Google is strengthening Chrome cookie security on Windows PCs by introducing a novel security system similar to macOS’s Keychain. This new protection, dubbed ‘App-Bound’ Encryption, is designed to defend users against information-stealing malware. The update directly addresses session cookies, which automatically authenticate your identity when switching apps without requiring a re-login. Google aims to leverage the robust security framework used by Keychain on macOS and implement a new security tool called ‘application-bound’ encryption on Windows. This new security measure, which will be introduced in Chrome 127, will encrypt information related to app identity.
Google plans to extend the App-Bound Encryption to protect sensitive data like payment information, passwords, and other persistent authentication tokens in the future. Google explains the mechanism behind this enhanced security by stating that ‘App-Bound Encryption relies on a privileged service to verify the identity of the requesting application. During encryption, the App-Bound Encryption service encodes the app’s identity into the encrypted data and then verifies this is valid when decryption is attempted. If another app on the system tries to decrypt the same data, it will fail.’
Google’s new security approach will make it easier for antivirus programs such as Bitdefender and Malwarebytes to detect and block malicious activities. This announcement comes at a time when the vulnerability of Windows systems has been highlighted by a recent IT outage triggered by a faulty update from CrowdStrike. This outage affected various industries, including retail, banking, and particularly airlines, as confirmed by George Kurtz, CrowdStrike VP, in a post on X (formerly Twitter). Following this incident, Microsoft is contemplating a significant Mac-like change to Windows security.
To ensure maximum safety, Chrome users are strongly advised to update their browsers to Chrome 127 as soon as possible. This event underscores the crucial importance of consistently keeping our apps and browsers running on the latest versions to stay protected against potential vulnerabilities and threats.
