Chrome 146 Bolsters Session Security Amidst Rising AiTM & Extension Threats

Browser Extensions Emerge as New AI Consumption & Attack Channel

• Browser extensions are increasingly being used as "shadow APIs" for AI models, introducing new security and privacy risks for users.
• This trend facilitates novel prompt injection attacks and data exfiltration vectors, expanding the attack surface within browser ecosystems.
• The proliferation of AI-powered extensions necessitates increased scrutiny regarding data handling and potential misuse of user interactions with large language models.

Source: The Hacker News | Date: April 10, 2026

Google Chrome 146 Introduces DBSC to Combat Session Theft on Windows

• Google has rolled out Device Bound Session Credentials (DBSC) in Chrome 146 for Windows to significantly enhance protection against session token theft.
• DBSC cryptographically links session cookies to the specific user device, rendering stolen cookies unusable by attackers on different machines.
• This security feature directly counters sophisticated info-stealer malware that targets browser session tokens to gain unauthorized access to online accounts.

Source: The Hacker News | Date: April 10, 2026

Storm-2755 Campaign Exploits AiTM Session Hijacking to Divert Employee Salaries

• A new threat campaign, dubbed Storm-2755, is leveraging Adversary-in-the-Middle (AiTM) session hijacking to compromise corporate accounts and redirect employee salary payments.
• Attackers employ advanced phishing techniques to intercept authentication tokens, effectively bypassing multi-factor authentication (MFA) mechanisms.
• Organizations must bolster their security postures with strong conditional access policies and continuous authentication checks to mitigate these advanced session hijacking threats.

Source: Cyber Security News | Date: April 09, 2026

References

1. Browser Extensions Are the New AI Consumption Channel That No One Is Talking About - The Hacker News
2. Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows - The Hacker News
3. Hackers Use AiTM Session Hijacking to Redirect Employee Salaries in New Storm-2755 Campaign - Cyber Security News