Наталя Хандусенко Hot News 11 April 2026, 11:26

Google Chrome launches new tool to protect against data-stealing viruses

Google has introduced a new feature in the Chrome browser that should solve the problem of stealing session cookies for info-stealer attacks.

Leave a comment

Google Chrome launches new tool to protect against data-stealing viruses

Google has introduced a new feature in the Chrome browser that should solve the problem of stealing session cookies for info-stealer attacks.

Chrome 146 for Windows introduces a new security feature called Device Bound Session Credentials (DBSC). It works by cryptographically binding authentication sessions to the physical device used to log in, TechRadar reports .

This is done by using hardware security modules (such as the Trusted Platform Module or TPM in Windows) to generate a unique public and private key pair that cannot be exported outside the computer.

“Issuing new short-term session cookies depends on Chrome being able to prove to the server that it owns the corresponding private key,” Google explained. “Because attackers can’t steal this key, any deleted cookies quickly become invalid and useless to attackers.”

Google notes that the new feature will allow websites to transition to secure sessions by adding special endpoints for server-side registration and updates, while maintaining compatibility with the existing interface.

Chrome will manage its own cryptography and cookie rotation, while the web app will continue to use standard cookies for access as before. The search giant has only released the update for Windows so far, with a macOS version coming in the coming weeks.

According to Google, an early version of this protocol was implemented in 2025. The company noted that sessions protected using DBSC saw a “significant reduction” in data theft.

Since multi-factor authentication has become an industry standard, browser session cookies have become extremely valuable. Because these cookies are generated after authentication has occurred, cybercriminals can effectively bypass this critical verification step and gain access to targeted accounts.

Typically, hackers steal these cookies using “infostealer” malware, tricking their victims into downloading Lumma, Vidar, StealC, AMOS, or any of a number of other virus variants. Such programs are capable of stealing not only session cookies, but also saved passwords, cryptocurrency wallet data, clipboard contents, and more.