Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

What’s new: Google has rolled out Device Bound Session Credentials (DBSC) in Chrome 146 for Windows users to combat session theft. This feature cryptographically ties authentication sessions to specific devices, making stolen cookies ineffective. The rollout follows a successful beta phase and aims to reduce unauthorized access to online accounts.

Who’s affected

All Windows users of Chrome 146 are affected by this update, with plans for macOS support in future releases. Users who may be targeted by session theft attacks, particularly those using information-stealing malware, are also impacted.

What to do

• Ensure your Chrome browser is updated to version 146 or later to benefit from DBSC.
• Educate users about the risks of session theft and the importance of avoiding malware.
• Monitor authentication logs for unusual access patterns that may indicate session theft attempts.

Sources

• The Hacker News