Google has announced the introduction of a new protection technology in the Chrome browser that will prevent the theft of cookies by malicious software on Windows systems.
The new function of binding encryption to applications increases the level of protection of cookies and makes it more difficult for attackers who want to steal data. It also reduces the possibility of unauthorized access to protected data and increases the security of Chrome users.
The new function of binding encryption to applications (App-bound encryption) integrates the identity of the application (in this case Chrome) into the encrypted data, which prevents access to it by other applications when trying to decrypt it. This makes the malware not only run malicious apps, but also gain system privileges or inject code into Chrome, which is a much more difficult task. This feature only applies to cookies for now, but it is planned to be extended to passwords, payment details and other authentication tokens in the future.
Previously, Chrome used the Data Protection API (DPAPI) to protect data at rest from other system users and cold boot attacks. However, DPAPI does not protect against malicious applications that can execute code on behalf of a registered user, allowing information thieves to gain access to cookies.
Google also announced that it has no plans to drop support for third-party cookies in Chrome, which drew criticism from the World Wide Web Consortium (W3C), which emphasized the need to drop such cookies to ensure user privacy.