Security News > 2024 > July > Chrome adopts app-bound encryption to stymie cookie-stealing malware

Chrome adopts app-bound encryption to stymie cookie-stealing malware
2024-07-31 16:35

Google says it's enhancing the security of sensitive data managed by Chrome for Windows users to fight the scourge of infostealer malware targeting cookies.

Starting in Chrome 127, the stable version of which was released last week, the browser now uses app-bound encryption primitives that encrypt data in a way that links it to a specific app.

Will Harris, senior software engineer on Chrome's security team, said that Google uses the most secure methods afforded to it by each operating system to safeguard Chrome secrets.

"During encryption, the app-bound encryption service encodes the app's identity into the encrypted data, and then verifies this is valid when decryption is attempted. If another app on the system tries to decrypt the same data, it will fail."

The app-bound encryption supplements existing measures such as device-bound session cookies, which were rolled out in April.

App-bound encryption works a little like how the device-bound session cookies do in that the encryption key associated with the Chrome secret is strongly bound to the user's machine, so business users won't be able to benefit from it if they use multiple devices.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/31/chrome_appbound_encryption/