Google Chrome Introduces Device Bound Session Credentials to Mitigate Cookie Theft

Google Chrome has introduced Device Bound Session Credentials (DBSC) to mitigate cookie theft, a method where infostealer malware extracts authentication cookies from compromised devices and exfiltrates them to attacker-controlled servers. These stolen cookies, often long-lived, allow unauthorized account access without passwords and are frequently sold on illicit markets. DBSC binds session credentials to the device, preventing their use if copied to another machine. The feature is now publicly available in Chrome, though no specific release date or version was provided. The approach targets malware that reads browser-stored cookies from local files or memory. No CVE IDs or additional technical implementation details were mentioned.