Google Chrome To Block Infostealers With App-Bound Encryption

Google Chrome has now announced a bold security step to prevent infostealing malware attacks. As announced, Google Chrome will now feature app-bound encryption for Windows users to protect against infostealers.

Google Launches App-Bound Encryption In Chrome Browser

In a recent post, Will Harris of the Chrome Security Team explained Google’s latest move to combat infostealers.

Info-stealing malware has long been a problem for web browsers. The malicious codes exploit the browsers to steal stored credentials, session cookies, and other data. However, Google has finally found a way to deal with them better via its Chrome browser.

As explained, Chrome will now feature app-bound encryption to protect users against cookie theft by infostealers. This feature would work in tandem with Windows’ Data Protection API (DPAPI), which protects OS users’ data at rest from cold boot attacks or other users. Despite its robustness, DPAPI cannot protect users against malicious apps and code execution attempts in the context of a logged-in user – something that infostealers facilitate.

Thus, Google bridges this gap with Application-Bound (App-Bound) Encryption – a feature that prevents apps from running maliciously as a logged-in user. For this, Chrome encrypts the app’s identity data, only to decrypt it after verifying the decryption attempt. As stated in the post,

App-Bound Encryption relies on a privileged service to verify the identity of the requesting application. During encryption, the App-Bound Encryption service encodes the app’s identity into the encrypted data, and then verifies this is valid when decryption is attempted. If another app on the system tries to decrypt the same data, it will fail.

Since Google integrates this process with SYSTEM privileges, malware would need SYSTEM privileges to bypass this security measure, which won’t be easy with Windows’ antimalware program. Such a malware intrusion would also generate detectable hardware signs to alert the user of an infection.

App-Bound Encryption increases the cost of data theft to attackers and also makes their actions far noisier on the system.

Google plans to roll out this new feature with Chrome 127. Initially, it would only protect cookies, but in the future, it will also protect passwords, payment information, and authentication tokens. Since most of this information is what infostealers aim at, app-bound encryption will likely significantly reduce infostealer attacks.

Let us know your thoughts in the comments.