Lance Whitney/ZDNETFollow ZDNET: Add us as a preferred source on Google.ZDNET's key takeawaysHackers can steal your browser cookies to impersonate you.A security feature in Chrome aims to prevent such attacks.The feature ties your cookies to your device's own security chip.Browser cookies store your login sessions and website preferences so that you can use your favorite sites more easily and seamlessly. But cookies can also be turned against you by savvy hackers who hijack them and use them to impersonate you on their own devices. A new security feature now rolling out in Chrome aims to prevent this type of threat.Also: Half of all cyberattacks start in your browser: 10 essential tips for staying safeAs described in a new blog post from Google, the anti-theft feature Device Bound Session Credentials (DBSC) is now available in Chrome for Windows. Enabled by default for all Google Workspace and personal Google accounts, this one is geared for both consumer and enterprise Chrome users.How does this work?How this security feature works on your PC and MacIn a typical cookie-hijacking attack, a hacker uses certain malware to remotely steal your browser cookies. By extracting the passwords and other sensitive data from those cookies, they can sign in to your associated accounts on their own devices. And they can do this without having to grapple with any multi-factor authentication codes that would otherwise try to verify your identity.With DBSC activated, your browser sessions and cookies are tied to your computer's built-in security chip. On most Windows PCs, this is the Trusted Platform Module (TPM). On a Mac, this is the Secure Enclave. Even if a hacker steals your browser cookies, they can't use them on their own devices since those cookies are still linked to your own computer and can't be applied elsewhere."DBSC strengthens account security after users are logged in and helps bind a session cookie -- small files used by websites to remember user information -- to the device a user authenticated from," Google explained in its blog post. "Even if malware was present on the user's device, DBSC reduces the risk of session theft and makes it meaningfully more difficult for malicious actors to exploit stolen session cookies."Also: The best secure browsers for privacy: Expert testedGoogle first began developing DBSC in 2024 to protect Chrome users from cookie-hijacking attacks at home and in the workplace. In 2025, the company rolled out DBSC as an open beta for Google Workspace customers. Previously, IT admins had to activate this protection for Chrome users at their organizations. But now, the feature is automatically enabled, not just for enterprise customers but for those with personal Google accounts.Since the feature is automatically turned on, there's no switch or setting you need to control. Just make sure you're running Chrome version 146 or later in Windows and version 148 or later on a Mac. To update the browser in either OS, click the three-dot icon at the upper right, move to Help, and select About Google Chrome. The latest version will be downloaded automatically. Just restart the browser for it to take effect. Editorial standards