At Impress Computers, we want to make you aware of a newly disclosed cyberattack technique called “Cookie Bite,” which targets browser sessions through malicious Chrome extensions. This dangerous method allows attackers to hijack active sessions without needing your credentials—completely bypassing Multi-Factor Authentication (MFA) and traditional login protections.

Originally published by cybersecurity researchers at Varonis, this proof-of-concept attack is designed to target high-value sessions such as cloud admin consoles, SaaS dashboards, and financial applications.

“Cookie Bite” is particularly dangerous because it exploits weak browser extension controls, rendering many traditional security defenses ineffective.

How to Protect Your Business:

To mitigate this risk, we strongly recommend implementing the following security measures:

  • Strict Browser Extension Controls: Audit, restrict, and manage all Chrome extensions across your environment.

  • Conditional Access Policies (CAP): Enforce access policies based on user identity, device health, and risk level.

  • Continuous Access Evaluation (CAE): Monitor sessions in real-time and revoke access immediately when risky activity is detected.

  • End-User Education: Train your team to avoid installing unknown or unapproved browser extensions.

These combined defenses help detect abnormal session behavior and can revoke compromised access tokens in real time—before attackers can do damage.

Quick Facts:

  • CVE Assigned: None (this attack abuses Chrome behavior, not a direct vulnerability)

  • Devices at Risk: Any device running Chrome without strict extension management

  • Attack Method: Malicious extensions steal session tokens, allowing attackers to bypass logins and MFA

  • Immediate Action Required:

    • Audit browser extensions now

    • Enforce CAP and enable CAE monitoring

    • Educate users about safe browsing practices

This is how modern breaches start: attackers quietly hijack your existing sessions, skipping every layer of login protection you have in place. Don’t let “Cookie Bite” catch your business off-guard.

If you need help auditing your current setup or strengthening your session security, our team is ready to assist.

At Impress Computers, we’ve already taken proactive steps to protect our clients from threats like Cookie Bite:

  • We deploy ThreatLocker Storage Control policies, including TL.SC.004 – Block Cookie Access, which denies access to browser cookie files. This directly prevents malicious extensions from harvesting session tokens used in MFA bypass attacks.

  • Using Application Control, we block unknown or unapproved browser extensions from running, cutting off potential exploits before they can start.

  • ThreatLocker Network Control adds another layer by restricting unauthorized applications or extensions from ever connecting to your network.

  • Through Cloud Control, we’re also monitoring for token theft and session hijacking—currently focused on Microsoft 365, with support for Google Workspace and other platforms coming soon.

These controls are already active for our managed clients. If you’re not sure your current IT provider is protecting you at this level, reach out to us for a free security review.

Stay Safe,
The Impress Computers Team

FREE EXECUTIVE REPORT

Cyber Incident Prevention Best Practices For
Your Small Business