A researcher has developed a tool that bypasses Google’s new App-Bound encryption cookie-theft defences and extracts saved passwords from the Chrome browser.
Alexander Hagenah, a cybersecurity researcher, published the tool, ‘Chrome-App-Bound-Encryption-Decryption,’ after noticing that others had previously identified equivalent bypasses.
Although the tool delivers what several infostealer operations have already done with their malware, its public availability increases the risk for Chrome users who continue to store sensitive information in their browsers.
Google launched Application-Bound (App-Bound) encryption in July (Chrome 127) as a new security feature that encrypts cookies using a Windows process with SYSTEM rights.
The goal was to safeguard sensitive data against infostealer malware, which operates with the logged user’s access, making it impossible to decrypt stolen cookies without first achieving SYSTEM privileges an
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: