Sheejith's Personal Site

Chrome adopts app-bound encryption to stymie cookie-stealing malware

Windows users now get macOS-grade secret security.

Google says it's enhancing the security of sensitive data managed by Chrome for Windows users to fight the scourge of infostealer malware targeting cookies.

When a cyber baddie gets a hold of a user's session cookies, they can use them to hijack those sessions, log into accounts they don't own, and then do anything the legitimate user could do, perhaps even selling the account on black markets.

Ideally, these cookies expire after a short period of time, in theory limiting the window in which they can be used for account hijacks. That's not always the case, though. Okta's incident last year involving the theft of HAR files, which often contain session cookies, illustrated how serious these attacks can be.

Starting in Chrome 127, the stable version of which was released last week, the browser now uses app-bound encryption primitives that encrypt data in a way that links it to a specific app.

Posted on: 8/2/2024 2:45:14 AM


Talkbacks

You must be logged in to enter talkback comments.