"This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape."
"DBSC aims to counter this abuse by cryptographically tying the authentication session to a specific device, rendering cookies worthless even if they get stolen by malware."
"It does this using hardware-backed security modules, such as the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS, to generate a unique public/private key pair that cannot be exported from the machine."
Device Bound Session Credentials (DBSC) are now available for Windows users of Chrome 146, with plans for macOS expansion. This feature aims to combat session theft, a significant threat where attackers exfiltrate session cookies to gain unauthorized access to accounts. DBSC ties authentication sessions to specific devices using hardware-backed security modules, making stolen cookies ineffective. This initiative represents a major advancement in security efforts against session theft, which often involves malware that harvests sensitive information from compromised systems.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]