Google adds App-Bound Encryption to Chrome for Windows, greatly increasing its security

However, it does have some big drawbacks.

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

App-Bound Encryption

Google is aiming to make Chrome users on Windows more secure. The tech giant has created a new defense method that seeks to protect users’ data better than ever before.

Chrome has consistently employed the most potent security capabilities the operating systems provide to safeguard user data. In macOS, it’s the Keychain services, and in Linux, systems such as kwallet or gnome-libsecret are used. With Windows users, Chrome has been using Data Protection API (DPAPI) to secure data while at rest. Yet, DPAPI’s incapability to safeguard against malicious applications that run code as the logged-in user has been a worry. These loopholes have provided opportunities for infostealers to take advantage and reach essential data.

However, according to the latest announcement, Chrome 127 is a significant step forward for the Windows community. This version introduces Application-Bound (App-Bound) Encryption, an innovative protection mechanism that enhances DPAPI by tying data encryption to applications’ identities. The concept is similar to the security model found on macOS with Keychain. While starting with cookies, Google plans to expand this safeguarding method to include passwords, payment details, and other lasting authentication tokens in upcoming versions of Chrome.

The intelligence of App-Bound Encryption is found in its strategy to encode the app’s identity into the encrypted data, ensuring that only the planned application can decode it. This approach makes a big difference for attackers because they must now surpass extra obstacles such as getting system privileges or injecting code into Chrome; these actions are likely to attract attention from antivirus software.

This safeguard is especially helpful for businesses. It combats malware that tries to circumvent security by asking for elevation privileges, a usual move in situations where users have limited permissions. However, remember that App-Bound Encryption intends to tie the encryption key to the machine. This means it might not be suitable for places where Chrome profiles frequently move among many devices.

Google’s introduction of App-Bound Encryption is a big step forward in the battle against data theft. This makes it more complicated and more accessible to detect when someone tries to get unauthorized access to essential data, thus improving security for Chrome on Windows and setting new expectations about protection from web browsers.

In other news, Google will soon let Chrome users organize their Tabs into Groups with AI. We spotted the upcoming feature earlier this week, and it should be released to the general public with the next update patches.

More about the topics: browser, Google