Thursday, 9 January 2014

Google Chrome to encrypt Stored Cookies by default to enhance browser security

When you visit a website, it stores some information on your system through a web browser for later use i.e. Login information, so you do not have to re-login to your website every time you visit the same website on the same browser. Cookies are usually stored as plain text or in the database by the browser and if a computer is accessed by multiple people, one person might scan another’s cookie folder and look for things like passwords or long-life session IDs. If an attacker has the physical access to your system, can steal all your cookies easily to hijack accounts. There are many tools available on the Internet that can make it quicker and easier for an attacker to export all your cookies from the browser. The Google Chrome web browser also saves cookies to a SQLite database file in the user's data folder. One can import that file to SQL Editor software to read all cookies in plain text format. Google's open source project Chromium browser now have a new feature that encrypts stored cookies by default by the browser, whereas similar feature is already implemented in Chrome OS and Android OS. In the case where someone gains local access to a computer and scans for cookies, encrypted cookies prevent the attacker from viewing the cookie contents. Another important fact to be noted that, this encryption is at system user level i.e. This will only protect the cookies of a system user from the access by other users on the same system. So, if you will hand over your user account logged-in to an attacker, one can still access your cookies in plain text. Google may soon adopt similar feature in the all official desktop versions of Chrome browser, that will encrypt the browser cookies with 128-bit AES encryption before saving to the hard disk. Encrypting browser cookies provide an additional level of security, but not sufficient until Google will not start protecting them with some master password that will also lock the access to encrypted cookies for the same windows user.

No comments:

Post a Comment

Popular Posts