Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Chrome DBSC rolls out session-cookie theft protection for all users

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Google's Chrome Device Bound Session Credentials (DBSC) is now generally available and rolling out to all users, reducing the risk of account takeovers from stolen session cookies. The feature binds cookies to a specific device so attackers cannot reuse exfiltrated cookies to bypass MFA. The rollout reaches Google Workspace customers, Workspace Individual subscribers, and people using personal Google accounts.

Related Happenings

Google rolls out Android Intrusion Logging in Android Advanced Protection Mode

Security Tool/Service
First: 14.05.2026 16:30 Last: 14.05.2026 16:30 Sources 1

About this happening: Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...

Open Happening

Android Intrusion Logging forensic logging rollout for spyware investigations

Security Tool/Service
First: 13.05.2026 09:55 Last: 13.05.2026 09:55 Sources 1

About this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...

Open Happening

Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft

Security Tool/Service
First: 09.04.2026 21:33 Last: 09.04.2026 21:33 Sources 1

About this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...

Open Happening

Storm infostealer server-side decryption activity

Malware Activity
First: 02.04.2026 17:15 Last: 02.04.2026 17:15 Sources 1

About this happening: The **Storm** infostealer now steals **browser credentials**, **session cookies**, and **crypto wallets** and forwards them to attacker infrastructure for **server-side decryption...

Open Happening

TikTok for Business phishing campaign using Turnstile and reverse proxy

Campaign
First: 26.03.2026 16:09 Last: 26.03.2026 16:09 Sources 1

About this happening: A **phishing campaign** is targeting **TikTok for Business accounts** and uses **Cloudflare Turnstile** to block automated analysis before exposing a **reverse-proxy** credential-...

Open Happening

Timeline

  1. 29.05.2026 15:08 2 articles · 2h ago

    Google rolls out Chrome DBSC to block stolen session cookies

    Untyped Phase

    Google says Chrome Device Bound Session Credentials (DBSC) is now generally available and rolling out to Google Workspace customers, Workspace Individual subscribers, and personal Google accounts. For Google Workspace customers, the feature is enabled by default and administrators cannot disable it. DBSC binds session cookies to a device using hardware-backed keys such as the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS to reduce account takeover risk from stolen cookies.

    Show sources
    Open in new tab