This Essential New Chrome Feature Will Shield Your Account From Hijacking
Apr. 16, 2024A year ago, the YouTube account of Linus Tech Tips washacked. Despite a round-the-clock investigation by the YouTube team, the hackers kept streaming crypto scams on the YouTube channel. Later, it was discovered that attackers could access all of LTT’s YouTube channel and it was possible because ofcookie theftaka session hijacking.
An employee launched an attachment received via email, whichseemed like a PDF file, but it was a malware-ridden executable. The malware ran on the system, decrypted the cookie database, and sent the session token to the attacker.
With session hijacking, an attacker can access any of your signed-in accounts stored in the browser, not just YouTube, evencircumventing 2FAor multi-factor authentication.
Google has itself documented suchcookie theft malwarethat targeted YouTube creators. Not just YouTube creators, thiscan happen to anyone. A case closer to home: my brother’s Twitter account was recently hacked using the same cookie theft technique.
Now to put a stop on cookie theft, Google has come up with a novel solution calledDevice Bound Session Credentials (DBSC). It basicallybinds the authentication session to the device, making it nearly impossible to use the stolen token on another device by an attacker.
For this, Google is usingTPM(Trusted Platform Modules) to store the private keys securely on the device. So even if the attacker gets access to the stolen cookie, it won’t be of any value because it can’t be used to authenticate on another device.
Google is alreadyprototyping DBSCand it’s available on thestable channel of Google Chromeversion 123.0.6312.123 or later. You will have to enable a flag to turn on DBSC. Here’s how to do it.
How to Enable DBSC on Google Chrome
So this is how you can enable DBSC in Chrome and protect your online accounts from cookie theft. A word of caution, do not download PDFs, attachments, and executables from untrustworthy websites and via unsuspecting emails. Most importantly,do not run them immediatelyon your PC. You can use VirusTotal (visit) to do a safety check first or use agood antivirusto scan the file.
Anyway, that is all from us. If you want toenhance your Chrome security, you can go through our linked tutorial. And if you have any questions, let us know in the comment section below.
Passionate about Windows, ChromeOS, Android, security and privacy issues. Have a penchant to solve everyday computing problems.
