Google will fight account theft with a new protection that has been incorporated into Chrome for Windows, which cryptographically links authentication sessions to a device to prevent credentials from being extracted.
Chrome 146 for Windows has introduced Device Bound Session Credentials (DBSC), a protocol that seeks to directly combat the theft of browser session cookies or login tokens in new accounts on a server controlled by a cyber attacker.
This happens when the user downloads ‘malware’ into their browser without being aware of it and, once active, it “accesses a computer, can read local files and the memory where browsers store authentication cookies“, as explained by Google on their official blog.
Authentication cookies also tend to have a “long useful life”, something that infostealers like LummaC2 take advantage of to access credentials, use them and even sell them. According to Google, since there is “no reliable way to prevent cookie exfiltration,” the way to mitigate the theft has been to detect credentials after the fact.
In this context, DBSC uses hardware-based security moduleswhich generate a unique public/private key pair that cannot be exported from the computer. In this way, the login depends on Chrome proving to the server that it has the corresponding private key so that new ‘cookies’ can be issued.
“Since attackers cannot steal this key, any Exfiltrated cookie expires quickly and becomes useless to them [los ciberatacantes]”says Google.
The company also claims that the protection is designed so that no device identifiers or authentication data are leaked to the server, and that communication between the two parties is limited to the exchange of cryptographic keys.
Google rolled out a preview version of DBSC last year and has now announced its public availability in Chrome 146 para Windowswhere it uses the Trusted Platform Module (TPM). Also to MacOS in a future browser update, where it will take advantage of the Secure Enclave.
https://civitai.com/user/bynhkoetb
https://stocktwits.com/bynhkoetb
https://solo.to/anthonyharr
https://www.ukclimbing.com/user/profile.php?id=437848
https://wykop.pl/ludzie/Michael45
https://egl.circlly.com/users/hungghiepxac
https://www.fuelly.com/driver/hungghiepxac
https://www.printables.com/@PaulBriggs_4596598
https://gettr.com/user/e236196480531894272
https://quicknote.io/9656e4b0-268c-11f1-adc6-39b1fbff1664
https://www.hoamanagement.com/forums/users/rayray/
https://iyinet.com/kullanici/rayray.97610/#about
https://www.kongregate.com/en/accounts/rayray22
https://www.passes.com/travisturner
https://www.playbook.com/s/michael-barrett/7gm4hoe2oe72C4Bvj7F7k2XS
https://hasitleaked.com/forum/members/patnewma/profile/
https://coub.com/ece2ec994e2fd710c13a
https://www.cameraftp.com/cameraftp/publish/PublicProfile.aspx/UserID79548702
https://apptuts.bio/anthonyharr-254323
https://it-rating.com/profile/012844
https://www.thetriumphforum.com/members/patnewma.59440/
https://beacons.ai/patnewma
https://xforum.live/members/patnewma.297443/#about
https://www.hollywoodfringe.org/projects/10537?review_id=63924&tab=reviews
https://schoolido.lu/user/chauhantmkrishna/