Google Introduces App-Bound Encryption in Chrome to Boost Security

01 Aug 2024

In a significant stride towards bolstering browser security, Google has introduced app-bound encryption for its Chrome browser, aimed specifically at thwarting information-stealing malware on Windows platforms. This innovative approach seeks to safeguard cookies from malicious applications that exploit vulnerabilities within the system.

Will Harris from the Chrome security team elaborated on the technical underpinnings of this enhancement, stating, “On Windows, Chrome utilizes the Data Protection API (DPAPI) to shield data at rest from unauthorized users and cold boot attacks. However, this method falls short against malicious applications that can execute code as the logged-in user, which is a common tactic employed by info-stealers.”

Advancements in App-Bound Encryption

App-bound encryption marks a notable advancement over the traditional DPAPI. By integrating the identity of the application—Chrome, in this instance—into the encrypted data, it effectively restricts access from other applications attempting to decrypt it. This added layer of security ensures that only the designated application can interact with its encrypted data.

Harris further explained the implications of this new service: “With the app-bound service operating under system privileges, attackers face a higher barrier. They must not only trick a user into executing a malicious application but also gain system privileges or inject code into Chrome, a feat that legitimate software should never undertake.”

It is important to note that this encryption method is tailored for environments where Chrome profiles do not migrate across multiple machines. Organizations that utilize roaming profiles are advised to adhere to best practices and implement the ApplicationBoundEncryptionEnabled policy to ensure optimal security.

This enhancement was rolled out with the release of Chrome 127 last week, focusing initially on cookies. However, Google has expressed intentions to extend this protective measure to encompass passwords, payment information, and other persistent authentication tokens in the future.

Broader Security Initiatives

Earlier this year, Google had introduced a technique leveraging a Windows event log known as DPAPIDefInformationEvent, designed to reliably monitor access to browser cookies and credentials by other applications. Notably, Chrome employs Keychain services on Apple macOS and system-provided wallets like kwallet or gnome-libsecret on Linux to secure passwords and cookies.

This latest development is part of a broader initiative to enhance Chrome’s security features, which have recently included improved Safe Browsing protocols, Device Bound Session Credentials (DBSC), and automated scans for potentially harmful downloads. Harris remarked, “App-bound encryption raises the stakes for data theft, making the actions of attackers more conspicuous on the system. It establishes a clear boundary for acceptable behavior among applications.”

In a related context, Google’s decision to retain third-party cookies in Chrome has sparked discussions within the World Wide Web Consortium (W3C). The consortium has reiterated concerns regarding the implications of tracking and data collection, particularly in the realm of micro-targeting political messages, which could adversely affect societal dynamics. This reversal may also hinder progress towards developing effective alternatives to third-party cookies across different browsers.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Top charts for Desktop Windows

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
5616963
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1002173
downloads
Minecraft

Minecraft

Latest update Minecraft download for free for Windows PC or Android mobile

5
750 reviews
439134
downloads
Geometry Dash

Geometry Dash

Latest update Geometry Dash download for free for Windows PC or Android mobile

4
539 reviews
366674
downloads

News and reviews for Desktop Windows

Riftbreaker 2.0 Update Introduces Co-op and Campaign Expansions

Exor Studios revitalizes Riftbreaker with the 2.0 update, introducing four-player co-op, campaign expansions, and significant gameplay rebalancing.

Read more

DORF Readies for Strategic Battle with Unique Infantry Units

DORF emerges as a spiritual successor to Command and Conquer, offering unique infantry units like the Grenadier and Flamer, promising diverse faction gameplay.

Read more

Transport Fever 3 Offers New Strategy for City Builders

Transport Fever 3 balances complex strategy with accessible features, catering to diverse player groups and enhancing city happiness. Launching in 2026.

Read more

Housing Innovations in Throne and Liberty Widen Player Appeal

Amazon Games introduces housing to Throne and Liberty, enhancing player immersion and community integration. This update invites new experiences through customization, offering diverse living spaces and crafting opportunities within the MMORPG.

Read more

Gamescom 2025 Unveils Diverse New Gaming Experiences

Gamescom 2025 presented a variety of new gaming experiences, spanning genres like RPGs, survival fantasy, and tactical shooters. Highlights include Vampire: The Masquerade - Bloodlines 2 and Phantom Blade Zero, alongside innovative titles such as Hell Let Loose: Vietnam and Witchspire.

Read more

September Games Bring Exciting Releases and Updates

September promises a thrilling month for gamers with new releases like Hollow Knight: Silksong, major updates, and seasonal sales events. Dive into the bustling world of gaming this September with highly anticipated titles and immersive experiences.

Read more

Turtle WoW Faces Lawsuit Over Copyright Infringement

Blizzard Entertainment files a lawsuit against Turtle WoW, accusing the fan-operated servers of copyright infringement and fragmenting the player community.

Read more

Bloatware Impact on Windows 11: Understanding Preinstalled Apps

Bloatware on Windows 11 can clutter your PC, affecting performance. Removing unused preinstalled apps can free up space and streamline navigation.

Read more

Tides of Torment Expands Wealth of Total War Warhammer 3

Total War Warhammer 3's Tides of Torment DLC introduces High Elves' makeover and new legendary lord Aislinn. Diverse updates elevate gameplay, ensuring an enriched experience.

Read more

CoffeeTalkTokyo Launches Updated Demo for Multiple Platforms

CoffeeTalkTokyo unveils a fresh demo with new characters and stories. Available on PC, Xbox, and PlayStation, the update expands language options and gameplay features.

Read more