← Back to BrewedIntel
othermediumCredential theftInfo-stealing malwareSession cookie theft

Apr 09, 2026 • Ionut Ilascu

Google Chrome adds infostealer protection against session cookie theft

Google has implemented Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows to combat info-stealing malware targeting session cookies....

Source
Bleeping Computer
Category
other
Severity
medium

Executive Summary

Google has implemented Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows to combat info-stealing malware targeting session cookies. This defensive mechanism binds session credentials directly to user devices, significantly impeding malware attempts to harvest and exploit authentication tokens. The feature addresses a critical attack vector leveraged by info-stealing malware families that target browser sessions for credential theft. Organizations should ensure Chrome deployments are updated to version 146 or later to benefit from this enhanced security. While this represents a meaningful advancement in browser-based defenses, users should maintain complementary security practices including avoiding suspicious websites and keeping endpoint protection current.

Summary

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...]

Published Analysis

Google has implemented Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows to combat info-stealing malware targeting session cookies. This defensive mechanism binds session credentials directly to user devices, significantly impeding malware attempts to harvest and exploit authentication tokens. The feature addresses a critical attack vector leveraged by info-stealing malware families that target browser sessions for credential theft. Organizations should ensure Chrome deployments are updated to version 146 or later to benefit from this enhanced security. While this represents a meaningful advancement in browser-based defenses, users should maintain complementary security practices including avoiding suspicious websites and keeping endpoint protection current. Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...] Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...]

Read original source