Security News > 2024 > July > Google Chrome adds app-bound encryption to block infostealer malware

Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks.

As Chrome software engineer Will Harris explained in a blog post published today, Chrome currently uses the most robust techniques provided by each operating system to safeguard sensitive data such as cookies and passwords: Keychain services on macOS, kwallet or gnome-libsecret on Linux, and the Data Protection API on Windows.

While DPAPI can protect data at rest from cold boot attacks or from other users on Windows systems, it does not protect against malicious tools or scripts designed to execute code as the logged-in user, which is something that infostealer malware exploits.

"Rather than allowing any app running as the logged in user to access this data, Chrome can now encrypt data tied to app identity, similar to how the Keychain operates on macOS.".

Chrome's App-Bound Encryption uses a new Windows service running under 'SYSTEM' privileges to confirm an app's identity when it requests encryption.

Since the service operates with system privileges, attackers would also need to gain system privileges or inject code into an app like Chrome, which is not a typical or legitimate action and makes it easier for antivirus software to detect when malware is used to steal data.

News URL

https://www.bleepingcomputer.com/news/security/google-chrome-adds-app-bound-encryption-to-block-infostealer-malware/