Google's latest project could help protect you against cookie theft

Device Bound Session Credentials (DBSC) will make stealing your cookies more difficult.
Written by Sabrina Ortiz, Editor
Cookies illustration
Adela Stefan/Getty Images/500px

Internet cookies can be useful when browsing the web, saving your site preferences and browsing information for a more seamless experience, but they can also be used to track you or even steal your data. Google's latest project attempts to stop malicious actors from doing the latter.

On Tuesday, Google unveiled Device Bound Session Credentials (DBSC), which the company says can protect you against malware that steals your cookies. As Google explains in its blog post, attackers typically pull authentication cookies from browsers on your device and move them to remote servers. They then sell access to your compromised accounts. DBSC is meant to significantly cut down on cookie theft from occurring in the first place.

Also: AT&T resets passcodes for 7.6 million customers after data leak. What experts are saying

"We think this will substantially reduce the success rate of cookie theft malware," Google Senior Software Engineer Kristian Monsen wrote in the blog post. "Attackers would be forced to act locally on the device, which makes on-device detection and cleanup more effective, both for antivirus software as well as for enterprise managed devices."

Google is developing DBSC in the open on GitHub, where it also shared a timeline for DBSC's rollout. The end goal is an origin trial in Chrome, set for the end of 2024.

Also: The biggest challenge with increased cybersecurity attacks, according to analysts

Google is currently experimenting with a DBSC prototype to protect some Google Account users running Chrome beta. This test is meant to gauge DBSC's reliability and feasibility. Once ready, Google plans to roll out DSBC to consumer and enterprise Chrome users via an automatic update.

Editorial standards