Chrome introduces hardware‑bound cookies to block hijacking attacks

Google Chrome is rolling out a new security feature called Device Bound Session Credentials, which prevents hackers from using stolen browser cookies to impersonate users. The system binds session cookies to the device’s hardware security chip, such as the TPM on Windows or Secure Enclave on macOS, making stolen cookies useless on another machine. The feature is now enabled by default for all Google Workspace and personal accounts, requiring no user action beyond updating Chrome. This upgrade significantly reduces the risk of cookie‑hijacking attacks that bypass multi‑factor authentication.

Read the full story on ZDNET →