{"id":45331,"date":"2026-04-12T03:56:23","date_gmt":"2026-04-11T19:56:23","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/12\/google-chrome-update-disrupts-infostealer-cookie-theft\/"},"modified":"2026-04-12T03:56:23","modified_gmt":"2026-04-11T19:56:23","slug":"google-chrome-update-disrupts-infostealer-cookie-theft","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/12\/google-chrome-update-disrupts-infostealer-cookie-theft\/","title":{"rendered":"Google Chrome Update Disrupts Infostealer Cookie Theft"},"content":{"rendered":"\n<p>Google has launched a new security feature for <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/chrome-extensions-harvest-browsing-data-37m-users\/\">Chrome<\/a> on Windows to prevent session theft by hackers. This update, called Device Bound Session Credentials (DBSC), is now available for <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/developer.chrome.com\/release-notes\/146\">Chrome 146<\/a> users. It aims to solve a common problem where scammers use infostealer malware to steal session cookies from a computer. Cookies are basically small files that websites use to remember you, so you don\u2019t have to log in every time.<\/p>\n<p>Google\u2019s Chrome and Account Security teams noted in the official <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/security.googleblog.com\/2026\/04\/protecting-cookies-with-device-bound.html\">Google Security blog<\/a> that \u201csession theft typically occurs when a user inadvertently downloads malware onto their device.\u201d If a hacker steals these cookies, they can hijack your accounts without needing your password.<\/p>\n<p>Researchers explain that this \u201ccookie exfiltration\u201d is difficult to thwart because when malware like <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/north-korean-hacker-device-lummac2-infostealer-bybit\/\" data-type=\"link\" data-id=\"https:\/\/hackread.com\/north-korean-hacker-device-lummac2-infostealer-bybit\/\">LummaC2<\/a> or <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/vidar-2-0-infostealer-fake-game-cheats-github-reddit\/\">Vidar<\/a> compromises a device, it can easily see the files and memory where the browser stores this information.<\/p>\n<p>\u201cDBSC fundamentally changes the web&#8217;s capability to defend against this threat by shifting the paradigm from reactive detection to proactive prevention, ensuring that successfully exfiltrated cookies cannot be used to access users\u2019 accounts,\u201d explained the Google Account Security team.<\/p>\n<h3><strong>How the new security works<\/strong><\/h3>\n<p>The new system addresses this issue by linking your login session directly to your computer using a special security chip inside your machine, known as the Trusted Platform Module (TPM) on Windows or the Secure Enclave on <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/macos-malware-notnullosx-crypto-wallets\/\">macOS<\/a>. The browser creates a unique public\/private key pair that stays on your computer and cannot be moved to another device.<\/p>\n<p>Now, when you use a website, Chrome has to prove it has that private key before the server will give it a new <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/nearly-94-billion-stolen-cookies-on-dark-web\/\">cookie<\/a>. These cookies are also short-lived, which is an important feature because a hacker cannot steal the key from your hardware; any cookies they do manage to grab will expire and become useless almost immediately. <\/p>\n<p>Google has already seen a drop in successful attacks during &#8216;Origin Trials&#8217; (early testing) in collaboration with other <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/unc6783-hackers-fake-okta-pages-corporate-breach\/\" data-type=\"post\" data-id=\"143685\">web platforms like Okta<\/a>, the blog post reveals.