A critical vulnerability that allows low-privileged attackers to decrypt Chrome’s AppBound Cookie Encryption, a security feature Google introduced in July 2024 to protect user cookies from infostealer malware. The attack, dubbed C4 (Chrome Cookie Cipher Cracker), exploits a Padding Oracle Attack against the Windows Data Protection API (DPAPI) encryption system. Summary1. Researchers developed “C4” attack
The post New C4 Bomb Attack Bypasses Chrome’s AppBound Cookie Encryption appeared first on Cyber Security News. Read More