Think twice before stealing cookies on Google Chrome. New DBSC system makes it harder
Chrome is phasing out support for third-party cookies in Q3 2024.
2 min. read
Published on
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Key notes
- A new system called Device Bound Session Credentials (DBSC) is now being beta-tested on Google Chrome.
- It lets servers start sessions with specific browsers, creating unique keys stored securely on devices.
- These keys replace or supplement cookies and are refreshed out-of-band to maintain security.
Google Chrome has just announced that it’s taking its combat against cookie theft even further. A new system called DBSC, short for Device Bound Session Credentials, is now being beta-tested for Google Accounts with plans to extend to Workspace & Cloud.
In short, the DBSC web capability links authentication sessions to devices, making stolen cookies useless. It lets servers start sessions with browsers, creating secure keys on devices. These keys replace cookies and are refreshed to maintain security, and it will be an open web standard.
And from this, DBSC prevents user tracking and doesn’t reveal device details. Chrome will support it for desktop users and align its availability with cookie changes, and you can follow the work on this capability on its GitHub page.
“DBSC doesn’t leak any meaningful information about the device beyond the fact that the browser thinks it can offer some type of secure storage. The only information sent to the server is the per-session public key which the server uses to certify proof of key possession later,” Google reassures.
Cookies make browsing easier but are often targeted by malware for stealing, giving attackers access to accounts without triggering security. The announcement came as Chrome is phasing out third-party cookies in the third quarter of 2024. Popular browsers like Microsoft Edge have also followed suit.
User forum
0 messages