Tag

Dbsc

All articles tagged with #dbsc

technology1 day ago•2 min saved

Chrome Adds Hardware-Backed Session Keys to Thwart Cookie Theft on Windows

Google rolled out Device Bound Session Credentials (DBSC) in Chrome 146 for Windows, tying authentication sessions to hardware-backed keys (TPM on Windows, with macOS Secure Enclave support planned) so stolen cookies become useless; if a device lacks secure key storage, DBSC gracefully falls back to normal behavior. Early results show reduced session theft, and Google plans broader device support and enterprise integration while preserving privacy and avoiding cross-site tracking.

via The Hacker News|

#chrome #cookies #dbsc

technology1 day ago•4 min saved

Chrome secures sessions by binding cookies to hardware, thwarting infostealer theft

Google Chrome 146 on Windows adds Device Bound Session Credentials (DBSC), cryptographically linking a user’s session to the device’s hardware (TPM on Windows, Secure Enclave on macOS) so stolen session cookies can’t be exploited. New short-lived cookies require possession of the hardware-bound private key, otherwise they expire quickly. macOS support is planned for a future Chrome release. The DBSC protocol, developed with Microsoft and tested with partners like Okta, aims to reduce cookie theft while preserving privacy, with implementation guidance and W3C specs available for developers.

via BleepingComputer|

#chrome #dbsc #hardware-security