During a malware attack, administrators have the capability to examine Windows Events logs to determine if there have been leaks of sensitive data from Chromium-based Windows browsers, thanks to Google’s utilization of its Data Protection API (DPAPI) for event logging.
Google, detailing the methodology on its Security blog, highlights the application of Windows Events as a tool for administrators to ascertain whether a malware intrusion has compromised sensitive information from Chromium-based browsers on the Windows platform. This encompasses not only Google Chrome but also includes Microsoft Edge, along with Firefox, Opera, Brave, and Vivaldi.
The DPAPI serves as a safeguard for local secrets, such as passwords and cookies, employing a key derived from a user’s login credentials to shield user data from unauthorized access, including when the system is powered off. Nonetheless, a significant limitation is the inability of the DPAPI to protect against local malware attacks when users are logged in, as malware on the system can access the same APIs to derive DPAPI secrets.
Google affirms that despite this, the insight provided by DPAPI events remains a viable approach for identifying potential data theft. It’s possible to log DPAPI usage in various segments of Windows, allowing for the detection of unauthorized data access.
The company outlines a method for enabling logging for these specific DPAPI events, suggesting that while it may not stop the actual theft of passwords and cookies by malware, it furnishes antivirus solutions, endpoint detection agents, and administrators with the necessary information to take appropriate action.
Google vigorously advises the activation of logging settings for DPAPI events pertaining to Chromium-based browsers on Windows, underscoring the significance of this measure for enhancing security.
It is crucial to note, however, that this recommendation pertains only to Windows. As of now, Google has not provided guidance on event logging for Chromium-based browsers on other operating systems.
In related developments, Google also promotes enhanced security solutions for enterprises through its Chrome Enterprise Premium offering, which provides extensive browser security options, albeit at a cost. This initiative reflects a growing recognition of the importance of advanced security measures in navigating the contemporary digital landscape.
Source
