Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. DBSC works by cryptographically linking user sessions to the hardware, such as their computer's security chip (e.g., the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS). Google added that it will be enabled by default for all Google Workspace customers upon rollout and that administrators cannot disable it. At the time, Google advised customers to remove malware from their devices and recommended enabling Chrome's Enhanced Safe Browsing security mode to defend against phishing and malware attacks. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold. This guide covers the 6 surfaces you actually need to validate. Google fixes fourth Chrome zero-day exploited in attacks in 2026 Google now offers up to $1.5 million for some Android exploits ChatGPT share links abused to host fake outage pages to deliver malware US charges Google security engineer with Polymarket insider trading