This new protocol from Google aims to reduce account hijacking caused by cookie theft.
It's implemented in Chome 146 for Windows [3]. Mozilla seems undecided [4].
Links:
[1] https://github.com/w3c/webappsec-dbsc
[2] https://github.com/w3c/webappsec-dbsc/blob/main/DBSCE/Overview.md
[3] https://security.googleblog.com/2026/04/protecting-cookies-with-device-bound.html
[4] mozilla/standards-positions#912
I think it would be great if Jakarta EE specified and implemented this new feature. Feel free to close this issue if it's in the wrong place, unwanted or too early.
Thanks!
This new protocol from Google aims to reduce account hijacking caused by cookie theft.
It's implemented in Chome 146 for Windows [3]. Mozilla seems undecided [4].
Links:
[1] https://github.com/w3c/webappsec-dbsc
[2] https://github.com/w3c/webappsec-dbsc/blob/main/DBSCE/Overview.md
[3] https://security.googleblog.com/2026/04/protecting-cookies-with-device-bound.html
[4] mozilla/standards-positions#912
I think it would be great if Jakarta EE specified and implemented this new feature. Feel free to close this issue if it's in the wrong place, unwanted or too early.
Thanks!