Google Chrome Enhances Security with App-Bound Encryption in Version 127

Apps & Games / Google Chrome / Desktop / Windows / News Google Chrome for Desktop Windows / Google Chrome Enhances Security with App-Bound Encryption in Version 127
01 Aug 2024

Google Chrome has taken a significant step forward in enhancing cookie protection on Windows systems by introducing app-bound encryption, a feature designed to bolster defenses against information-stealing malware attacks. In a recent blog post, Chrome software engineer Will Harris elaborated on the advancements made in Chrome’s security protocols.

Enhanced Security Measures

Currently, Chrome leverages the most robust techniques available on various operating systems to protect sensitive data, including cookies and passwords. For instance, macOS utilizes Keychain services, while Linux employs kwallet or gnome-libsecret. On Windows, the Data Protection API (DPAPI) serves as the primary safeguard. However, Harris pointed out a critical limitation of DPAPI: while it effectively protects data at rest from cold boot attacks and unauthorized users, it does not defend against malicious tools or scripts that execute code as the logged-in user—an avenue frequently exploited by infostealer malware.

In response to this vulnerability, Harris announced the introduction of Application-Bound (App-Bound) Encryption in Chrome 127 for Windows. This new protection mechanism enhances the capabilities of DPAPI by tying encrypted data to the identity of the application requesting it. This approach mirrors the functionality of Keychain on macOS, ensuring that only the intended application can access the encrypted data.

Chrome’s App-Bound Encryption operates through a new Windows service running under ‘SYSTEM’ privileges, which verifies an application’s identity when it seeks encryption. By encoding the app’s identity into the encrypted data, the system effectively prevents unauthorized applications from decrypting it. As a result, any attempt by other apps to access this data will fail, thereby increasing the difficulty for attackers who would need to gain system privileges or inject code into Chrome—actions that are typically outside the realm of legitimate behavior and easier for antivirus software to detect.

This enhanced protection will extend beyond cookies to include passwords, payment data, and other persistent authentication tokens, further fortifying user defenses against infostealer malware. This initiative complements other recent security measures introduced by Google, such as Chrome’s download protection utilizing Safe Browsing, Device Bound Session Credentials, and account-based threat detection aimed at identifying the use of stolen cookies.

Harris emphasized the broader implications of App-Bound Encryption, stating that it raises the cost of data theft for attackers while simultaneously making their activities more conspicuous on the system. “It helps defenders draw a clear line in the sand for what is acceptable behavior for other apps on the system,” he noted.

As the landscape of malware continues to evolve, Google remains committed to collaborating with the security community to enhance detection capabilities and strengthen operating system protections, including the development of more robust app isolation primitives to address potential bypasses.

In addition to these advancements, Google recently rolled out new warnings in Chrome for downloading password-protected archives and improved alerts that provide users with more detailed information about potentially malicious downloaded files.

How to sign in google account on chrome?

To sign in to your Google account on Chrome, follow these steps: 1. Open Chrome and click on the three vertical dots at the top-right corner. 2. Select 'Settings'. 3. Click on 'Sign in to Chrome' at the top of the page. 4. Enter your Google account email and click 'Next'. 5. Enter your password and click 'Next' again. 6. Follow any additional prompts, such as two-factor authentication, to complete the sign-in process. You will now be signed in to your Google account on Chrome.

How to block pop-ups on google chrome?

To block pop-ups on Google Chrome, follow these steps: 1. Open Chrome and click on the three vertical dots at the top-right corner. 2. Select 'Settings'. 3. Scroll down and click on 'Privacy and security' in the left-hand menu. 4. Click on 'Site Settings'. 5. Under 'Content', click on 'Pop-ups and redirects'. 6. Toggle the switch to 'Blocked (recommended)'. This will block most pop-ups from appearing. For specific websites, you can add exceptions by clicking 'Add' next to 'Allow'.
Update: 01 Aug 2024
Google Chrome

Google Chrome download for free to PC or mobile

3
713 reviews
3024 downloads

News and reviews about Google Chrome

Loading...