Security News > 2024 > July > Google Chrome adds app-bound encryption to block infostealer malware
![Google Chrome adds app-bound encryption to block infostealer malware](/static/build/img/news/google-chrome-adds-app-bound-encryption-to-block-infostealer-malware-medium.jpg)
Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks.
As Chrome software engineer Will Harris explained in a blog post published today, Chrome currently uses the most robust techniques provided by each operating system to safeguard sensitive data such as cookies and passwords: Keychain services on macOS, kwallet or gnome-libsecret on Linux, and the Data Protection API on Windows.
While DPAPI can protect data at rest from cold boot attacks or from other users on Windows systems, it does not protect against malicious tools or scripts designed to execute code as the logged-in user, which is something that infostealer malware exploits.
"Rather than allowing any app running as the logged in user to access this data, Chrome can now encrypt data tied to app identity, similar to how the Keychain operates on macOS.".
Chrome's App-Bound Encryption uses a new Windows service running under 'SYSTEM' privileges to confirm an app's identity when it requests encryption.
Since the service operates with system privileges, attackers would also need to gain system privileges or inject code into an app like Chrome, which is not a typical or legitimate action and makes it easier for antivirus software to detect when malware is used to steal data.
News URL
Related news
- Google Chrome reduced cookie requests to improve performance (source)
- New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (source)
- Fake Google Chrome errors trick you into running malicious PowerShell scripts (source)
- Google Chrome to let Isolated Web App access sensitive USB devices (source)
- Google Chrome now warns about risky password-protected archives (source)
- Google Chrome now asks for passwords to scan protected archives (source)
- Oops. Apple relied on bad code while flaming Google Chrome's Topics ad tech (source)
- Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests (source)
- Google cuts ties with Entrust in Chrome over trust issues (source)
- Google to Block Entrust Certificates in Chrome Starting November 2024 (source)