Google Chrome 127 now introduces application-bound encryption on Windows to improve the security of Chrome cookies against infostealer malware.
Chrome currently protects data like cookies and passwords using the strongest techniques provided by the OS.
However, Chrome on Windows uses the Data Protection API (DPAPI), which doesn't protect against malicious applications that execute code as logged in user.
To deal with this issue, Chrome has introduced App-Bound Encryption on Windows.
The new technique encrypts data tied to the app's identity, improving security against attacks from infostealers that try to access sensitive data.
The App-Bound Encryption service encodes app identity into encrypted data while encrypting, which is verified during decryption by the App-Bound service.
App-Bound Encryption increases the cost of data theft to attackers and makes their actions noisier on the system.
As Chrome's malware landscape continually evolves, it aims to continue engaging with others in the security community to improve detections, along with strengthening operating system protections.
The Stable channel has been updated to 127.0.6533.88/89 for Windows and Mac and 127.0.6533.88 for Linux.
The update includes three security fixes. As usual, bug details and links may be restricted until a majority of users receive the fix.