Aloïs Thévenot

I wanted to address the speculation about the recently introduced Device Bound Session Credentials (DBSC) security feature in Google Chrome. Does it help increase the security of session cookies against infostealer malware and MFA phishing? The feature has been available and enabled by default since the Chrome 146 update (April 2026), if you're running Windows with a hardware-backed TPM security module (macOS support is coming in future updates). DBSC allows the browser to upgrade session cookies from long-lived to short-lived, requiring the browser to refresh them approximately every 10 minutes to maintain access to the user's account. > Does DBSC prevent account takeover by threat actors using a stolen session cookie obtained from the user's browser via infostealer malware? Yes (kind of). The extracted session cookie will be valid for up to 10 minutes from the time it is extracted. The attacker will be unable to maintain long-term access to the user's account. Still, the timeframe may be sufficient, for example, to exfiltrate the inbox if the attack is automated. The attacker cannot refresh the short-lived session cookie because it requires the private key (stored in the TPM) assigned to the account to sign the challenge. The malware cannot access the private keys stored in the TPM. > Does DBSC prevent account takeover by threat actors during a phishing attack? No. Servers need to provide legacy support for the browsers that do not yet support DBSC. By default, the server registers and sends a long-lived session cookie to the browser. If the server supports DBSC, it will announce the DBSC API endpoint URL in the `Secure-Session-Registration` HTTP header of the response packet that contains the long-lived session cookies. Only after the short-lived session cookie is registered via the DBSC API endpoint is the long-lived session cookie invalidated. When the attacker removes the `Secure-Session-Registration` HTTP header retrieved from the server during a phishing attack, the browser will continue using long-lived session cookies and assume the server does not support DBSC. In short, removing that HTTP header while proxying traffic during a phishing attack allows the attacker to maintain long-term access to the user's account using the stolen long-lived session cookie. I hope I've managed to clear up some confusion. On a related note, you will soon be able to simulate phishing attacks against Google Workspace accounts (and other websites) that bypass DBSC and MFA protections using Evilginx Pro with the Phishlets 2.0 update.

What happens when your math and map processing libs become RCE vectors? We've exploited OSS libraries to pop 2 shells on Microsoft's cloud infra, got assessed "low" severity, and found 2 bypasses again to defend our case, almost losing out on 6 digits in bounties The current impact is over 120,000 repos just on GitHub. AI agents, LangChain, TiTiler, pandas. Everybody wants the researchers to be responsible. Here's how responsible disclosure looks like from the other side:

My last submission to MSRC was for a Device Guard bypass.  I learned my lesson from prior drawn-out submissions, so I included a 90 day window this time.  MSRC responded saying that it met their bar and they would fix it, but asked me to withhold disclosure well past 90 days because they needed a few extra months to fix it.  I agreed on the condition that they issue a CVE, to which they agreed.  After the agreed-upon Patch Tuesday a few months later, I couldn’t find any mention in the CVE list, so I reached out to MSRC to inquire. It turns out - they changed their minds, deciding it did not meet their bar for servicing, yet they patched it anyway.  Since it didn’t meet the bar, they didn’t issue a CVE. MSRC strung me along for a few extra months to keep me quiet, then broke their word. They could have at least bought me dinner first. The interaction left such a bad taste in my mouth that I don’t really feel like interacting with them again. That’s why I didn’t publish any exploits/tools last year. #MeTooMSRC

Last time I dealt with MSRC I found a command injection vulnerability present for a decade in context menus, not highly critical but still exploitable. (see my talk Shift Happens) MSRC did not reward a bounty nor did they attribute a CVE to this finding because this ”doesn’t meet [their] criteria as a vulnerability that requires an immediate security update” However, this was fixed a month later in Windows 11 Canary (10.0.27902.1000). Case closed. https://t.co/8PFw4xs7Bx

Last time I dealt with MSRC. Responsibly disclosed an issue with legacy auth that allowed me to spray passwords at <redacted endpoint> and avoid smart lockout. Receives email.. 5 months after initial case opening. “Doesn’t meet the bar for servicing” Microsoft silently fixed. Closed case. https://t.co/9iFpMJMSXC