New Tool Bypasses Google’s App-Bound Cookie Encryption
Cybersecurity researcher Alexander Hagenah has made waves by releasing a new tool, ‘Chrome-App-Bound-Encryption-Decryption’, which bypasses Google Chrome’s latest App-Bound encryption feature for cookies, allowing retrieval of sensitive data, including saved credentials. The tool’s public release increases the risk for Chrome users who continue to store sensitive data in their browsers.
Google’s App-Bound Encryption: A Brief Overview
In July 2024, Google introduced App-Bound encryption in Chrome 127 as a method to safeguard cookies. Designed to thwart information-stealing malware, the encryption utilizes a Windows service with SYSTEM privileges to protect data, making it more challenging for malware running on a user’s account to extract stored information.
As Google explained in July, for malware to bypass App-Bound encryption, attackers would need to achieve SYSTEM-level privileges or execute code injections, activities that could more easily trigger security software alarms. Despite these efforts, various infostealers have already found ways to bypass this new security feature.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Tool Enables Public Access to Encryption Bypass
Hagenah’s tool, now available on GitHub, allows anyone with technical knowledge to retrieve and decrypt App-Bound encrypted data. According to the project description, the tool “decrypts App-Bound encrypted keys stored in Chrome’s Local State file, using Chrome’s internal COM-based IElevator service.” By gaining administrator privileges and moving the executable to Chrome’s directory, the tool can circumvent the encryption barrier, though requiring administrator-level access may help limit its misuse.
https://x.com/xaitax/status/1850500705074700298/photo/1
Despite this limitation, g0njxa, a cybersecurity researcher, commented that Hagenah’s method, while simple, aligns with approaches taken by older infostealers to bypass App-Bound encryption protections. Toyota malware analyst Russian Panda confirmed that similar decryption techniques have been used by malware operators before evolving to subtler methods, bypassing Chrome’s Elevation Service entirely to avoid detection.
Trending: Red Teaming Tool: avred
Implications for Chrome Security and Users
In response to the tool’s release, Google acknowledged that requiring admin privileges represents a degree of success in raising the bar for cyber attackers. However, infostealer operations continue to surge, leveraging exploits, fake GitHub fixes, and even StackOverflow answers to lure victims. With this tool now available, Chrome users storing sensitive information in their browsers could face increased risks.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com