We're improving on the existing Windows DPAPI storage in Chrome by adding a new layer of encryption to additionally bind the data to application identity, starting with cookies in Chrome 127.

This helps prevent malicious apps (e.g. infostealers) running as the logged-in user from reading/decrypting this data, and makes their malicious actions (e.g. to bypass/inject) more observable to antivirus.

Read more about this protection:

https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html