New 'DBSC' feature installed in Chrome prevents misuse of stolen cookies – GIGAZINE

Cookies, which keep you logged into websites and save site settings, are convenient targets for malicious attackers, and malware that steals cookies can see no end to instances of unauthorized account access. In order to prevent such cases, we discovered that Google is developing a new feature called “DBSC (Device Bind Session Credentials)'' which will keep your cookies safe even if they are stolen.

Chromium Blog: Combating cookie theft with device-bound sessions
https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html

A new Chrome feature aims to prevent hackers from using stolen cookies
https://www.bleepingcomputer.com/news/security/new-chrome-feature-aims-to-stop-hackers-from-using-stolen-cookies/

Google fights cookie hijacking with Chrome encryption keys PCMag
https://www.pcmag.com/news/google-to-fight-cookie-hijacking-with-encryption-keys-for-chrome-browser

Cookies store website browsing information, login information, settings, etc., and if exploited by an attacker, may bypass multi-factor authentication and take over your account.

DBSC is a function that links cookies to the device and encrypts them so that they cannot be misused even if an attacker steals them.

“DBSC will significantly reduce the success rate of cookie-stealing malware,” said Christian Monsen, a Google engineer. “This will enable more effective detection and removal of malware on devices.”

DBSC is still in the prototype stage, but you can try it by accessing “chrome://flags/” in a Chromium-based browser such as Google Chrome and setting the relevant item “Device Bound Session Credentials” to “Enable”. He is.

DBSC is scheduled to be rolled out in conjunction with the phase-out of third-party cookies, and once the feature is fully rolled out, the security of Google accounts for consumer and enterprise users will be automatically upgraded.

Google releases timeline for eliminating third-party cookies, set to begin in 2024