Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled server. Because cookies often have extended lifetimes, attackers can access accounts without passwords, then bundle and sell the stolen credentials. Once malware gains access to a machine, it can read the local files and memory where browsers store authentication cookies. What DBSC does Google’s Device Bound Session Credentials (DBSC) is now entering public availability for … More →The post To counter cookie theft, Chrome ships device-bound session credentials appeared first on Help Net Security.