Update: Google Says Malware Abusing API Is Standard Token Theft, Not an API Issue
Google downplays the severity of the issue, treating it as regular cookie theft and suggesting users log out of their Chrome browser to invalidate the stolen cookies and tokens.