In part 1 of this series we covered various techniques for stealing session data from the Chrome (and Chromium-based) browsers. In this part we will cover how you can defend against these techniques using a combination of managed policies and endpoint monitoring.

If you’re in an enterprise environment, consider using Chrome Device Trust Connectors for further coverage by restricting access to sensitive applications to a single managed browser.

Hardening Chrome with Enterprise Policies

In enterprise environments, Chrome (and Chromium variants) can be hardened using Chrome Enterprise Policies, making it possible to significantly reduce the browser’s attack surface.

Cookies are the keys to the kingdom - In today’s enterprise and consumer environments, Single Sign-On (SSO) and SaaS applications dominate the web landscape. These platforms heavily rely on session cookies to maintain persistent authenticated states across multiple services and domains.

As a result, post-authentication session cookies have become highly valuable targets for attackers. With the proliferation of U2F MFA adversaries are focussing on the user’s browser as a post-compromise foothold seeking to extract cookies and tokens that grant ongoing access to sensitive systems without triggering additional authentication.