Adrian Johnson
TLDR:
Google has revealed a new security boost for 1 billion Windows users by introducing “application-bound” encryption to protect cookies on Chrome, making it more like how Macs operate. The update will make it harder for cybercriminals to steal session cookies and make attacks more likely to be detected.
Article Summary:
Google has announced a new security update for Chrome on Windows that will better protect 1 billion users by introducing application-bound encryption to protect cookies. This move aims to make Chrome’s security more similar to macOS and strengthen defenses against infostealer malware.
Will Harris from Chrome’s Security Team stated that this update will help safeguard users from cookie theft infostealer malware, which has been a risk to user safety and security. This new protection on Windows will encrypt data tied to app identity, similar to how Keychain operates on macOS, starting with Chrome 127.
Session cookie theft has been a real issue for Chrome, with other initiatives in place to bind cookies to device IDs. However, malware on an infected device can still make use of stolen cookies. This update means that if another app on the system tries to decrypt the data, it will fail, making attacks harder to execute and more likely to be detected.
Overall, this update is a significant step towards enhancing security for Chrome users on Windows, bringing it closer to the level of security offered by Macs. Google’s efforts to protect users from infostealer malware are commendable, and the introduction of application-bound encryption is a promising development in the fight against cyber threats.
