Google Rolls Out Cookie Theft Protections in Chrome
Summary
Google has introduced Device Bound Session Credentials in Chrome to combat cookie theft. This new feature cryptographically binds authentication to the device, rendering stolen session cookies unusable.
IFF Assessment
FRIEND
This development is good news for defenders as it introduces a new technical control to mitigate a common attack vector.
Defender Context
This protection helps defend against credential stuffing and account takeover attacks that rely on stolen session cookies. Defenders should be aware of this feature and ensure their applications are compatible with it, as it represents a shift in how session authentication is handled client-side.