Cyber Security

To counter cookie theft, Chrome ships device-bound session credentials

To counter cookie theft, Chrome ships device-bound session credentials

Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled server. Because cookies often have extended lifetimes, attackers can access accounts without passwords, then bundle and sell the stolen credentials. Once malware gains access to a machine, it can read the local files and memory where browsers store authentication cookies. What DBSC does Google’s Device Bound Session Credentials (DBSC) is now entering public availability for … More

The post To counter cookie theft, Chrome ships device-bound session credentials appeared first on Help Net Security.

Read More

Related Posts

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google Rolls Out DBSC in Chrome 146 to Block Session Th...

What vibe hunting gets right about AI threat hunting, and where it breaks down

What vibe hunting gets right about AI threat hunting, a...

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

EngageLab SDK Flaw Exposed 50M Android Users, Including...

New infosec products of the week: April 10, 2026

New infosec products of the week: April 10, 2026

'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues

'BlueHammer' Windows Zero-Day Exploit Signals Microsoft...

Product showcase: Session, a messenger without phone numbers or metadata

Product showcase: Session, a messenger without phone nu...