Researcher Unveils Tool to Circumvent Chrome’s New Cookie Protection

A cybersecurity researcher has released a tool named "Chrome-App-Bound-Encryption-Decryption" that bypasses Google Chrome's App-Bound encryption, allowing extraction of saved credentials from the browser. Although Chrome’s App-Bound encryption, introduced in July, was meant to protect cookies and sensitive information by using a Windows service with SYSTEM privileges, attackers have found ways to bypass it. The public availability of this bypass tool raises the risk for Chrome users who store sensitive data in the browser. To use the tool, an attacker requires admin privileges, but this is often easily achieved as many users operate with these permissions. Researchers say this tool is similar to methods already used by info-stealing malware, which has increasingly targeted Chrome users by exploiting zero-day vulnerabilities and phishing schemes. Google acknowledges this ongoing challenge but continues to work with partners to improve defenses. Read more...