Thanks, Rick.
Like most malware, it relies on first having access to to the user's computer, so having a proper endpoint security system, or a Chromebook (without rogue extensions!), is still as important as ever.
And it's a bit annoying that neither article clearly explains how to break the "hack" if affected.
One of the comments on the Bleeping article does, and is fairly easy to understand.
"Interim Remediation Steps:
While we await a comprehensive solution from Google, users can take immediate action to safeguard against this exploit. If you suspect your account may have been compromised, or as a general precaution, sign out of all browser profiles to invalidate the current session tokens. Following this, reset your password and sign back in to generate new tokens. This is especially crucial for users whose tokens and GAIA IDs might have been exfiltrated. Resetting your password effectively disrupts unauthorized access by invalidating the old tokens which the infostealers rely on, thus providing a crucial barrier to the continuation of their exploit."
--
https://wheretofind.me/@NoSubstitute
