Device Bound Session Credentials (DBSC) are now available for Windows users of Chrome 146, with plans for macOS expansion. This feature aims to combat session theft, a significant threat where attackers exfiltrate session cookies to gain unauthorized access to accounts. DBSC ties authentication sessions to specific devices using hardware-backed security modules, making stolen cookies ineffective. This initiative represents a major advancement in security efforts against session theft, which often involves malware that harvests sensitive information from compromised systems.
"This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape."
"DBSC aims to counter this abuse by cryptographically tying the authentication session to a specific device, rendering cookies worthless even if they get stolen by malware."
"It does this using hardware-backed security modules, such as the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS, to generate a unique public/private key pair that cannot be exported from the machine."
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]