When a cyber baddie gets a hold of a user's session cookies, they can use them to hijack those sessions, log into accounts they don't own, and then do anything the legitimate user could do, perhaps even selling the account on black markets.
Starting in Chrome 127, the browser now uses app-bound encryption primitives that encrypt data in a way that links it to a specific app.
"App-bound encryption relies on a privileged service to verify the identity of the requesting application," Harris blogged. "During encryption, the app-bound encryption service encodes the app's identity into the encrypted data, and then verifies this is valid when decryption is attempted."
"Because the app-bound service is running with system privileges, attackers need to do more than just coax a user into running a malicious app. Now, the malware has to gain system privileges, or inject code into Chrome, something that
Collection
[
|
...
]