A Loop Hole found in Google’s Authnetication system which will allow an attacker to by pass the Google Two Factor Authentication and gain full control over a user’s Gmail account by abusing the unique passwords which was being used to connect individual applications to Google accounts.
This Loophole founded by DUO SECURITY which is famous for two-factor authentication as a service, built to protect against account takeover and data theft, so they are expert of this.
this flaw is located in the auto-login mechanism which is implemented in
Chrome in the latest versions of Android, that allowed them to use an ASP to gain access to a Google account’s recovery and 2-step verification settings.
Auto-Login with Chrome
In recent versions of Android (and ChromeOS), Google has included, in their browser, an “auto-login” mechanism for Google accounts. After you’ve linked your device to a Google account, the browser will let you use your device’s existing authorization to skip Google’s web-based sign-on prompts. (There is even experimental support for this in desktop versions of Chrome; you can enable it by visiting chrome://flags/.)
–>
After this read the complete Description from here- https://blog.duosecurity.com/2013/02/bypassing-googles-two-factor-authentication/
