Google's latest project could help protect you against cookie theft
Internet cookies can be useful when browsing the web, saving your site preferences and browsing information for a more seamless experience, but they can also be used to track you or even steal your data. Google's latest project attempts to stop malicious actors from doing the latter.
On Tuesday, Google unveiled Device Bound Session Credentials (DBSC), which the company says can protect you against malware that steals your cookies. As Google explains in its blog post, attackers typically pull authentication cookies from browsers on your device and move them to remote servers. They then sell access to your compromised accounts. DBSC is meant to significantly cut down on cookie theft from occurring in the first place.
Also: AT&T resets passcodes for 7.6 million customers after data leak. What experts are saying
"We think this will substantially reduce the success rate of cookie theft malware," Google Senior Software Engineer Kristian Monsen wrote in the blog post. "Attackers would be forced to act locally on the device, which makes on-device detection and cleanup more effective, both for antivirus software as well as for enterprise managed devices."
Google is developing DBSC in the open on GitHub, where it also shared a timeline for DBSC's rollout. The end goal is an origin trial in Chrome, set for the end of 2024.
Also: The biggest challenge with increased cybersecurity attacks, according to analysts
Google is currently experimenting with a DBSC prototype to protect some Google Account users running Chrome beta. This test is meant to gauge DBSC's reliability and feasibility. Once ready, Google plans to roll out DSBC to consumer and enterprise Chrome users via an automatic update.