Google Workspace is launching a brand new safety measure to assist forestall the identical kind of account takeover assault that impacted Linus Tech Ideas. The function, which is rolling out in beta for Chrome customers on Home windows, is designed to dam dangerous actors from remotely stealing the cookies that preserve you logged into your Workspace account.
Google calls the function System Certain Session Credentials (DBSC), and it does precisely what its title suggests: it protects customers’ Workspace accounts by binding session cookies, the non permanent information that web sites use to recollect consumer data, to their gadgets.
That makes it harder for attackers to hold out session token-stealing assaults, which regularly happen when a sufferer downloads information-stealing malware. From there, dangerous actors can exfiltrate a sufferer’s login credentials to a distant server, permitting them to signal into their account from one other system or promote their credentials.
“As a result of this theft happens after a consumer has logged in, it bypasses many present account protections like 2FA [two-factor authentication],” Google spokesperson Ross Richendrfer tells The Verge. “Current protections for this kind of assault aren’t very mature, so it’s low-hanging fruit for attackers.”
In 2023, a foul actor took over the YouTube channel for Linus Tech Ideas, together with two different Linus Media Group accounts, after an worker downloaded a pretend sponsorship supply containing cookie-stealing malware. This week, YouTube issued a warning a few related rip-off involving creators downloading phony model offers. YouTube isn’t the one platform that we’ve seen impacted by cookie-stealing, both, as hackers hijacked a number of Chrome extensions final 12 months, including malware that exfiltrates session tokens for some web sites.
Google says there’s been an “exponential rise” in cookie and authentication token theft over the previous couple of years, and that this “development has solely intensified in 2025.” The corporate started engaged on DBSC final 12 months, and stated the verification platform Okta, in addition to browsers like Microsoft Edge, have “expressed curiosity” within the idea. Together with DBSC, Google recommends that Workspace directors allow passkeys as nicely, which is now out there to over 11 million prospects.
{content material}
Supply: {feed_title}