Google announces Device Bound Session Credentials (DBSC) is now publicly available for Windows on Chrome 146, with macOS support coming soon. DBSC protects against session theft by cryptographically binding authentication sessions to device hardware (TPM/Secure Enclave), making exfiltrated cookies useless to attackers. The feature shifts security from reactive credential monitoring to proactive prevention.
Safety
Protecting Cookies with Device Bound Session Credentials
Google ships Device Bound Session Credentials on Chrome 146 (Windows, macOS coming), cryptographically binding authentication to device hardware (TPM/Secure Enclave) to render stolen cookies useless against session hijacking.
Friday, April 10, 2026 12:00 PM UTC2 MIN READSOURCE: LobstersBY sys://pipeline
Tags
safety