Chrome's new feature 'DBSC' prevents the exploitation of stolen cookies



Cookies, which keep you logged in to websites and save site settings, are convenient targets for malicious attackers, and malware that steals cookies can There is no end to the cases of unauthorized access to accounts. In order to prevent such cases, we found out that Google is developing a new feature called ``DBSC (Device Bound Session Credentials)'' that will keep cookies safe even if they are stolen.

Chromium Blog: Fighting cookie theft using device bound sessions

https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html



New Chrome feature aims to stop hackers from using stolen cookies

https://www.bleepingcomputer.com/news/security/new-chrome-feature-aims-to-stop-hackers-from-using-stolen-cookies/



Google to Fight Cookie Hijacking With Encryption Keys for Chrome Browser | PCMag

https://www.pcmag.com/news/google-to-fight-cookie-hijacking-with-encryption-keys-for-chrome-browser

Cookies store website browsing information, login information, settings, etc., and if exploited by an attacker, they may bypass multi-factor authentication and take over your account.

DBSC is a function that pairs cookies with a device and encrypts them so that even if an attacker steals them, they cannot be misused.

'DBSC will greatly reduce the success rate of malware that steals cookies,' said Christian Monsen, a Google engineer. 'This will enable more effective detection and removal of malware on devices.'

DBSC is still in the prototype stage, but you can try it out by accessing 'chrome://flags/' in a Chromium-based browser such as Google Chrome and setting the 'Device Bound Session Credentials' related item to 'Enable'. is.



DBSC is scheduled to be rolled out in conjunction with the phase-out of third-party cookies, and once the feature is fully rolled out, the security of Google accounts for consumer and enterprise users will be automatically upgraded. It means.

Google releases schedule for abolishing third-party cookies, scheduled to start in 2024 - GIGAZINE



in Software,   Security, Posted by logc_nt