Device Bound Session Credentials (DBSC) are now available in Chrome 145 on Windows to help protect users from cookie theft.

Chrome's platform is a leading web browser developed by Google, offering insights into web standards, browser features, and web development tools. Through documentation, developer tools, and webinars, Chrome provides insights into building modern web applications and optimizing performance. Developers can learn about web APIs, progressive web apps (PWAs), and Chrome DevTools to create fast, secure, and user-friendly web experiences.

Chrome Developers

Device Bound Session Credentials (DBSC) are now available in Chrome 145 on Windows. DBSC protects users from cookie theft by cryptographically binding authentication sessions to a device using a public/private key pair stored in the Trusted Platform Module (TPM). Websites can integrate DBSC by implementing two endpoints: a registration endpoint that stores the public key and a refresh endpoint that challenges the browser to prove possession of the private key. If the challenge fails, stolen cookies from other devices can be rejected. Integration requires no changes to existing authentication flows beyond these two endpoints.

Device Bound Session Credentials now available on Windows