← Back to BrewedIntel
otherlowsession hijackingsession theft

Apr 10, 2026 • [email protected] (The Hacker News)

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google has made Device Bound Session Credentials (DBSC) generally available in Chrome 146 for Windows users, addressing session theft attacks. DBSC binds user...

Source
The Hacker News
Category
other
Severity
low

Executive Summary

Google has made Device Bound Session Credentials (DBSC) generally available in Chrome 146 for Windows users, addressing session theft attacks. DBSC binds user sessions to the device, making it harder for attackers to hijack authenticated sessions even if they obtain credentials through phishing or other methods. This defensive mechanism aims to protect against session hijacking attacks that have become increasingly prevalent. The feature is currently limited to Windows with macOS support planned for future releases. Organizations should ensure users update to Chrome 146 to benefit from this enhanced session protection.

Summary

Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant

Published Analysis

Google has made Device Bound Session Credentials (DBSC) generally available in Chrome 146 for Windows users, addressing session theft attacks. DBSC binds user sessions to the device, making it harder for attackers to hijack authenticated sessions even if they obtain credentials through phishing or other methods. This defensive mechanism aims to protect against session hijacking attacks that have become increasingly prevalent. The feature is currently limited to Windows with macOS support planned for future releases. Organizations should ensure users update to Chrome 146 to benefit from this enhanced session protection. Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant

Read original source