A form of phishing, known as man in the middle (MITM), is hard to detect when an embedded browser framework is being used for authentication. MITM intercepts communications between a user and Google in real-time to gather the users credentials (including the second factor in some cases) Google will be blocking sign-ins from embedded browser frameworks starting in June. The solution for developers currently using CEF for authentication is the same: browser-based OAuth authentication.”]
Source: https://security.googleblog.com/2019/04/better-protection-against-man-in-middle.html