Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies.

MacOS users will benefit from this security feature in a future Chrome release that has yet to be announced.

The new protection has been announced in 2024, and it works by cryptographically linking a user’s session to their specific hardware, such as a computer’s security chip — the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS.