Infostealers, a type of malware, are one of the most popular tools used by cybercriminals to steal data from users. These are often distributed through cracked or pirated software, and the stolen data is typically sold on underground forums and markets. This stolen information can be used for extortion or to facilitate further intrusions into systems.
In the past, the Google Chrome team has introduced several measures to prevent cookie theft done by infostealer malware, including Chrome’s download protection using Safe Browsing, Device Bound Session Credentials, and Google’s account-based threat detection. Now, the team has announced an additional layer of protection to make Chrome on Windows users safer from cookie-stealing malware.
Google Chrome uses Keychain services on macOS, kwallet or gnome-libsecret on Linux and Data Protection API (DPAPI) on Windows to store sensitive data such as cookies and passwords. While DPAPI on Windows protects this sensitive data at rest from other users on the system or cold boot attacks, it does not protect against malicious apps capable of executing code as the logged-in user. This loophole can be exploited by infostealer malware to steal data.
Starting with Chrome 127, Google is adding another layer of protection by providing Application-Bound (App-Bound) Encryption primitives. Instead of allowing any app running as the logged-in user to access the sensitive data, Chrome will now encrypt data tied to app identity. Initially, only cookies will be migrated to this improved storage method, with plans to expand it to passwords, payment data, and other persistent authentication tokens in the future.
Will Harris, Chrome Security Team, emphasized that App-Bound Encryption increases the difficulty for cybercriminals:
App-Bound Encryption increases the cost of data theft to attackers and also makes their actions far noisier on the system. It helps defenders draw a clear line in the sand for what is acceptable behavior for other apps on the system.
This security improvement marks a significant step towards a more secure browsing experience for millions of Chrome users worldwide.
Source: Google