Google Will Implement New Web Standards To Overcome Cookie Theft In Chrome
JAKARTA At the beginning of this year, it was revealed that malicious programs in the form of malware have new ways to attack Google Chrome users. This program was able to steal rookies to access Google accounts.Google is trying to address this issue by securing compromised accounts, as long as the malicious effort is detected by the system. Unfortunately, not all of the malware is detected so that Google wants to fight in a new way. Quoting from the 9to5google report, the Google Chrome team proposed the Credential of the Device Bound Session (DBSC), a protocol in the form of an Application Programming Interface (API) that makes websites securely binding authentication sessions to one device. This protocol is believed to be very secure and will not divulge any information about the user's device. The reason is, DBSC only sends one information to the server, namely a public key per session that will certify proof of key ownership. The use of this DBSC system is proposed after Google observes a maximalware in stealing rookies. The criminals will retrieve user data after conducting alogin. However, they will go through a two-factor authentication process and other security actions.
SEE ALSO:
When malware successfully infiltrates a rookie, users will not be able to remove the malicious program even if the anti-virus has been working and deleting detected malware. Therefore, a more capable protocol is needed. DBSC will bind the authentication session to a device that has a public or locally private key. This key will be stored in the operating system (OS) using a Trusted Platform Module so that the data export process will be difficult to implement.Chrome will make DBSC a new open web standard. This standard is still being developed and will be tested later this year. Although not yet completed, the DBSC standard has entered Chrome Beta in several Google accounts as an initial initiative.