Towards Browser Controls to Protect Cookies from Malicious Extensions

arXiv:2405.06830v1 Announce Type: new
Abstract: Cookies provide a state management mechanism for the web and are often used for authentication, storing a user's session ID, and replacing their credentials in subsequent requests. These ``session cookies'' are valuable targets of attacks such as Session Hijacking and Fixation that attempt to steal them and gain unauthorized access to user accounts. Multiple controls such as the Secure and HttpOnly cookie attributes restrict cookie accessibility, effectively mitigating attacks from the network or malicious websites, …

arxiv attacks authentication browser controls cookies credentials cs.cr extensions hijacking malicious malicious extensions management mechanism protect requests session session cookies session hijacking state steal the web web