Google Combats Cookie Theft With New Security Tech in Chrome - 1

Google Combats Cookie Theft With New Security Tech in Chrome

  • Written by Elijah Ugoh Cybersecurity & Tech Writer
  • Fact-Checked by

Google is addressing the persistent issue of cookie theft with the introduction of Device Bound Session Credentials (DBSC), a novel web capability that will reduce account hijacking and make browning on Chrome safer. DBSC has been made public for anyone interested in learning more about how it will work.

DBSC ties authentication data to a specific device, rendering stolen cookies ineffective and disrupting the cookie theft industry, says Google on its Chrome blog .

Cookies, widely utilized by websites to store session information locally on users’ devices, have long been vulnerable to exploitation by malware. Attackers can copy cookies from users’ hard drives and utilize the user’s browsing session information to access sensitive data associated with the various websites they’ve visited. DBSC aims to reduce such account hijacking caused by cookie theft, making browsing on Chrome safer.

Kristian Monsen of the Chrome Counter Abuse team elaborated on DBSC’s purpose, stating, “By binding authentication sessions to the device, DBSC aims to disrupt the cookie theft industry since exfiltrating these cookies will no longer have any value. We think this will substantially reduce the success rate of cookie theft malware.”

Google emphasizes that this strategy will make cookie theft unattractive and useless for malware attackers. Monsen added that “DBSC doesn’t leak any meaningful information about the device beyond the fact that the browser thinks it can offer some type of secure storage.”

While initial rollout is expected for approximately half of desktop users, Google aims to broaden DBSC adoption by collaborating with industry stakeholders, including identity providers and browser developers like Microsoft for its Edge browser.

As Google pioneers DBSC to fortify user security and privacy, all announcements regarding the project will be made publicly on GitHub as well. It aims to allow origin trials for all interested websites by the end of 2024. This way, developers get early access to DSBC, allowing them to gather feedback, test compatibility, and assess the performance of the feature before it is officially released to the general public.

DBSC also aligns with Google’s ongoing efforts to phase out third-party cookies in Chrome and is currently being tested to protect Google Account users running Chrome Beta. Google plans to extend DBSC functionality to Google Workspace and Google Cloud customers “to provide another layer of account security.”

Roku May Show Ads While Games or TV Shows are Paused - 2

Roku May Show Ads While Games or TV Shows are Paused

  • Written by Elijah Ugoh Cybersecurity & Tech Writer
  • Fact-Checked by

Roku filed a new patent late last year for a new technology that will allow it to show more ads when TV shows or games are paused on Roku TV.

The patent, which is still pending, will allow Roku to detect what someone is watching or playing (on their Apple TV or gaming console, for example) via HDMI and show related ads when the content is paused.

Roku has previously monetized inactivity using its Roku City Screensaver as an advertising platform. It initiated sponsorship opportunities for the screensaver last May, featuring prominent brands like Walmart and McDonald’s. The screensaver has been successful, which is probably why the company doesn’t allow developers to add their own screensavers to their apps running on Roku devices.

However, developers of apps running Roku can build dedicated screensavers, which can be downloaded to replace the default Roku City Screensaver.

But, Roku’s reliance on HDMI input is a major challenge that it needs to deal with to make this new business model successful. This is because HDMI inputs become inaccessible to Roku when users switch to external devices like game consoles or competing streaming adapters.

The patent application aims to address this limitation by monitoring the audio and video signals transmitted through HDMI ports, enabling Roku to detect moments of inactivity on a user’s device. The company will have to keep a close eye on users’ activities to avoid randomly interrupting video streams or video games.

To produce relevant ads, the company wants to use audio and video content recognition technologies (ACR) to identify the context of paused content. For instance, if a user pauses a movie on an Apple TV, Roku could analyze the scene and display ads related to the content the user was watching before the pause. With the extra level of tracking this patent seeks, Roku might face some backlash regarding its privacy policies.

While the company is yet to make an official comment on its pending patent, the company’s action seems justifiable, as it reported a loss of $44 million on the sale of smart TVs and other streaming devices in 2023. However, Roku generated a gross profit of about $1.6 billion from selling ads and services, which means it’s unlikely that the option to opt out of these personalized ads will be made available.