Google has made Device Bound Session Credentials (DBSC) generally available in Chrome β a major step forward in account security.
π What it means:
DBSC cryptographically binds session cookies to your deviceβs hardware security chip (TPM on Windows, Secure Enclave on macOS).
Stolen cookies become useless to attackers since they donβt have the private keys tied to your device.
Rollout is automatic for all Google Workspace customers, Workspace Individual subscribers, and personal Google accounts.
Admins cannot disable it β ensuring protection is always on.
π‘ Why it matters: This directly counters infostealer malware like Lumma and Rhadamanthys, which exploited stolen cookies to bypass MFA and hijack accounts. With DBSC, Chrome makes cookie theft attacks far harder to succeed.