Google has introduced Device-Bound Session Credentials (DBSC) to combat session hijacking attacks that have evolved from network-based cookie theft to malware-based credential stealing. DBSC uses public-key cryptography to bind sessions to specific devices, creating key pairs stored securely in hardware like TPM on Windows. This makes stolen session tokens useless on other devices, potentially ending session hijacking if adopted by other browser vendors. The technology is currently in beta for Google Workspace users on Chrome for Windows.
Sort: