This Crucial New Chrome Feature Will Protect Your Account Against Account Takeover

Linus Tech Tips's YouTube channel was compromised a year ago. The YouTube staff conducted a 24-hour investigation, but the hackers continued to broadcast cryptocurrency frauds on the channel. Later on, it was found that cookie theft, also known as session hijacking, allowed attackers to view the whole of LTT's YouTube channel.

An employee opened an email attachment that seemed to be a PDF file, but it was really an executable infected with malware. After running on the machine, the malware provided the attacker the session token and encrypted the cookie database.

An attacker may access all of your signed-in accounts that are kept in the browser using session hijacking, not only YouTube. In fact, it can even circumvent 2FA or multi-factor authentication.

Such cookie stealing malware, which targeted YouTube producers, has been reported by Google themselves. This is not limited to YouTube artists; anybody may experience this . A instance nearer to home: the identical cookie stealing method was recently used to breach my brother's Twitter account.Google has now developed a unique method known as Device Bound Session Credentials (DBSC) to combat cookie stealing. By essentially binding the authentication session to the device, it is almost hard for an attacker to utilize the stolen token on another device.Google is using TPM (Trusted Platform Modules) to safely store the private keys on the gadget in order to do this. Because the stolen cookie cannot be used to login on another device, it will be useless even if the attacker manages to access it.As of Google Chrome version 123.0.6312.123 or later, the stable channel is where DBSC is currently in prototype. To activate DBSC, a flag must be enabled. This is the procedure.

Google Chrome: How to Turn on DBSC

Launch chrome://flags in your Chrome browser.
Search for “Device Bound Session Credentials” and enable it. You can also copy and paste the below address directly into the browser.

"Chrome://flags/#enable-bound-session-credentials"

Now, simply restart your browser and you are done. You won’t see any change in how you interact with your online accounts.

Thus, you may prevent cookie theft from happening to your online accounts by turning on DBSC in Chrome. A word of caution: avoid downloading executables, PDFs, and attachments from dubious websites and shady communications. Most essential, avoid running them on your PC right away. First, you may do a safety check using VirusTotal (visit) or scan the file with a reputable antivirus.That's all from us, however. You may follow our linked instruction to enhance your Chrome security. Please use the space provided for comments below to ask any queries you may have.