VaultJacking Attack Exposes Google Password Vaults via Single PIN

VaultJacking is a phishing technique that captures a victim's 6-digit Google Password Manager (GPM) PIN during a fake Google sign-in (AiTM) and uses it to join a new device to the victim's Google security domain, unlocking the Security Domain Secret (SDS) and synchronizing the victim's entire password and passkey vault to attacker-controlled infrastructure; researchers demonstrated the attack works even against accounts using passkeys, and it exploits a design choice in Google’s sync/enrollment process rather than a cryptographic flaw.