Chrome Origin Trial: Device Bound Session Credentials

Stay organized with collections Save and categorize content based on your preferences. José Luis Zapata Device Bound Session Credentials (DBSC) is a new web capability designed to protect user sessions from cookie theft and session hijacking. This feature is now available for testing as an Origin Trial in Chrome 135. Background Cookies play a crucial role in modern web authentication, allowing users to stay logged in across browsing sessions. However, attackers increasingly exploit stolen authentication cookies to hijack sessions, bypassing multi-factor authentication and other login security mechanisms. Malware operators often exfiltrate session cookies from compromised devices, enabling unauthorized access to user accounts. Since cookies are bearer tokens, they grant access without requiring proof of possession—making them a lucrative target for attackers. Device Bound Session Credentials (DBSC) aims to disrupt cookie theft by creating an authenticated session that is bound to ... Read full article.