Google is deploying Device Bound Session Credentials (DBSC) to all Chrome users, a security feature designed to prevent account takeovers by protecting session cookies from theft.
Google Chrome now offers Device Bound Session Credentials (DBSC) protection to its entire user base. The security feature, which has reached general availability, binds session cookies to individual devices, making stolen credentials useless if accessed from another computer or device.
■ How It Works
DBSC ties session cookies to a device's hardware keys, ensuring that even if an attacker obtains a cookie through phishing, malware, or network interception, they cannot use it to access accounts from a different device. This adds a critical layer of protection beyond traditional cookie security.
■ Broader Protection
The rollout applies to users across all platforms where Chrome operates. Google designed DBSC to defend against a common attack vector: session hijacking, where cybercriminals gain access to active user sessions without needing passwords.
This approach proves especially valuable for high-value targets, including enterprise users and individuals managing sensitive accounts. The feature works behind the scenes, requiring no user configuration or action to enable.
■ Industry Context
Session cookie theft remains a significant security concern. Attackers frequently exploit compromised cookies to bypass multi-factor authentication and gain direct account access. DBSC addresses this vulnerability at the browser level, offering protection regardless of whether websites implement additional security measures.
Google has worked with industry partners on the DBSC standard, positioning it as a potential foundation for broader web security improvements.
■ Availability
The rollout is gradual, meaning not all users will see the feature simultaneously. Chrome users should expect full deployment in coming weeks. The feature operates automatically once enabled on compatible systems.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.