Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
Summary
Google has made Device Bound Session Credentials (DBSC) generally available in Chrome 146 for Windows users. This feature aims to prevent session theft by tying web session credentials to the device, making it harder for attackers to steal and reuse them. Expansion to macOS is planned for a future release.
IFF Assessment
FRIEND
DBSC is a new security feature designed to directly defend against session hijacking, a common attack vector.
Defender Context
This feature directly addresses session hijacking, a prevalent attack method used by threat actors to gain unauthorized access. Defenders should be aware of DBSC's rollout and understand its implications for securing user sessions within the Chrome browser on Windows, and monitor for its availability on other platforms.