The topic Chrome browser is getting a security boost that you won’t see, but it’s good to have is currently the subject of lively discussion — readers and analysts are keeping a close eye on developments.
This is taking place in a dynamic environment: companies’ decisions and competitors’ reactions can quickly change the picture.
Google has quietly shipped one of the more meaningful browser security updates, and chances are you’ll never notice it’s there, which, I think, is the entire point.
Every time you log into a website, your browser stores a small file called a session cookie for subsequent visits, so you don’t have to provide your credentials every time you load a new page.
The problem, however, is that if your device is affected by any type of malware, it can steal those cookies and send them to an attacker, who can then use them to access your accounts, without ever needing your password. They can even bypass two-factor authentication.
This type of attack is more common than most people realize, and the sad part is that it works even on accounts with relatively stronger security settings. The good news is that DBSC addresses this by tying the session cookie to the specific device the browser created it on.
So, even if malware copies the session details or cookie and passes it along to someone else, the information becomes unusable outside the device it was created on. The added security layer works silently in the background as you continue going about your day on Chrome.
DBSC, in my opinion, is a part of a broader industry push to phase out traditional session cookies entirely. The World Wide Web Consortium already has an open specification for this that has existed for about three years now, and Microsoft has been quietly equipping Edge with the same standard.