Jump to content
  • Google Chrome on Windows will get a new layer of protection for cookies and passwords


    Karlston

    • 177 views
    • 2 minutes
     Share


    • 177 views
    • 2 minutes

    Infostealers, a type of malware, are one of the most popular tools used by cybercriminals to steal data from users. These are often distributed through cracked or pirated software, and the stolen data is typically sold on underground forums and markets. This stolen information can be used for extortion or to facilitate further intrusions into systems.

     

    In the past, the Google Chrome team has introduced several measures to prevent cookie theft done by infostealer malware, including Chrome’s download protection using Safe Browsing, Device Bound Session Credentials, and Google’s account-based threat detection. Now, the team has announced an additional layer of protection to make Chrome on Windows users safer from cookie-stealing malware.

     

    Google Chrome uses Keychain services on macOS, kwallet or gnome-libsecret on Linux and Data Protection API (DPAPI) on Windows to store sensitive data such as cookies and passwords. While DPAPI on Windows protects this sensitive data at rest from other users on the system or cold boot attacks, it does not protect against malicious apps capable of executing code as the logged-in user. This loophole can be exploited by infostealer malware to steal data.

     

    Starting with Chrome 127, Google is adding another layer of protection by providing Application-Bound (App-Bound) Encryption primitives. Instead of allowing any app running as the logged-in user to access the sensitive data, Chrome will now encrypt data tied to app identity. Initially, only cookies will be migrated to this improved storage method, with plans to expand it to passwords, payment data, and other persistent authentication tokens in the future.

     

    Will Harris, Chrome Security Team, emphasized that App-Bound Encryption increases the difficulty for cybercriminals:

     

    App-Bound Encryption increases the cost of data theft to attackers and also makes their actions far noisier on the system. It helps defenders draw a clear line in the sand for what is acceptable behavior for other apps on the system.

    This security improvement marks a significant step towards a more secure browsing experience for millions of Chrome users worldwide.

     

    Source: Google

     

    Source

     

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every single day for many years.

    2023: Over 5,800 news posts | 2024 (till end of July): 3,313 news posts


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...