Chrome 135 Introduces Device-Bound Session Credentials for Enhanced Web Security

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Chrome 135 Introduces Device-Bound Session Credentials for Enhanced Web Security

2025-05-02

Chrome 135 introduces Device-Bound Session Credentials (DBSC), a new feature designed to bolster web application security. DBSC protects user sessions from cookie theft and hijacking by generating a key pair bound to the device. Even if cookies are stolen, attackers can't access accounts from other devices. Leveraging hardware-backed storage like TPM and regularly refreshing short-lived cookies, DBSC significantly enhances security without impacting user experience. Developers can integrate and test this feature via HTTP headers.

(developer.chrome.com)

Tech Device Binding

Quebec Halts Subsidies for Troubled EV Maker Lion Electric

W3C Calls for Immediate Deprecation of Third-Party Cookies