New Tool Bypasses Google’s App-Bound Cookie Encryption

by | Oct 29, 2024 | News




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Cybersecurity researcher Alexander Hagenah has made waves by releasing a new tool, ‘Chrome-App-Bound-Encryption-Decryption’, which bypasses Google Chrome’s latest App-Bound encryption feature for cookies, allowing retrieval of sensitive data, including saved credentials. The tool’s public release increases the risk for Chrome users who continue to store sensitive data in their browsers.

Google’s App-Bound Encryption: A Brief Overview

In July 2024, Google introduced App-Bound encryption in Chrome 127 as a method to safeguard cookies. Designed to thwart information-stealing malware, the encryption utilizes a Windows service with SYSTEM privileges to protect data, making it more challenging for malware running on a user’s account to extract stored information.

As Google explained in July, for malware to bypass App-Bound encryption, attackers would need to achieve SYSTEM-level privileges or execute code injections, activities that could more easily trigger security software alarms. Despite these efforts, various infostealers have already found ways to bypass this new security feature.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Tool Enables Public Access to Encryption Bypass

Hagenah’s tool, now available on GitHub, allows anyone with technical knowledge to retrieve and decrypt App-Bound encrypted data. According to the project description, the tool “decrypts App-Bound encrypted keys stored in Chrome’s Local State file, using Chrome’s internal COM-based IElevator service.” By gaining administrator privileges and moving the executable to Chrome’s directory, the tool can circumvent the encryption barrier, though requiring administrator-level access may help limit its misuse.

https://x.com/xaitax/status/1850500705074700298/photo/1

Image

Despite this limitation, g0njxa, a cybersecurity researcher, commented that Hagenah’s method, while simple, aligns with approaches taken by older infostealers to bypass App-Bound encryption protections. Toyota malware analyst Russian Panda confirmed that similar decryption techniques have been used by malware operators before evolving to subtler methods, bypassing Chrome’s Elevation Service entirely to avoid detection.




Implications for Chrome Security and Users

In response to the tool’s release, Google acknowledged that requiring admin privileges represents a degree of success in raising the bar for cyber attackers. However, infostealer operations continue to surge, leveraging exploits, fake GitHub fixes, and even StackOverflow answers to lure victims. With this tool now available, Chrome users storing sensitive information in their browsers could face increased risks.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This