"Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks"

Google is testing a new Chrome feature called Device Bound Session Credentials (DBSC) to help protect users from session cookie theft by malware. The prototype, which is currently being tested against some Google Account users running Chrome Beta, is planned to become an open web standard, according to the company's Chromium team. By binding authentication sessions to the device, DBSC will disrupt the cookie theft industry, as exfiltrating these cookies will no longer be valuable. Attackers would have to act locally on the device, increasing the effectiveness of on-device detection and cleanup for anti-virus software and enterprise-managed devices. The development follows reports that off-the-shelf information-stealing malware is trying to steal cookies to enable threat actors to bypass Multi-Factor Authentication (MFA) protection and gain unauthorized access to online accounts. This article continues to discuss cookie-stealing attacks and the DBSC feature aimed at protecting against them.

THN reports "Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks"

Submitted by grigby1

Submitted by Gregory Rigby on