Google Launches Chrome 146 with DBSC to Prevent Windows Session Theft

Taylor Keatsman

Published: April 10, 2026 10:11 AM ET

Google Launches Chrome 146 with DBSC to Prevent Windows Session Theft

Google has officially launched Chrome 146, featuring Device Bound Session Credentials (DBSC) to enhance browser security for Windows users. This important security feature aims to combat session theft, a growing concern in today’s digital landscape. After months of beta testing, DBSC is now widely available, with plans for a macOS rollout in future updates.

Understanding Session Theft

Session theft refers to the unauthorized extraction of session cookies from web browsers. This typically occurs when users inadvertently download malware that targets their systems. Notorious malware strains, such as Atomic, Lumma, and Vidar Stealer, are designed to collect various types of sensitive data, including session cookies.

These cookies, often possessing long lifespans, allow attackers to access victims’ online accounts without needing passwords. Once stolen, these tokens are often sold to other criminals, further amplifying the threat.

DBSC: A Revolutionary Defense Mechanism

First announced in April 2024, DBSC aims to mitigate session theft by linking authentication sessions to specific devices. This cryptographic approach minimizes the value of stolen cookies, as it utilizes hardware-backed security modules, including the Trusted Platform Module (TPM) on Windows devices.

How DBSC Works

Generates a unique public/private key pair stored securely on the device.
Short-lived session cookies are issued only after Chrome verifies possession of the private key.
If an attacker steals session cookies, they quickly become useless due to expiration.

Benefits and Future Plans

Google reported a significant reduction in session theft incidents since the introduction of DBSC. This initial success is promising, and the company intends to expand the feature’s availability to a broader range of devices and enhance capabilities further.

Google collaborated with Microsoft to develop DBSC as an open web standard, with privacy at its core. This ensures that users’ activities remain confidential across different sessions and websites on the same device.

Key Features of DBSC

Minimal information exchange, preventing device fingerprinting and cross-site tracking.
Fallback mechanisms if a user’s device does not support secure key storage.

As cybersecurity threats evolve, enhancements like DBSC in Chrome 146 are crucial in securing users’ online experiences. For the latest updates on browser security and technology, visit Filmogaz.com.