- Google launched the open beta of Device Bound Session Credentials (DBSC) in Chrome on Windows to fight session cookie theft.
- DBSC binds user sessions to specific devices, blocking attackers from using stolen session cookies on other hardware.
- Over 11 million Google Workspace customers now have general access to passkey support and new admin controls.
- Google is testing a shared signals framework (SSF) to help organizations rapidly exchange security alerts using the OpenID standard.
- Project Zero introduced a Reporting Transparency policy to report some vulnerabilities publicly within one week of notifying affected vendors.
Google announced the open beta release of Device Bound Session Credentials (DBSC) for Chrome users on Windows, aiming to reduce the threat of session cookie theft. The security feature binds authentication sessions to the device, making it difficult for Hackers to hijack accounts using stolen cookies on other machines.
DBSC first appeared as a prototype in April 2024. Andy Wen, senior director at Google Workspace, said the tool “strengthens security after you are logged in and helps bind a session cookie… to the device a user authenticated from.” Session cookies are small files websites use to remember users, and DBSC works by linking them to the specific device used in the authentication.
The company stated that DBSC not only protects user accounts but also improves the integrity of session data. It offers a new layer of defense after a user logs in, preventing cookie-based attacks. According to Google, passkey support is now available for over 11 million Workspace users, allowing administrators to audit enrollments and limit passkey use to physical security keys.
Google plans to roll out a shared signals framework (SSF) for select clients, letting “transmitters” inform “receivers” of critical security events in near real-time. According to Wen, “This framework acts as a robust system for ‘transmitters’ to promptly inform ‘receivers’ about significant events, facilitating a coordinated response to security threats.” The company said this sharing could include device or user details, further boosting defense mechanisms.
Meanwhile, Google Project Zero announced a Reporting Transparency policy to address the “upstream patch gap,” where fixes may be available but not yet distributed to end users. Now, Project Zero will publicly share details of certain vulnerabilities within a week after notifying vendors. This information covers the vendor name, affected products, the report date, and the disclosure deadline. The current list names several issues in Microsoft Windows, Dolby Unified Decoder, and Google BigWave, as seen on their transparency page.
Google said this change aims to inform downstream users faster, though full technical details will stay confidential until the disclosure deadline passes. The company also plans to apply the same principle to Big Sleep, its AI agent for finding security flaws. The shift is designed to help organizations address vulnerabilities and keep devices better protected.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- White House Unveils Crypto Roadmap, Calls for New SEC Legislation
- AI Tokens Dip Despite Strong Microsoft, Meta Earnings; Fed Uncertainty Bites
- Apple Patches Zero-Day Flaw Impacting Safari, iOS, macOS, watchOS
- Samourai Wallet Founders Plead Guilty, Face Up to 5 Years Prison
- Hackers Spread JSCEAL Malware via Fake Crypto Apps, Facebook Ads
