The cookie encryption system that Google introduced to the Chrome browser a few months ago can easily be bypassed, experts have warned.
In fact, a security researcher has recently published a new tool that does just that.
In July 2024, Google released Chrome 127, a new version of the Chrome browser that came with Application-Bound (App-Bound) encryption. The new feature was supposed to serve as a protection mechanism, encrypting cookies using a Windows service running with SYSTEM privileges. The tool was supposed to prevent infostealing malware from grabbing sensitive information stored in the browser, such as login credentials, session cookies, and more.
Higher privileges needded
“Because the App-Bound service is running with system privileges, attackers need to do more than just coax a user into running a malicious app,” Google said at the time. “Now, the malware has to gain system privileges, or inject code into Chrome, something that legitimate software shouldn’t be doing.”
But the success of the new feature was short-lived. In late September, we reported that multiple infostealers were already able to work around the feature, including Lumma Stealer, StealC, and many others.
Google responded by saying that it was expected, and added that it was happy the changed forced a shift in attacker behavior.
“This matches the new behavior we have seen. We continue to work with OS and AV vendors to try and more reliably detect these new types of attacks, as well as continuing to iterate on hardening defenses to improve protection against infostealers for our users.”
Now, security researcher Alexander Hagenah built and shared a tool on GitHub he called…
Read full post on Tech Radar