CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 30, 2026

Google Chrome’s Device-Bound Session Credentials Now GA to Block Account Takeovers

Cybersecurity News Archived May 30, 2026 ✓ Full text saved

Google has officially moved Device Bound Session Credentials (DBSC) to general availability in the Chrome browser on Windows, delivering a powerful defense against one of the most persistent threats in modern cybersecurity session cookie theft. Previously available in beta for Google Workspace users, DBSC is now enabled by default across all Workspace customers, Individual subscribers, […] The post Google Chrome’s Device-Bound Session Credentials Now GA to Block Account Takeovers appeared first

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security Google Chrome’s Device-Bound Session Credentials Now GA to Block Account Takeovers By Guru Baran May 30, 2026 Google has officially moved Device Bound Session Credentials (DBSC) to general availability in the Chrome browser on Windows, delivering a powerful defense against one of the most persistent threats in modern cybersecurity session cookie theft. Previously available in beta for Google Workspace users, DBSC is now enabled by default across all Workspace customers, Individual subscribers, and personal Google accounts. Session cookies are small files websites use to remember authenticated users, but they’ve long been a lucrative target for threat actors. Malware families like infostealer trojans routinely harvest these cookies to hijack active sessions, bypassing multi-factor authentication entirely, a technique known as a pass-the-cookie attack. DBSC directly counters this threat by cryptographically binding a session cookie to the specific device the user authenticated from. Even if malware successfully exfiltrates a cookie from the compromised endpoint, that cookie becomes essentially useless on any other machine. This significantly raises the operational cost for attackers relying on stolen session tokens to maintain persistent access. Google has further amplified DBSC’s defensive value by integrating it with Context-Aware Access (CAA). Organizations leveraging both capabilities can enforce more granular access policies based on device attributes, user behavior, and environmental signals, adding an additional layer of verification beyond initial authentication. Workspace administrators can now monitor DBSC binding events directly through the security investigation tool’s audit logs, enabling security teams to detect anomalies and track session integrity across their environment. Notably, DBSC requires no administrative action to enable; it is active by default and cannot be disabled through the Admin console. Rollout Timeline and Availability Google began a gradual rollout on May 25, 2026, covering both Rapid Release and Scheduled Release domains, with full feature visibility expected within 60 days. The feature is broadly available to: All Google Workspace customers Workspace Individual subscribers Users with personal Google accounts DBSC represents a meaningful architectural shift in post-authentication security. Rather than relying solely on perimeter controls or MFA at login, it extends trust verification throughout the session lifecycle. For enterprise security teams, this reduces exposure to credential-based lateral movement and post-exploitation persistence techniques commonly used by advanced threat actors. Security teams are encouraged to review audit logs within the Google Admin console to baseline normal DBSC binding behavior and flag any deviations that may indicate active session hijacking attempts. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks Oracle Critical Security Update – Patch for 35 New Vulnerabilities Across Products How Top CISOs Increase Risk Visibility for Zero Critical Incidents  Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination MiniUpdate RAT Uses Azure-Hosted C2 Domains for Targeted Espionage Campaigns Latest News Cyber Security Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild Technology Post-quantum cryptography is not the future. It is your current reality.   Cyber Security News Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges Cyber Security News JINX-0164 Threat Actor Using LinkedIn Social Engineering to Deploy Custom macOS Malware Cyber Security News Attackers Abuse Trusted Developer Tooling to Exfiltrate Source Code and Secrets
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 30, 2026
    Archived
    May 30, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