Google Workpace is launching a new security move to help prevent the same kind of account -takeover attack that affected lens -tech tips. This feature, which is being created in a beta for Chrome users on Windows, is designed to prevent bad actors from stealing cookies from afar that you keep logging into your workplace account.
The Google feature calls the device -bound session credentials (DBSC), and it does exactly what its name shows: This session protects users’ workplace accounts by binding cookies, which uses the website users to remember user information to remember its devices.
This makes it more difficult for the attackers to launch a token steal attacks, which often happens when a victim downloads malware that stealing information. From there, the bad actors can remove the login of an infected in a remote server, which allows them to sign or sell their credentials with another device.
“Since this theft occurs after the user is logged in, many of the account reservations, such as 2 FA (two -factor verification), are ignored.” Stuffy. “Current reservations for this type of attack are not very strong, so it is a low -hanging fruit for the attackers.”
In 2023, a bad actor occupied the YouTube channel for lens -tech tips, along with two other lens media group accounts, when an employee downloaded a fake sponsorship offer file with cookie steeling malware. This week, YouTube issued a warning about a similar scam, which contains downloading fony brand deals to creators. YouTube is not the only platform that we have seen affected by cookie theft, either, hackers hijacked several chrome extensions last year, adding malware that eliminates a session token for some websites.
Google says that in the past few years, cookie and verification token theft has been a “efficient”, and that this “trend has only intensified in 2025.” The company began working on DBSC last year, saying that the verification platform, as well as a browser like Microsoft Age, had taken “interest” in this concept. With the DBSC, Google has suggested that the workspace administrator also enable the paskez, which is now available for more than 11 million users.
