BleepingComputer reports that Google has been working on curbing browser cookie theft with the new Device Bound Session Credentials functionality in Chrome as it prepares to remove third-party cookies from the browser.Such a feature, which could be used by activating the "enable-bound-session-credentials" flag, would allow the binding of authentication sessions to device-generated public/private key pairs, a technique which could significantly reduce cookie theft malware success, according to Google Chrome Counter Abuse Team Software Engineer Kristian Monsen."Attackers would be forced to act locally on the device, which makes on-device detection and cleanup more effective, both for anti-virus software as well as for enterprise managed devices," said Monsen.Monsen added that the feature will eventually be added to Google Workspace and Google Cloud for increased security.Such a development follows claims by operators of the Rhadamanthys and Lumma information-stealing malware strains alleging expired Google authentication cookie restoration capabilities.
Identity, Application security, Malware
Novel anti-cookie theft feature in Chrome detailed
(Adobe Stock Images)
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds