Serious New Warning Issued for 1 Billion Google Chrome Users

/in


If you’re one of Chrome’s billion-plus desktop users, there’s a devious threat to your personal data and login credentials that’s now getting worse. Google has plans to fix it, but in the meantime you have just been warned to beware the risks…

Cookies get a bad press—these devilish little tracking files on your PC have a nasty habit of following you around the Internet, reporting back on your activity. Google’s long-delayed killing of such third-party trackers is now underway and long overdue.

But those tracking cookies have helpful little cousins, first-party cookies, that recognize your device as belonging to you, and log you back into accounts and websites as an accreditation shortcut—otherwise you’d spend your day logging in.

All very good—unless they’re stolen of course.

MORE FROM FORBESWhatsApp Deadline-10 Days To Accept New Terms Or Delete Your AccountBy Zak Doffman

“Many users across the web are victimized by cookie theft malware,” Google warns, “giving attackers access to their web accounts. Operators of Malware-as-a-Service (MaaS) frequently use social engineering to spread cookie theft malware.”

Google’s warning comes as part of a proposed update to its Chrome desktop browser to address this, acknowledging that while “fundamental to the modern web… due to their powerful utility, cookies are also a lucrative target for attackers.”

This is mainly a desktop challenge, and Google’s smart answer is to bind such cookies to the user’s device, rendering them useless if stolen absent access to that original device itself. “We’re prototyping a new web capability called Device Bound Session Credentials (DBSC) that will help keep users more secure against cookie theft… By binding authentication sessions to the device, DBSC aims to disrupt the cookie theft industry since exfiltrating these cookies will no longer have any value.”

Put Google’s new beta update to one side for now—take this as a warning to be aware of the risks and to keep those risks in mind—especially when logging into financial sites or enterprise systems belonging to the…

Source…