Yesterday, in a blog post on Google’s security blog, Willian Harris from Chrome’s Security Team said that Google is improving the security of Chrome cookies on Windows PCs by adopting a similar method used in macOS to help protect users from info-stealing malware.
The security update addresses session cookies that authenticate your identity when you switch apps without logging back in. Google wants to adopt the security system used by Keychain on macOS and start using “a new protection on Windows,” which updates Data Protection API (DPAPI) and brings a new security tool called “application-bound” encryption.
With this new wall of security in Chrome, Google asserts that it’ll encrypt information related to app identity.
The new protection will be available in Chrome 127, but Google has plans to expand the App-Bound Encryption to payment data, passwords, and other persistent authentication tokens. Google explained how it works by saying that “App-Bound Encryption relies on a privileged service to verify the identity of the requesting application. During encryption, the App-Bound Encryption service encodes the app’s identity into the encrypted data and then verifies this is valid when decryption is attempted. If another app on the system tries to decrypt the same data, it will fail.”
Google’s new security approach will make it easier for antivirus programs such as Bitdefender and Malwarebytes to detect.
This news once again creates a curious wrinkle in the story, with Macs and Linux systems being the only ones not affected by the IT outage caused by a faulty update from CrowdStrike that affected industries such as retail, banks, and especially airlines, as George Kurtz, CrowdStrike VP, mentioned in a post on X (formerly Twitter).
Microsoft is even considering making an important Mac-like change to the way Windows security works following the incident.
Chrome users can stay safe by updating their browsers as soon as possible since the Chrome 127 update is now available. This again reminds us of the importance of always keeping our apps and browsers running on the latest version.
