Chrome’s cookie encryption appears to be easy to break, but Google says it’s by design

One of the updates to the Google Chrome browser last summer introduced a cookie encryption system designed to protect user data. But in just a few months, both cybersecurity experts and attackers managed to bypass it. But Google considers its task completed.

Image source: Growtika / unsplash.com

The ABE (App-Bound Encryption) data encryption feature debuted in July 2024 with the release of Chrome 127. Encryption is performed using a Windows service with system privileges. The tool is designed to prevent viruses from stealing information stored in the browser: credentials for logging into websites, session cookies, and much more. “Because the App-Bound service runs with system privileges, attackers will need to do more than just coax a user into running a malicious application. Now the malicious application must gain system privileges or inject code into Chrome, which legitimate software should not do,” Google explained at the time.

At the end of September, however, it became known that data-stealing malware Lumma Stealer, StealC and many others were able to bypass this function. Google responded that this was expected and that it was good that changes to the browser forced attackers to change their behavior. “This corresponds to the new behavior we are seeing. We continue to work with OS and antivirus developers to try to more reliably detect these new types of attacks, and we also continue to try to strengthen protection against theft of information from our users,” Google said.

Now cybersecurity expert Alexander Hagenah has developed and published on GitHub a tool called Chrome-App-Bound-Encryption-Decryption, designed to bypass Chrome’s encryption mechanisms – in the description, the author noted that the function developed by Google so far only protects cookies, but in the future, it may be used to protect passwords and payment information. Google also reacted calmly to the appearance of the project. “This code requires administrative rights, indicating that we have successfully elevated the access privileges required to successfully carry out this type of attack,” the company said.

admin

Share
Published by
admin

Recent Posts

Microsoft has closed the Windows 10 beta channel again

Microsoft has closed the Windows 10 beta channel and moved all registered Insider users to…

36 minutes ago

Nintendo and Sony are facing a disastrous holiday season – the consoles are old, there are no major releases

The list of offers from Japanese gaming giants Nintendo and Sony this holiday season is…

46 minutes ago

Smart ring maker Oura aims to conquer the international market

Finnish Oura, the world's largest manufacturer of smart rings, did not see a threat to…

1 hour ago

“He doesn’t know how to make a battery”: the head of CATL promises failure for Elon Musk’s 4680 cells

Introduced in 2020 and developed with the participation of Panasonic specialists, the 4680 battery cells…

2 hours ago