Chrome rolls out hardware-bound session protection to combat infostealer malware
9 hours ago
- #Cybersecurity
- #Session Security
- #Google Chrome
- Google rolled out Device Bound Session Credentials (DBSC) in Chrome 146 for Windows to prevent session cookie theft via hardware-backed mechanisms.
- DBSC binds session cookies to devices using hardware keys (TPM on Windows, Secure Enclave on macOS), making stolen cookies useless without the private key.
- The feature reduces session hijacking attempts, enforces cookie rotation, and includes privacy safeguards like separate keys per session to prevent tracking.
- Google plans to expand DBSC to macOS, federated identity systems, and integrate with hardware security keys, while exploring software options for devices without secure hardware.