Security News > 2024 > August > Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware
![Google Chrome Adds App-Bound Encryption to Protect Cookies from Malware](/static/build/img/news/google-chrome-adds-app-bound-encryption-to-protect-cookies-from-malware-medium.jpg)
Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems.
"On Windows, Chrome uses the Data Protection API which protects the data at rest from other users on the system or cold boot attacks," Will Harris from the Chrome security team said.
App-bound encryption is an improvement over DPAPI in that it interweaves an app's identity into encrypted data to prevent another app on the system from accessing it when decryption is attempted.
"Now, the malware has to gain system privileges, or inject code into Chrome, something that legitimate software shouldn't be doing."
The change, which went live last week with the release of Chrome 127, applies only to cookies, although Google said it intends to expand this protection to passwords, payment data, and other persistent authentication tokens.
The development comes amid a slew of security improvements added to Chrome in recent months, including enhanced Safe Browsing, Device Bound Session Credentials, and automated scans when downloading potentially suspicious and malicious files.
News URL
https://thehackernews.com/2024/08/google-chrome-adds-app-bound-encryption.html
Related news
- Google Chrome adds app-bound encryption to block infostealer malware (source)
- New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (source)
- Fake Google Chrome errors trick you into running malicious PowerShell scripts (source)
- Google Chrome to let Isolated Web App access sensitive USB devices (source)
- Google Chrome now warns about risky password-protected archives (source)
- Google Chrome now asks for passwords to scan protected archives (source)
- Oops. Apple relied on bad code while flaming Google Chrome's Topics ad tech (source)
- Chrome adopts app-bound encryption to stymie cookie-stealing malware (source)
- Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests (source)
- Google cuts ties with Entrust in Chrome over trust issues (source)