Chrome rolls out Device Bound Session Credentials to block cookie hijacking

Chrome has launched Device Bound Session Credentials (DBSC) to prevent hackers from stealing browser cookies and impersonating users. The feature is now enabled by default for all Google Workspace and personal Google accounts on Windows. In a cookie-hijacking attack, hackers use malware to extract passwords and session data from cookies, allowing them to log into accounts on their devices without multi-factor authentication. DBSC ties session credentials to specific devices, making it harder for attackers to reuse stolen cookies. This update directly addresses the fact that half of all cyberattacks begin in the browser, enhancing security for both consumers and enterprise users who rely on Chrome.