When browsing the web, cookies can be useful, because they can be used to save site preferences and browsing information for a more seamless experience.
But at the same time, because cookies can store a lot of information about users, they can also be used to track users. And malicious people can also steal cookies to steal users' data. Google wants to prevent this.
The company has unveiled Device Bound Session Credentials (DBSC), which the company said can protect you against malware that steals cookies.
As Google explains in a blog post, attackers typically pull authentication cookies from browsers on targets' device and move them to remote servers. They then sell access to the compromised accounts.
DBSC is meant to significantly cut down on cookie theft from occurring in the first place.
DBSC works when the browser starts a new session, and that it creates a new public/private key pair locally on the device, and then gets the operating system to safely store the private key.
Google explained that its Chrome browser will use Trusted Platform Module (TPM) for that.
Traditionally, malware that targets cookies steal cookies by copying them from users' hard drive, The hacker can then use the stolen cookies to steal session information to access users' data from websites the cookies are associated with.
DBSC combat this threat using a cryptographic key to tie a session to the user's specific computer or device.
This process is performed only if users are actively using the session.
The DBSC API allows a web server to associate users' session with the public key generated, and the session can be periodically refreshed with cryptographic proof.
The prototype, which is initially tested by "some" Google Account users running Chrome Beta, is built with an aim to make it an open web standard, the tech giant's Chromium team said.
This test is meant to gauge DBSC's reliability and feasibility.
Once ready, Google plans to roll out DSBC to consumer and enterprise Chrome users via an automatic update.
At this time, Google is developing DBSC on GitHub, with a goal of fully launching it at the end of 2024.