In an effort to combat infostealer malware, Google Chrome’s latest update, Chrome 127, brings new security features to Windows. This update includes App-Bound Encryption, which aims to protect critical user data like browser cookies and saved passwords from being accessed by malware.
Private data in Chrome is already encrypted, but the security methods used vary depending on the operating system. For instance, Chrome uses Apple’s Keychain services on macOS and system-provided wallets on Linux, both of which are effective in protecting against infostealer malware. However, Windows’ Data Protection API (DPAPI) is more vulnerable. It allows malicious applications to execute code at the user level, meaning that if infostealer malware bypasses Windows Defender, it can interact with encrypted app data.
Infostealer malware is highly sophisticated, and hackers are adept at exploiting system vulnerabilities. Recently, there was a case where infostealer malware was hidden in Google Search ads. Given the flaws in operating systems and the ease with which humans can be tricked, Google decided not to wait for Microsoft to improve DPAPI. Instead, they introduced App-Bound Encryption to enhance security.
“In Chrome 127, we are introducing a new protection on Windows that improves on the DPAPI by providing Application-Bound (App-Bound) Encryption primitives. Rather than allowing any app running as the logged-in user to access this data, Chrome can now encrypt data tied to app identity, similar to how the Keychain operates on macOS.”
With App-Bound Encryption, data such as cookies and passwords saved by Chrome 127 on Windows can only be accessed by the Chrome browser. This means that malware or any other software cannot access this data without the correct decryption key.
There are scenarios where App-Bound Encryption might be bypassed, such as malware elevating itself to system privileges or injecting code into Chrome. However, these actions are likely to trigger a response from Windows Defender. While Chrome’s App-Bound Encryption isn’t completely foolproof, it is a significant improvement over the standard DPAPI behavior and should be adopted by more Windows applications, especially as infostealer malware becomes more common.
These security improvements are now available in Chrome 127 on Windows. The update rolled out in late July, so it should already be installed on your system. You can check your Chrome version by going to the browser’s “About Google Chrome” submenu.