Google Rolls Out Cookie Theft Protections in Chrome

Google has introduced Device Bound Session Credentials in Chrome, a new security feature that cryptographically binds authentication sessions to devices, rendering stolen session cookies useless to attackers. Cookie theft is a prevalent attack vector used by threat actors to hijack user sessions without requiring credentials. This protection addresses session-based attacks including those performed via infostealers and browser extension compromises. The feature enhances user security by ensuring that even if cookies are exfiltrated through malware or phishing, attackers cannot use them on different devices. Organizations should encourage users to update to the latest Chrome version to benefit from this protection. This represents a significant shift toward hardware-bound authentication as a defense mechanism against credential theft.

New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication. The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek .

Google has introduced Device Bound Session Credentials in Chrome, a new security feature that cryptographically binds authentication sessions to devices, rendering stolen session cookies useless to attackers. Cookie theft is a prevalent attack vector used by threat actors to hijack user sessions without requiring credentials. This protection addresses session-based attacks including those performed via infostealers and browser extension compromises. The feature enhances user security by ensuring that even if cookies are exfiltrated through malware or phishing, attackers cannot use them on different devices. Organizations should encourage users to update to the latest Chrome version to benefit from this protection. This represents a significant shift toward hardware-bound authentication as a defense mechanism against credential theft. New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication. The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek . New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication. The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek .