Google Introduces App-Bound Encryption in Chrome to Boost Security

01 Aug 2024

In a significant stride towards bolstering browser security, Google has introduced app-bound encryption for its Chrome browser, aimed specifically at thwarting information-stealing malware on Windows platforms. This innovative approach seeks to safeguard cookies from malicious applications that exploit vulnerabilities within the system.

Will Harris from the Chrome security team elaborated on the technical underpinnings of this enhancement, stating, “On Windows, Chrome utilizes the Data Protection API (DPAPI) to shield data at rest from unauthorized users and cold boot attacks. However, this method falls short against malicious applications that can execute code as the logged-in user, which is a common tactic employed by info-stealers.”

Advancements in App-Bound Encryption

App-bound encryption marks a notable advancement over the traditional DPAPI. By integrating the identity of the application—Chrome, in this instance—into the encrypted data, it effectively restricts access from other applications attempting to decrypt it. This added layer of security ensures that only the designated application can interact with its encrypted data.

Harris further explained the implications of this new service: “With the app-bound service operating under system privileges, attackers face a higher barrier. They must not only trick a user into executing a malicious application but also gain system privileges or inject code into Chrome, a feat that legitimate software should never undertake.”

It is important to note that this encryption method is tailored for environments where Chrome profiles do not migrate across multiple machines. Organizations that utilize roaming profiles are advised to adhere to best practices and implement the ApplicationBoundEncryptionEnabled policy to ensure optimal security.

This enhancement was rolled out with the release of Chrome 127 last week, focusing initially on cookies. However, Google has expressed intentions to extend this protective measure to encompass passwords, payment information, and other persistent authentication tokens in the future.

Broader Security Initiatives

Earlier this year, Google had introduced a technique leveraging a Windows event log known as DPAPIDefInformationEvent, designed to reliably monitor access to browser cookies and credentials by other applications. Notably, Chrome employs Keychain services on Apple macOS and system-provided wallets like kwallet or gnome-libsecret on Linux to secure passwords and cookies.

This latest development is part of a broader initiative to enhance Chrome’s security features, which have recently included improved Safe Browsing protocols, Device Bound Session Credentials (DBSC), and automated scans for potentially harmful downloads. Harris remarked, “App-bound encryption raises the stakes for data theft, making the actions of attackers more conspicuous on the system. It establishes a clear boundary for acceptable behavior among applications.”

In a related context, Google’s decision to retain third-party cookies in Chrome has sparked discussions within the World Wide Web Consortium (W3C). The consortium has reiterated concerns regarding the implications of tracking and data collection, particularly in the realm of micro-targeting political messages, which could adversely affect societal dynamics. This reversal may also hinder progress towards developing effective alternatives to third-party cookies across different browsers.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Top charts for Desktop Windows

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
5790252
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1047427
downloads
Minecraft

Minecraft

Latest update Minecraft download for free for Windows PC or Android mobile

5
750 reviews
442511
downloads
Geometry Dash

Geometry Dash

Latest update Geometry Dash download for free for Windows PC or Android mobile

4
539 reviews
377006
downloads

News and reviews for Desktop Windows

EDR Solutions Herald New Era in Cybersecurity Strategies

As AI advances, EDR solutions emerge as essential for comprehensive cybersecurity, addressing vulnerabilities traditional antivirus software misses.

Read more

Windows 11 Enhances Gaming with Handheld Mode

Microsoft unveils handheld mode, revamping Windows 11 for seamless gaming experiences on portable devices. This mode comes first to Xbox Ally, promising improved gaming performance and battery life on handhelds.

Read more

Zexion Offers a Breezy Metroid-Like Experience

Zexion, a twin-stick Metroid-like game, blends retro charm with modern gameplay for a rewarding experience. Its short, engaging structure, dynamic route exploration, and flexible assist features set it apart, creating a less solitary world with ample replayability.

Read more

Wo Long Game Price Drops Amid New Updates and Praise

Wo Long: Fallen Dynasty sets a new low price for its Complete Edition, featuring intense combat and unique storytelling. Developed by Team Ninja, the game draws parallels to Sekiro and Dynasty Warriors, offering updates and expansions.

Read more

Bloodlines 2 Enhances Base Game with Clans Amid Player Input

Bloodlines 2 to include Toreador and Lasombra clans from launch, after fan feedback. Paradox, White Wolf, and The Chinese Room confirmed the change, expanding the base game without extra cost. Two new Story Packs will follow as part of the Premium Edition Expansion Pass in 2026.

Read more

NVIDIA GPUs to Support New AMD FSR Technology by 2025

AMD's new FSR version, Redstone, offers broad GPU compatibility, including NVIDIA's. This could reshape the competitive landscape by 2025.

Read more

Free Games Abound on Epic Games Store and Steam This Week

PC gamers can claim four free games on Epic and Steam. Epic offers Ghostrunner 2 and more until Sept 18, swapping to Project Winter thereafter. Steam features Puzzle Chambers, free until Sept 19. Epic updates weekly, while Steam varies.

Read more

DRG Survivor 1.0 Update Enhances Gear and Missions

DRG Survivor 1.0 introduces a Diablo-style gear system, expanded missions, and rebalanced hazard levels, enhancing the dwarf roguelike for players.

Read more

Exploring the Role of Twisted Bud in Game Endings

Discover the strategic use of Twisted Bud in Hollow Knight Silksong, guiding players to different game endings based on its application and associated challenges.

Read more

Twilight Imperium Expands from Board to Digital Gaming

The iconic board game, Twilight Imperium, transitions to PC gaming, promising to maintain its elaborate strategy without setup hassle. While fans eagerly await, no release date is set.

Read more