Will Harris

@[email protected]
51 Followers
15 Following
5 Posts
Chrome Security Gnome
About meI work on the Chrome Security team mainly on improving the sandbox on Windows. I am @parityzero on Twitter.
Will HarrisMay 7
Try out the early alpha of Process Isolation in Chrome 138. chrome://flags/#enable-process-isolation-ui then chrome://settings/system for the switch. Read known issues https://issues.chromium.org/issues?q=hotlistid:8036290%20status:open and report bugs! Especially interested in App-Compat bugs.
Chromium

Will HarrisJul 30, 2024

We're improving on the existing Windows DPAPI storage in Chrome by adding a new layer of encryption to additionally bind the data to application identity, starting with cookies in Chrome 127.

This helps prevent malicious apps (e.g. infostealers) running as the logged-in user from reading/decrypting this data, and makes their malicious actions (e.g. to bypass/inject) more observable to antivirus.

Read more about this protection:

https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html

Improving the security of Chrome cookies on Windows

Posted by Will Harris, Chrome Security Team Cybercriminals using cookie theft infostealer malware continue to pose a risk to the safety ...

Google Online Security Blog
Will HarrisApr 30, 2024
I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. https://security.googleblog.com/2024/04/detecting-browser-data-theft-using.html #DFIR Hope it's useful!
Detecting browser data theft using Windows Event Logs

Posted by Will Harris, Chrome Security Team Chromium's sandboxed process model defends well from malicious web content, but...

Google Online Security Blog