cookie encryption in google chrome browser

Last week, Google announced about strengthening the protection of cookies in the Google Chrome browser. The theft of session cookies is actively practiced by malicious software. Often, this allows attackers to relatively easily access web services (corporate or personal) in which the user is logged in, without stealing passwords to them. As a result, browser data becomes one of the main targets of infostealers. The improvement concerns Chrome for Windows. Starting with Chrome version 127, a data encryption system will be implemented, limiting access to them from other applications.

The problem Google is trying to solve is that information protected by the standard Data Protection API (DPAPI) mechanism in Windows is accessible to any other program running with user rights. In addition to this, Chrome 127 implements the concept of encryption tied to a specific application, or Application-Bound Encryption. A separate service will check requests to cookies and decrypt them only if the browser requests them.

A side effect of this innovation is that data is tied to a specific computer: the method will not work if the browser profile is used on several systems alternately. According to Google Chrome developers, the new mechanism will help to eliminate cookie theft by “simple” malware running with user privileges. Scenarios remain possible when malware receives higher privileges in the system or somehow injects itself into the code of the browser itself. At a minimum, the functionality of existing malware may be disrupted. In a corporate environment, where the launch of software with elevated privileges is blocked and/or monitored, the likelihood of a successful attack on corporate services through theft of employee data will be reduced.

In Google Chrome 127, the new mechanism only affects cookies, but in future versions, the system is promised to extend to saved passwords, payment data, and other information. The developers’ publication separately noted that other operating systems use other data protection mechanisms: Keychain services in Mac OS and system tools kwallet or gnome-libsecret in Linux. Presumably, they do not require additional efforts to protect data from the browser developer. Another mechanism for protecting session cookies was implemented in the Chrome browser in April of this year: then binding of sessions to a specific device was implemented.

What else happened:

Another, slightly less positive, news about Google Chrome is related to the gradual abandonment of extensions using the Manifest V2 platform. Google Chrome started to warn users that the popular uBlock Origin ad blocking extension and other “outdated” extensions will soon stop working. At the same time, the new Manifest V3 interface limits the capabilities of extensions, and this affects ad blockers the most.

Last week happened Another outage in the operation of Microsoft Azure cloud services. The cause of the outage was a DDoS attack, and the real reason was the incorrect operation of protection tools against such attacks. The outages in Azure continued for eight hours on July 31.

Researchers at Kaspersky Lab publish Analysis of three modern ransomware programs used to attack corporate infrastructure. One of the ransomware programs targets VMware ESXi hypervisors.

Was widely discussed last week news about an unsuccessful social engineering attack on an employee of the car manufacturer Ferrari. The attacker called the employee, introducing himself as the CEO of the company. The voice and manner of speech were very similar to those of the real head of the organization. The employee was able to prevent the attack by asking the attackers what book they had discussed with the CEO shortly before the call.

It has long been known that Google's advertising network regularly advertises malware. Last week was recorded fraudulent advertising allegedly on behalf of Google itself: in this way, the attackers distributed malware under the guise of the Google Authenticator application.

Bleeping Computer publication with reference to the company Zimperium writes about a large-scale attack on users of smartphones running Android. Malicious software is distributed through fraudulent advertising or spam mailings in messengers, which, in particular, can intercept SMS messages with two-factor authentication codes for further hacking of user accounts in various services.

Interesting publication in Wired magazine raises the topic of software support in cars. Modern cars can rightfully be called “computers on wheels”, their computer systems are becoming increasingly complex. Accordingly, it is becoming more difficult to maintain the relevance and security of software throughout the entire service life of the car. The words of the car manufacturer Rivian are quoted, which promises support for its products for seven years. For example, for smartphones, this is considered a worthy measure of support. The problem is that the service life of cars is much longer: for example, in the US, the average age of cars exceeds 12 years.