Chrome stops hackers from stealing your browser cookies now - how its new security feature works
Google Chrome's new Device Bound Session Credentials feature aims to prevent cookie-hijacking attacks by tying browser sessions and cookies to a user's computer.
Browser cookies store your login sessions and website preferences, making it easy to use your favorite sites. However, they can also be exploited by hackers who hijack them to impersonate you on their own devices. A new security feature rolling out in Chrome aims to prevent this type of threat.
The anti-theft feature, called Device Bound Session Credentials (DBSC), is now available in Chrome for Windows. It is enabled by default for all Google Workspace and personal Google accounts, making it suitable for both consumer and enterprise Chrome users. In a typical cookie-hijacking attack, hackers use malware to remotely steal browser cookies, extracting sensitive data to sign in to associated accounts on their own devices, bypassing multi-factor authentication codes.
With DBSC activated, browser sessions and cookies are tied to a computer's built-in security chip, such as the Trusted Platform Module (TPM) on Windows PCs or the Secure Enclave on Macs. Even if a hacker steals browser cookies, they cannot use them on their own devices since they are linked to the original computer. "DBSC strengthens account security after users are logged in and helps bind a session cookie -- small files used by websites to remember user information -- to the device a user authenticated from," Google explained in its blog post.
"Even if malware was present on the user's device, DBSC reduces the risk of session theft and makes it meaningfully more difficult for malicious actors to exploit stolen session cookies." Google developed DBSC in 2024 to protect Chrome users from cookie-hijacking attacks. The feature was rolled out as an open beta for Google Workspace customers in 2025 and is now automatically enabled for both enterprise customers and those with personal Google accounts. To ensure you have the feature, make sure you're running Chrome version 146 or later on Windows and version 148 or later on a Mac.
To update, click the three-dot icon, move to Help, and select About Google Chrome.
Source: ZDNet