Google Chrome Tests New Feature To Stop Session Hijacking
Google Chrome Tests New Feature To Stop Session Hijacking
Some of you certainly remember that time when Linus Tech Tips of all channels on YouTube was hijacked out of nowhere, and it ended up being a big lesson for the organization (and everyone watching) about the threats of what is referred to as βsession hijackingβ or βcookie hijackingβ.
In the age where strong passwords are often required, and 2FA is a common feature for most online services β session hijacking is a ridiculously simple mechanism that has caused many YouTube creators to lose access to their accounts, which will then be converted into an impersonated version of SpaceX, Tesla, crypto, or anything that relates to Elon Musk (for some reason).
It only takes one user in the organization to fall for a social engineering attempt β often involving downloading a strange βPDFβ file that is, in reality, malware. The said malware will grab a copy of your PCβs browser cookies, which contain βsession tokensβ (think of it as virtual keycards), and allow the perpetrator to access the victimβs account without needing to know the user ID or the password. (You can read the explainer of how this works here.)
To solve this threat, Google is introducing a feature called Device Bound Session Credentials (DBSC), which essentially applies a form of encryption to the session token so that it only works on the original system that it was logged into. βBy binding authentication sessions to the device, DBSC aims to disrupt the cookie theft industry since exfiltrating these cookies will no longer have any value,β the company wrote in the blog post.
The company intends to make it an βopen web standardβ, which should greatly help in enhancing account security across the web. Right now, not all systems have the required hardware to support DBSC. The TPM chip found in all Windows 11 machines today is part of that requirement, and as PCMag points out, both Mac and Linux machines lack the chip by default. Google responded to the outlet, stating: βWeβre aiming to bring the (DBSC) API to additional platforms, and will share an update when we have more details.β
Pokdepinion: This should be a big step in eradicating account hijack incidents commonly seen on YouTube.Β
![[UPDATED: Statements] Forza Horizon 6 Dev Drops Multi-Millennial Ban Hammer To Cheater Before The Game Has Even Released - 60](https://cdn.pokde.net/wp-content/uploads/2026/05/12022254/fh6leakpermabancover-420x280.jpg "[UPDATED: Statements] Forza Horizon 6 Dev Drops Multi-Millennial Ban Hammer To Cheater Before The Game Has Even Released - 61")
