DBSC ties browser cookies to the device's TPM (Windows) or Secure Enclave (Mac), preventing stolen cookies from working on another machine?

DBSC ties browser cookies to the device's TPM (Windows) or Secure Enclave (Mac), preventing stolen cookies from working on another machine.

The feature is enabled by default for all Google accounts (personal and Workspace) starting with Chrome 146 on Windows and 148 on Mac?

The feature is enabled by default for all Google accounts (personal and Workspace) starting with Chrome 146 on Windows and 148 on Mac.

Google developed DBSC since 2024; it now protects against session hijacking that bypasses multi-factor authentication.

Enterprise & Industry

ZDNet AI June 01, 2026

⚡Google's new default security ties login cookies to your device's hardware chip.

Deep Dive

Key Points

DBSC ties browser cookies to the device's TPM (Windows) or Secure Enclave (Mac), preventing stolen cookies from working on another machine.
The feature is enabled by default for all Google accounts (personal and Workspace) starting with Chrome 146 on Windows and 148 on Mac.
Google developed DBSC since 2024; it now protects against session hijacking that bypasses multi-factor authentication.

Makes cookie theft nearly useless for attackers, even if malware is present, by hardware-binding sessions.