Google Enhances Chrome Security with Device Bound Session Credentials to Combat Infostealer Malware

Google has integrated Device Bound Session Credentials (DBSC) into Chrome 146 to mitigate infostealer malware abuse of stolen session cookies on Windows systems. The feature leverages hardware-based cryptographic keys to bind authentication cookies to the device, preventing their use on unauthorized machines. This update specifically targets malware families that extract and exfiltrate browser cookies for account hijacking. No CVE IDs or exact release dates were provided in the report. The implementation focuses on Windows platforms, with no mention of support for other operating systems. The measure aims to reduce the effectiveness of infostealer campaigns by invalidating stolen session data.