious extension can be deployed.

"Remarkably, the malware is delivered and installed by PowerShell,
something all too typical, and you would think that by now, the built-in
protections to the Microsoft Operating System, third-party extended
detection and response (XDR), and endpoint detection and response (EDR),
along with browser malware protection in the Windows version of Chrome," he
concludes, "would easily prevent these invoke PowerShell attacks.
Especially on workstations where you would think PowerShell activities
would be rare for most victim organization's users."

Off-topic troll...

--
NewsKrawler <newskrawl@krawl.org> wrote:

> Path: not-for-mail
> From: NewsKrawler <newskrawl@krawl.org>
> Newsgroups: alt.comp.os.windows-10
> Subject: SHARPEXT can access Gmail without compromising login credentials
> Date: Thu, 4 Aug 2022 03:04:53 -0000 (UTC)
> Organization: To protect and to server
> Message-ID: <tcfd0k$1719i$1@paganini.bofh.team>
> Injection-Date: Thu, 4 Aug 2022 03:04:53 -0000 (UTC)
> Injection-Info: paganini.bofh.team; logging-data="1279282"; posting-host="Dj+cCDj8UalGBjrWyMkOzw.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team";
> X-Notice: Filtered by postfilter v. 0.9.1
> X-Received-Bytes: 2279

See also these Jake Isks (aka John Doe) troll nym-shift names:

John Doe <always.look@message.header>
John <look@post.header>
Judge Dredd <always.look@post.header>
"Edward's Mother" <always.see@post.header>
"Edward's Father" <always.see@post.header>
Edward Hernandez Loves Porn <always.view@post.header>
Edward Hernandez Smells Funny <view@post.header>
Jack Webb <myopinion@least.com>

Jake Isks (aka John Doe troll) claiming it has never nym-shifted on
Usenet: http://al.howardknight.net/?ID=165248158300

In message-id <t6nt3e$7bp$3@dont-email.me>
(http://al.howardknight.net/?ID=165357273000) posted Thu, 26 May 2022
12:50:54 -0000 (UTC) John Dope stated:

> Always Wrong, the utterly foulmouthed group idiot, adding absolutely
> NOTHING but insults to this thread, as usual...

Yet, since Wed, 5 Jan 2022 04:10:38 -0000 (UTC) John Dope's post ratio
to USENET (**) has been 76.9% of its posts contributing "nothing except
insults" to USENET.

** Since Wed, 5 Jan 2022 04:10:38 -0000 (UTC) John Dope has posted at
least 3730 articles to USENET. Of which 176 have been pure insults and
2691 have been John Dope "troll format" postings.

The Troll Doe stated the following in message-id
<sdhn7c$pkp$4@dont-email.me>:

> The troll doesn't even know how to format a USENET post...

And the Troll Doe stated the following in message-id
<sg3kr7$qt5$1@dont-email.me>:

> The reason Bozo cannot figure out how to get Google to keep from
> breaking its lines in inappropriate places is because Bozo is
> CLUELESS...

And yet, the clueless Troll Doe has itself posted yet another
incorrectly formatted USENET posting on Fri, 05 Aug 2022 01:43:16 GMT in
message-id <UA_GK.1199364$cEE9.575037@usenetxs.com>.

fyw4YqTZD92h

Both the "Jack Webb" & "Edward Hernandez" trolls did not understand this is
a Windows-only problem, powershell-only, and a Windows Chrome only issue.

They didn't even read the cite before making their senseless declarations.

Please ignore my prior response to the troll as I have since found out that
the "Edward Hernandez" troll is forging the "Jack Webb" account, according
to a subsequent explanatory post by "Jack Webb" on the Windows 11 ng.

Suffice to say this is a Windows only problem due to a flaw in Powershell
that affects Chrome-like browsers (Microsoft's and Google's anyway).

NewsKrawler <newskrawl@krawl.org> wrote:

> Both the "Jack Webb" & "Edward Hernandez" trolls did not understand this is
> a Windows-only problem, powershell-only, and a Windows Chrome only issue.

"NewsKrawler" had also not understood this, because "NewsKrawler" posted
the same to both the Firefox and Thunderbird newsgroups. (That is, to
both alt.comp.software.firefox and alt.comp.software.thunderbird.)

On 2022-08-05, Old Mother Hubbard <hubbard@cupboard.bare.invalid> wrote:

> "NewsKrawler" had also not understood this, because "NewsKrawler" posted
> the same to both the Firefox and Thunderbird newsgroups. (That is, to
> both alt.comp.software.firefox and alt.comp.software.thunderbird.)

When it was breaking news, it was unknown to me that ONLY Chrome and Edge
were affected. Not even Chromium (as far as I'm aware at this moment).

Just Chrome and Edge.
However at the time the news was posted that wasn't known to be the case.

What more do you know about this exploit that hasn't been publicized yet?