September 24, 2024 at 01:35PM Infostealer malware developers claimed to bypass Google Chrome’s App-Bound Encryption feature, aiming to protect sensitive data like cookies. While the model prevents infostealer malware from stealing secrets stored in Chrome, security researchers observed multiple developers boasting about implementing a working bypass. Latest tests confirmed some malware variants can bypass the … Read more
April 3, 2024 at 10:15AM Google is testing Device Bound Session Credentials (DBSC) in Chrome to protect against session hijacking by malware. The feature binds authentication sessions to a device, disrupting cookie theft and making it harder to abuse stolen cookies. It uses a cryptographic approach and is initially rolled out to half of Chrome’s … Read more
April 3, 2024 at 08:11AM Google is addressing cookie theft by developing Device Bound Session Credentials (DBSC) to tie authentication data to a specific device, making stolen cookies useless. DBSC creates public/private key pairs and associates sessions with the public key, preventing correlation between keys from different sessions to protect privacy. Google expects to support … Read more
April 2, 2024 at 02:13PM Google has unveiled a new Chrome security feature called Device Bound Session Credentials (DBSC), which cryptographically binds authentication cookies to a specific device, preventing hackers from stealing them for account hijacking. This enhanced security measure effectively thwarts cookie theft malware and is expected to be supported by half of Chrome … Read more