Google Chrome Introduces App-Bound Encryption to Combat Infostealer Malware
Google Chrome has unveiled a new security feature called app-bound encryption, designed to enhance cookie protection and defend against information-stealing malware on Windows systems. This update aims to bolster Chrome’s defenses by adding another layer of encryption tied specifically to the identity of the application.
Enhanced Cookie Protection
In a recent blog post, Chrome software engineer Will Harris detailed the new security measures. Currently, Chrome uses the most robust techniques available on each operating system to protect sensitive data such as cookies and passwords. These include Keychain services on macOS, kwallet or gnome-libsecret on Linux, and the Data Protection API (DPAPI) on Windows.
However, while DPAPI effectively protects data at rest from cold boot attacks or unauthorized access by other users, it falls short of malicious tools or scripts that can execute code as the logged-in user. Infostealer malware often exploits this vulnerability to steal sensitive information.
App-Bound Encryption: A New Layer of Security
With the introduction of app-bound encryption in Chrome 127, Chrome enhances DPAPI by tying encryption to the identity of the application. This approach is similar to how the Keychain operates on macOS.
“Chrome can now encrypt data tied to app identity,” Harris explained.
This means that only the intended application can decrypt the data, while other apps attempting to decrypt it will fail. The new system uses a Windows service running under ‘SYSTEM’ privileges to verify an app’s identity when it requests encryption. This service encodes the app’s identity into the encrypted data, making it significantly harder for malicious actors to access.
Broader Implications and Future Enhancements
This new protection mechanism will soon extend to passwords, payment data, and other persistent authentication tokens, providing comprehensive protection for users’ sensitive information. The aim is to increase the difficulty and cost for attackers attempting data theft, making their actions more detectable by security software.
In addition to app-bound encryption, Google has introduced several other security features to protect user data. These include Chrome’s download protection using Safe Browsing, Device Bound Session Credentials, and account-based threat detection to flag the use of stolen cookies.
Ongoing Security Enhancements
Google remains committed to improving security and collaborating with the broader security community. Harris emphasized the importance of ongoing engagement to enhance detection methods and strengthen operating system protections against evolving malware threats.
Recently, Google also rolled out new Chrome warnings for downloading password-protected archives and implemented improved alerts with more detailed information about potentially malicious downloaded files. These updates are part of Google’s continuous effort to safeguard user data and improve overall browser security.
