Google Chrome Update Blocks Infostealer Cookie Theft Attempts
Chrome Blocks Infostealer Cookie Theft with Device-Bound Session Credentials
In a significant development aimed at bolstering browser security, Google has introduced Device-Bound Session Credentials (DBSC), a novel approach to prevent infostealer malware from stealing session cookies on Windows devices.
How It Works:
- The browser generates a unique public/private key pair that remains on the device and cannot be transferred to another machine.
- When a user accesses a website, the browser must demonstrate possession of the private key to receive a new cookie.
- This short-lived cookie becomes useless to attackers who attempt to steal it, as it expires rapidly and cannot be reused.
Windows users currently have access to this update, while macOS users will receive it in the near future.
A Critical Juncture:
This move comes at a critical juncture, considering that many recent attacks rely on relatively basic human errors rather than sophisticated hacking techniques.
Last year, reports indicated that over 30 million computers worldwide had been compromised, with sensitive corporate information stolen from high-profile organizations such as the Pentagon and major defense contractors.
Disrupting the Black Market:
By preventing hackers from bypassing two-factor authentication using stolen data, DBSC aims to disrupt the lucrative market for stolen access to military and government files, which can be sold for as little as $10.
About Author
English