In an effort to fight infostealer malware, the recent Chrome 127 update now utilizes App-Bound Encryption on Windows. This should prevent infostealer malware from accessing critical user data, specifically browser cookies and saved passwords.
Private data in Chrome is already encrypted. That said, security methods vary by operating system. Chrome uses Apple’s Keychain services on macOS, for example, and it taps into system-provided wallets on Linux. These cybersecurity systems successfully protect most macOS and Linux users from infostealer malware, but Windows’ system, called the Data Protection API (DPAPI), is comparatively vulnerable. It doesn’t prevent malicious applications from executing code at the user level, and as a result, any infostealer malware that manages to dodge Windows Defender may interact with encrypted app data.
Infostealer malware tends to be quite sophisticated. The hackers that distribute such malware are clever, too. We recently reported on an infostealer malware that was slipped into Google Search ads. Humans are easy to fool and operating systems are flawed, so instead of waiting for Microsoft to improve DPAPI, Google is adding App-Bound Encryption on top of the existing security system.
“In Chrome 127 we are introducing a new protection on Windows that improves on the DPAPI by providing Application-Bound (App-Bound) Encryption primitives. Rather than allowing any app running as the logged in user to access this data, Chrome can now encrypt data tied to app identity, similar to how the Keychain operates on macOS.”
Data protected by App-Bound Encryption can only be accessed by an app with the correct decryption key. So, cookies and passwords that are saved by Chrome 127 on Windows can only be accessed by the Chrome browser. This data cannot be accessed by malware or any other software (be it malicious or benign).
Yes, there are circumstances in which App-Bound Encryption may be bypassed. Malware could circumvent this encryption method by elevating itself to system privileges or injecting code into Chrome, for example. But, as Google explains, these actions are almost guaranteed to trigger a response from Windows Defender. Chrome’s App-Bound Encryption method, while not bulletproof, is a massive improvement over standard DPAPI behavior. It’s a protection that should be offered by more Windows apps, especially as infostealer malware grows more common.
These security improvements are available in Chrome 127 on Windows. The Chrome 127 update rolled out in late July, so it should already be installed on your system. You can check your Chrome version from the browser’s “About Google Chrome” submenu.
Source: Google
