Google Chrome Has a New Important Security Feature.
Traditional security methods are excellent tools for protecting your digital life. If you use a unique password for each of your accounts and set up two-factor authentication (2FA) for all of them, hackers will have a hard time accessing your data. However, even 2FA isn’t foolproof: hackers still have tools to bypass your security measures and infiltrate your online space through no fault of your own.
Fortunately, Google is implementing new security measures that should reduce the number of such vulnerabilities. If you’re using the latest version of Chrome, it will now be much more difficult for attackers trying to hack your accounts.
How session cookies put your accounts at risk
As Bleeping Computer reports , Google officially launched the Device Specific Session Credentials (DBSC) feature for Chrome this week. However, to understand DBSC, it’s important to understand how session cookies work. When you sign in to a website in your browser, that website assigns you a unique identifier. This identifier is stored as a small file on your device—a session cookie. The idea is to allow the website to track your actions while you’re using it, including as you browse different webpages.
Session cookies are used for a variety of purposes , including in shopping carts and on multi-page websites, but for the purposes of this explanation, it’s important to know that they’re used to maintain your login session. A website can use a session cookie to “remember” that you’re logged in—similar to giving you a wristband when you enter an event with a ticket. This way, you don’t have to re-login every time you visit the site: you can enter your password and even a two-factor authentication code once and return to the site without repeating the process (at least until the session cookie expires).
Although session cookies are only meant to be stored on the device that created them (and only temporarily), they are a prime target for hackers. If someone steals your session cookies, they can impersonate you on their device—even if the website uses two-factor authentication for added security. Typically, such websites ask for your username, password, and two-factor authentication code before allowing you to log in. But if a hacker steals your session cookie, they can trick the website into thinking they are you on a device where you’ve already authenticated. In other words, they stole your wristband and put it on themselves. The security guard won’t know they stole it; they’ll simply see that they have the wristband and assume their ticket has already been checked.
Google Chrome’s new security feature prevents session cookie theft.
DBSC works by storing your session cookies in a location difficult for hackers to access. Going forward, all session cookies created in Chrome (and other Chromium-based browsers) will be stored in the Trusted Platform Module (TPM) of your PC or in the Secure Enclave (SE) of your Mac. These chips are designed to store sensitive data and protect it with encryption. Only the security chip has the keys to decrypt the information stored there. This means that even if hackers successfully infect your Mac or PC with malware, it will be extremely difficult for them to break into the SE and steal your session cookies.
Google has been beta testing DBSC since April, after first announcing the feature in 2024. It’s now available to virtually all Chrome users, including Workspace and Enterprise users, as well as those with personal accounts. While Google’s initial announcement explicitly stated that the feature was only available in Chrome for Windows, the DBSC help page notes that it’s also available for Mac .
How to ensure DBSC is running in Chrome
Google states that DBSC is enabled by default for all Chrome users in Workspace, and administrators can’t disable it. The company doesn’t specify whether this also applies to personal accounts, although it likely does. I’ve reached out to Google for clarification and will update this article if I hear back.
However, it appears Google has no plans to retroactively add DBSC to all versions of Chrome. According to the DBSC help page, this feature is available in Chrome version 146 and above for Windows, and in Chrome version 148 and above for Mac. To ensure DBSC is available, it’s recommended to install the latest version of Chrome.
To update Chrome, click the three dots in the upper-right corner, then select Help > About Google Chrome . Allow Chrome to search for the latest update, and if one is available, select Relaunch to install it.