Google Workspace is launching a brand new safety measure to assist stop the identical sort of account takeover assault that impacted Linus Tech Ideas. The characteristic, which is rolling out in beta for Chrome customers on Home windows, is designed to dam dangerous actors from remotely stealing the cookies that maintain you logged into your Workspace account.
Google calls the characteristic Gadget Sure Session Credentials (DBSC), and it does precisely what its identify suggests: it protects customers’ Workspace accounts by binding session cookies, the non permanent information that web sites use to recollect person info, to their gadgets.
That makes it tougher for attackers to hold out session token-stealing assaults, which frequently happen when a sufferer downloads information-stealing malware. From there, dangerous actors can exfiltrate a sufferer’s login credentials to a distant server, permitting them to signal into their account from one other gadget or promote their credentials.
“As a result of this theft happens after a person has logged in, it bypasses many present account protections like 2FA [two-factor authentication],” Google spokesperson Ross Richendrfer tells The Verge. “Current protections for the sort of assault aren’t very mature, so it’s low-hanging fruit for attackers.”
In 2023, a foul actor took over the YouTube channel for Linus Tech Ideas, together with two different Linus Media Group accounts, after an worker downloaded a faux sponsorship supply containing cookie-stealing malware. This week, YouTube issued a warning a couple of comparable rip-off involving creators downloading phony model offers. YouTube isn’t the one platform that we’ve seen impacted by cookie-stealing, both, as hackers hijacked a number of Chrome extensions final yr, including malware that exfiltrates session tokens for some web sites.
Google says there’s been an “exponential rise” in cookie and authentication token theft over the previous couple of years, and that this “development has solely intensified in 2025.” The corporate started engaged on DBSC final yr, and mentioned the verification platform Okta, in addition to browsers like Microsoft Edge, have “expressed curiosity” within the idea. Together with DBSC, Google recommends that Workspace directors allow passkeys as properly, which is now obtainable to over 11 million clients.
