Google has rolled out a significant security upgrade to its Chrome browser, extending session cookie theft protection to all users in a move aimed at combating one of the most prevalent techniques used by cybercriminals to hijack online accounts. The feature, previously available only to select users, is designed to prevent attackers from stealing session cookies, which are small files stored in a browser that keep users logged into websites and online services. By targeting these cookies, threat actors have long been able to bypass multi-factor authentication and gain unauthorised access to accounts without ever needing a victim’s password.
The protection works by binding session cookies to the device on which they were created, making them significantly harder to exploit even if they are successfully intercepted or stolen by malicious software. This approach directly counters a technique known as “pass-the-cookie” attacks, which have become increasingly popular amongst cybercriminals and state-sponsored threat actors alike. The update represents a meaningful step forward in browser-level security, particularly as infostealers and other malware strains designed to harvest session cookies have surged in use across the threat landscape in recent years.
Google’s decision to make the feature available to all Chrome users rather than a limited cohort is greatly welcomed as a proactive measure to protect everyday Australians and organisations from account takeover attacks. Ensure your Chrome browser is updated to the latest version to take full advantage of the new protections.