Chrome ties browser cookies to your device to block hijacking

Browser cookies store login sessions and website preferences, but they can be stolen and used to impersonate you. Chrome is rolling out Device Bound Session Credentials (DBSC) to stop cookie‑hijacking attacks. In a typical cookie‑hijacking attack, malware steals cookies so attackers can sign in on their own devices without dealing with multi‑factor codes.

With DBSC activated, session cookies are tied to the computer's built‑in security chip — the Trusted Platform Module (TPM) on most Windows PCs and the Secure Enclave on Macs — so stolen cookies can’t be used elsewhere. "DBSC strengthens account security after users are logged in and helps bind a session cookie -- small files used by websites to remember user information -- to the device a user authenticated from," Google explained.

chrome, cookies, cookie hijacking, dbsc, tpm, secure enclave, session cookies, malware, mfa, account security