<\/p>\n<div>\n<figure><a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/wp-content\/uploads\/2026\/04\/Chrome-146-Launches-DBSC-to-Protect-Windows-Users-from-Cookie-Theft.png\"><img loading=\"lazy\" decoding=\"async\" width=\"650\" height=\"400\" src=\"https:\/\/hackread.com\/wp-content\/uploads\/2026\/04\/Chrome-146-Launches-DBSC-to-Protect-Windows-Users-from-Cookie-Theft.png\" srcset=\"https:\/\/hackread.com\/wp-content\/uploads\/2026\/04\/Chrome-146-Launches-DBSC-to-Protect-Windows-Users-from-Cookie-Theft.png 650w, https:\/\/hackread.com\/wp-content\/uploads\/2026\/04\/Chrome-146-Launches-DBSC-to-Protect-Windows-Users-from-Cookie-Theft-300x185.png 300w, https:\/\/hackread.com\/wp-content\/uploads\/2026\/04\/Chrome-146-Launches-DBSC-to-Protect-Windows-Users-from-Cookie-Theft-380x234.png 380w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" alt=\"Google Chrome Update Disrupts Infostealer Cookie Theft\" \/><\/a><figcaption>DBSC mechanism explained (Source: Google)<\/figcaption><\/figure>\n<\/p><\/div>\n<h3><strong>Protecting privacy and national security<\/strong><\/h3>\n<p>Google worked with <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/tag\/microsoft\/\">Microsoft<\/a> to make sure this new tech doesn\u2019t track users, and each website gets a different key. This means companies cannot use this feature to fingerprint devices or to track your online activity across different sites. While Windows users have the update now, Google plans to bring it to macOS soon.<\/p>\n<div style='margin: 8px auto; text-align: center; display: block; clear: both;'> <script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3675825324474978\"      crossorigin=\"anonymous\"><\/script>  <ins      style=\"display:inline-block;width:300px;height:250px\"      data-ad-client=\"ca-pub-3675825324474978\"      data-ad-slot=\"3421156210\"><\/ins> <script>      (adsbygoogle = window.adsbygoogle || []).push({}); <\/script><\/div>\n<p>This update arrives at a critical time, given that infostealers mainly rely on simple human error to succeed and not complex hacking. Last year, Hackread.com <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/infostealers-breach-us-security-military-fbi-hit\/\">reported<\/a> that over 30 million computers worldwide had been infected, with one-in-five devices holding sensitive corporate details. <\/p>\n<p>The targets included high-profile organisations like the Pentagon, the <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/operation-masquerade-fbi-russia-router-hacking\/\">FBI<\/a>, and major defence contractors like Lockheed Martin and Honeywell. In those instances, hackers stole credentials and session cookies to sell access to military and government files for as low as $10. Through DBSC, Google hopes to stop hackers from bypassing <a target=\"_blank\" rel=\"noopener\" href=\"https:\/\/hackread.com\/tycoon-2fa-phishing-platform-shut-down-bypass-mfa\/\">two-factor authentication<\/a> with stolen data and prevent similar security breaches.<\/p>\n<div >\n<div>\n<div>\n<div>\n<h5> \t\t\t\t\t\t<a target=\"_blank\" rel=\"author\" href=\"https:\/\/hackread.com\/author\/deeba\/\"> \t\t\t\t\t\t\tDeeba Ahmed\t\t\t\t\t\t<\/a> \t\t\t\t\t<\/h5>\n<div> \t\t\t\t\t\t\t<a target=\"_blank\" rel=\"author\" href=\"https:\/\/hackread.com\/author\/deeba\/\"> \t\t\t\t\t\t\t\t<img src='https:\/\/secure.gravatar.com\/avatar\/9fefbe13a37a8aeb4620dfe89bb7feabd9433643ff382b6b882f27837a4cfb72?s=80&#038;d=mm&#038;r=g' srcset='https:\/\/secure.gravatar.com\/avatar\/9fefbe13a37a8aeb4620dfe89bb7feabd9433643ff382b6b882f27837a4cfb72?s=160&#038;d=mm&#038;r=g 2x' height='80' width='80' alt=\"Google Chrome Update Disrupts Infostealer Cookie Theft\" \/>\t\t\t\t\t\t\t<\/a> \t\t\t\t\t\t<\/div>\n<div>\n<div> \t\t\t\t\t\t\t\tDeeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform\u2019s trusted coverage.\t\t\t\t\t\t\t<\/div>\n<div>\n<div> \t\t<a href=\"https:\/\/hackread.com\/author\/deeba\/\" target=\"\"> \t\t\tView Posts\t\t<\/a> \t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Google has launched a new security feature for Chrome o [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-45331","post","type-post","status-publish","format-standard","hentry","category-hackread"],"_links":{"self":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/comments?post=45331"}],"version-history":[{"count":0,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/posts\/45331\/revisions"}],"wp:attachment":[{"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/media?parent=45331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/categories?post=45331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/wp-json\/wp\/v2\/tags?post=45331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}