{"id":101,"date":"2026-04-10T14:00:00","date_gmt":"2026-04-10T14:00:00","guid":{"rendered":"https:\/\/thecybersecurity.network\/blog\/google-enhances-chrome-security-with-dbsc-on-windows\/"},"modified":"2026-04-12T20:03:38","modified_gmt":"2026-04-12T20:03:38","slug":"google-enhances-chrome-security-with-dbsc-on-windows","status":"publish","type":"post","link":"https:\/\/thecybersecurity.network\/blog\/google-enhances-chrome-security-with-dbsc-on-windows\/","title":{"rendered":"Google Enhances Chrome Security with DBSC on Windows"},"content":{"rendered":"

Google has announced the general availability of Device Bound Session Credentials (DBSC) for all Windows users of Chrome, a major security advancement that fundamentally changes how browser sessions are protected against cookie theft attacks.<\/p>\n

What is DBSC?<\/h2>\n

Device Bound Session Credentials (DBSC) is a new web security standard that cryptographically binds browser session cookies to the specific device they were created on, using the device’s Trusted Platform Module (TPM) chip.<\/p>\n

This means that even if an attacker steals your session cookies (via malware, XSS, or network interception), those cookies are completely useless on any other device.<\/p>\n

How it Works<\/h2>\n
    \n
  1. When you log into a DBSC-enabled website, Chrome generates a cryptographic key pair stored in the device’s TPM<\/li>\n
  2. The session token is bound to the private key which never leaves the device<\/li>\n
  3. On each request, Chrome proves possession of the private key via a challenge-response mechanism<\/li>\n
  4. Stolen cookies without the private key are rejected by the server<\/li>\n<\/ol>\n

    Impact on Security<\/h2>\n

    DBSC effectively neutralizes the most common post-exploitation technique used by infostealers: session cookie theft. This includes attacks by malware families like RedLine, Raccoon, and Vidar that specifically target browser session stores.<\/p>\n

    Availability<\/h2>\n
      \n
    • Available now for all Chrome users on Windows with TPM 2.0<\/li>\n
    • Requires websites to implement DBSC server-side support<\/li>\n
    • Google, Cloudflare and Microsoft are early adopters<\/li>\n
    • macOS and Linux support planned for future releases<\/li>\n<\/ul>\n

      Written by Tarang Parmar (CEH) \u2014 TheCyberSecurity.Network. Read time: 3 min.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

      Google announces general availability of Device Bound Session Credentials (DBSC) for Chrome on Windows, eliminating cookie theft attacks.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45],"tags":[30,39,31,32,33],"class_list":["post-101","post","type-post","status-publish","format-standard","hentry","category-security-news","tag-chrome","tag-cybersecurity","tag-dbsc","tag-google","tag-sessionsecurity"],"_links":{"self":[{"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/posts\/101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/comments?post=101"}],"version-history":[{"count":1,"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/posts\/101\/revisions"}],"predecessor-version":[{"id":103,"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/posts\/101\/revisions\/103"}],"wp:attachment":[{"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/media?parent=101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/categories?post=101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecybersecurity.network\/blog\/wp-json\/wp\/v2\/tags?post=101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}