Skip to main content
  1. Home
  2. Computing
  3. News

Update your Chrome browser now to gain this critical security feature

By
Add as a preferred source on Google
Graph explaining how App-Bound encryption works from Google.
Google

Yesterday, in a blog post on Google’s security blog, Willian Harris from Chrome’s Security Team said that Google is improving the security of Chrome cookies on Windows PCs by adopting a similar method used in macOS to help protect users from info-stealing malware.

The security update addresses session cookies that authenticate your identity when you switch apps without logging back in. Google wants to adopt the security system used by Keychain on macOS and start using “a new protection on Windows,” which updates Data Protection API (DPAPI) and brings a new security tool called “application-bound” encryption.

Recommended Videos

With this new wall of security in Chrome, Google asserts that it’ll encrypt information related to app identity.

The new protection will be available in Chrome 127, but Google has plans to expand the App-Bound Encryption to payment data, passwords, and other persistent authentication tokens. Google explained how it works by saying that “App-Bound Encryption relies on a privileged service to verify the identity of the requesting application. During encryption, the App-Bound Encryption service encodes the app’s identity into the encrypted data and then verifies this is valid when decryption is attempted. If another app on the system tries to decrypt the same data, it will fail.”

Google’s new security approach will make it easier for antivirus programs such as Bitdefender and Malwarebytes to detect.

This news once again creates a curious wrinkle in the story, with Macs and Linux systems being the only ones not affected by the IT outage caused by a faulty update from CrowdStrike that affected industries such as retail, banks, and especially airlines, as George Kurtz, CrowdStrike VP, mentioned in a post on X (formerly Twitter).

Microsoft is even considering making an important Mac-like change to the way Windows security works following the incident.

Chrome users can stay safe by updating their browsers as soon as possible since the Chrome 127 update is now available. This again reminds us of the importance of always keeping our apps and browsers running on the latest version.

Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Topics
The Mac Pro is dead at Apple, and I’ll miss the cheese-grater powerhouse
RIP Mac Pro. The Mac Studio is taking the throne, and we're okay with that.
Electronics, Computer, Pc

Apple has officially discontinued the Mac Pro. It’s been removed from Apple’s website, and Apple has confirmed to 9to5Mac that there are no plans to release a future version. The buy page now redirects to Apple’s Mac homepage, where the Mac Pro no longer exists.

Why did Apple kill the Mac Pro?

Read more
March Madness, Revisited: The AI Model Did Well. But Mad Things Still Happen
Stills from NCAA games.

(NOTE: This article is part of an ongoing series documenting an experiment with using AI to fill the NCAA brackets and see how it fares against years of human experience. The original article is as follows.)

A week ago, I wrote about entering an NCAA tournament pool with a more disciplined process than I usually use.

Read more
A simple coding mistake is exposing API keys across thousands of websites
Security gaps that are easier to miss than you think
Computer, Electronics, Laptop

After analyzing 10 million webpages, researchers have found thousands of websites accidentally exposing sensitive API credentials, including keys linked to major services like Amazon Web Services, Stripe, and OpenAI.

This is a serious issue because APIs act as the backbone of the apps we use today. They allow websites to connect to services like payments, cloud storage, and AI tools, but they rely on digital keys to stay secure. Once exposed, API keys can allow anyone to interact with those services with malicious intent.

Read more