Google has introduced an updated Chrome 127 release on Windows that features App-Bound Encryption to enhance the cookie defenses offered by the Data Protection API, reports SecurityWeek.
Applications seeking cookie permissions will have their identities verified by App-Bound Encryption through a privileged service and would fail if similar data encoded into the encrypted data is decrypted by another app, according to Google, which noted the feature's benefits in enterprise environments that prohibit user execution of files with admin privileges. "App-Bound Encryption increases the cost of data theft to attackers and also makes their actions far noisier on the system. It helps defenders draw a clear line in the sand for what is acceptable behavior for other apps on the system," added Google. Updates to Chrome 127 for Windows, macOS, and Linux addressing a pair of high-severity flaws, tracked as CVE-2024-7255 and CVE-2024-7256, have also been issued by Google, which urged the immediate implementation of the fixes despite lack of active exploitation.
