Managed IT Services Provider Explains This Update

Google has acknowledged that cyber attackers using cookie theft malware is a risk to their users’ online safety and security. Hence, they introduced a new security feature in Chrome. This new detail was released along with Chrome 127 in late July this year. It was created to strengthen protection versus malware that targets cookies on Windows systems. Known as app-bound encryption, this new update from Chrome adds a crucial layer of defense. Managed IT services provider explains that it does so by safeguarding cookies from information-stealing malware. 

Managed IT Services Provider Share News Google Chrome’s App-Bound Encryption is Here

Managed IT Services Provider Share News Google Chrome’s App-Bound Encryption is Here

What is wrong with the old Chrome? 

Chrome security team member, Will Harris, explains that Chrome, on Windows, has traditionally relied on the Data Protection API (DPAPI) to secure data at rest from unauthorized access and cold boot attacks. But this falls short against malicious applications that run as the logged in user. Thereby enabling these apps to exploit vulnerabilities. 

How does App-bound Encryption Work? 

Managed IT services provider explains that app-bound encryption makes DPAPI better by tying the encryption key specifically to the application. In this case, Chrome. This means that only Chrome can decrypt its own data. If another application attempts to access the encrypted data, it will be unable to decrypt it due to the app-bound encryption. Furthermore, Harris emphasized that for malware to bypass this protection, it would need to gain system privileges or inject code directly into Chrome. Unfortunately for the hacker, both of these options are far more challenging than exploiting DPAPI vulnerabilities. 

Limitation

May Need Help from Managed IT Services Provider

Managed IT services provider however says that app-bound encryption will not function properly if Chrome profiles are shared across multiple units. As such, organizations with such setups should adhere to best practices. They need to configure the ApplicationBoundEncryptionEnabled policy to ensure compatibility. 

App-bound Encryption and Beyond 

Following its release, app-bound encryption will initially apply solely to cookies. However, later on, Google plans to extend this protection to other sensitive data types. This includes data such as passwords, payment information, and persistent authentication tokens in future updates. 

Additionally, on top of the app-bound encryption, Google has also added several other security enhancements in Chrome recently. These include improved Safe Browsing capabilities, Device Bound Session Credentials (DBSC), and automated scans for potentially malicious files.  

Ask for Assistance from a Managed IT Services Provider 

These updates, although critical, are not an easy concept to grasp for non-tech individuals. Despite this it is important that your system is updated with the latest versions of your software to decrease vulnerabilities. Here at EBSolution, we are here to help you get things done and in line with the newest safety features for your system. No need to worry about understanding the specifics, we will do that for you. Talk to us today and get us on board for your IT and cybersecurity solutions. 

Call now!

Watch Our Latest Tech Videos From EB Solution

Call Now