Google Workspace is launching a brand new safety measure to assist stop the identical sort of account takeover assault that impacted Linus Tech Ideas. The characteristic, which is rolling out in beta for Chrome customers on Home windows, is designed to dam dangerous actors from remotely stealing the cookies that maintain you logged into your Workspace account.
Google calls the characteristic System Sure Session Credentials (DBSC), and it does precisely what its title suggests: it protects customers’ Workspace accounts by binding session cookies, the non permanent information that web sites use to recollect person data, to their gadgets.
That makes it tougher for attackers to hold out session token-stealing assaults, which regularly happen when a sufferer downloads information-stealing malware. From there, dangerous actors can exfiltrate a sufferer’s login credentials to a distant server, permitting them to signal into their account from one other machine or promote their credentials.
“As a result of this theft happens after a person has logged in, it bypasses many present account protections like 2FA [two-factor authentication],” Google spokesperson Ross Richendrfer tells The Verge. “Current protections for this sort of assault aren’t very mature, so it’s low-hanging fruit for attackers.”
In 2023, a foul actor took over the YouTube channel for Linus Tech Ideas, together with two different Linus Media Group accounts, after an worker downloaded a pretend sponsorship provide containing cookie-stealing malware. This week, YouTube issued a warning a couple of comparable rip-off involving creators downloading phony model offers. YouTube isn’t the one platform that we’ve seen impacted by cookie-stealing, both, as hackers hijacked a number of Chrome extensions final 12 months, including malware that exfiltrates session tokens for some web sites.
Google says there’s been an “exponential rise” in cookie and authentication token theft over the previous couple of years, and that this “pattern has solely intensified in 2025.” The corporate started working on DBSC final 12 months, and stated the verification platform Okta, in addition to browsers like Microsoft Edge, have “expressed curiosity” within the idea. Together with DBSC, Google recommends that Workspace directors allow passkeys as properly, which is now obtainable to over 11 million clients.