Google is commissioning a new security system against advanced attack methods targeting the session information of Workspace users. The company developed by the company “Device -connected Session Identity Information (DBSC), the new security structure, aims to prevent the attacks on Cookie theft. In the first stage, this system, which is tested for the Chrome browser in the Windows operating system, configures the session cookies of Workspace users in a way that only valids on the device where they are created.
In recent years, the attacks faced by internet users have become more complex, while the use of authentication cookies on other devices is a serious security weakness. Such attacks begin with users unintentionally downloading files containing malicious software. Then malicious software takes the user’s session cookies and transfer them to a remote server. With this method, the attackers can access the victim’s account from another device by overcoming security measures such as 2FA.
Google Workspace makes the attackers difficult
Google’s DBSC solution intervenes directly in these threats by ensuring that session cookies are only valid on the device on which they are created. The fact that cookies do not work on a different device makes it almost impossible for the attackers to access accounts with stolen session information. According to Google’s statements, such attacks have increased significantly in recent years and as of 2025 it has become more common. The company’s security officials emphasize that existing protection systems are not strong enough against such attacks and that additional solutions should be developed.
In 2023, Linus Tech Tips and other Youtube channels to which he was connected were the target of such an attack. As a result of an employee clicking on the fake sponsorship offer and downloading harmful files, session cookies were stolen and the accounts were seized for a short time. Following this incident, Youtube warned content producers against similar fraud attempts. In the same year, similar codes were placed in Google Chrome plug -ins and similar cookie thefts were performed.
Google says it has started to develop DBSC feature in 2024. The new security structure may not be limited to Workspace; Because browsers such as identity authentication infrastructure provider Okta and Microsoft Edge also reported that they are interested in this technology. In addition to the DBSC, they are recommended to activate the use of the transfer key to Workspace managers. With this method, Google aims to create an additional safety layer covering more than 11 million users.
On the other hand, cookie theft can have serious consequences not only in individual users but also in institutional structures. Seizure of high -access accounts, especially, can damage both data loss and brand reliability. For this reason, not only technological solutions, but also user awareness and digital hygiene habits stand out as an important link of the security chain. It is stated that institutions should strengthen their information and training processes for their employees as well as technical measures against such attacks.