A token-theft workflow tied to Umbrij shows how ordinary browser developer features can be turned into quiet access to corporate Gmail and other Google services.