April 2, 2024 at 02:13PM
Google has unveiled a new Chrome security feature called Device Bound Session Credentials (DBSC), which cryptographically binds authentication cookies to a specific device, preventing hackers from stealing them for account hijacking. This enhanced security measure effectively thwarts cookie theft malware and is expected to be supported by half of Chrome desktop devices.
Key Takeaways from the Meeting Notes:
– Google has announced a new Chrome security feature called Device Bound Session Credentials (DBSC) to address the problem of stolen authentication cookies being used to hijack user accounts.
– DBSC cryptographically binds authentication cookies to a specific device, making it impossible for attackers to steal cookies and access users’ accounts.
– The feature is in the prototype phase, but users can test it by enabling the “enable-bound-session-credentials” flag in Chrome web browsers.
– DBSC works by allowing a server to start a new session with a browser and associate it with a public key stored on the device, offering enhanced privacy and security.
– It is expected that this new security capability will be initially supported by about half of all Chrome desktop devices and will be fully aligned with the phase-out of third-party cookies in Chrome.
– Google aims to automatically upgrade the security of Google accounts for consumers and enterprise users when this technology is fully deployed.
These are the key takeaways from the meeting notes regarding the new Chrome security feature and its potential impact on enhancing account security.