Ari Novick

Name of the Vulnerable Software and Affected Versions: Google Chrome (affected versions not specified) Description: A security bypass issue exists in the AppBound cookie encryption mechanism of Google Chrome due to insufficient validation of COM server paths during inter-process communication. This allows a local low-privileged attacker to hijack the COM class identifier (CLSID) registration used by Chrome's elevation service, pointing it to a non-existent or malicious binary. As a result, Chrome falls back to the legacy cookie encryption mechanism, enabling cookie decryption by any user-context malware without SYSTEM-level access. This flaw bypasses the intended protections of the AppBound encryption design, allowing cookie theft from Chromium-based browsers. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome (affected versions not specified) Description: A padding oracle vulnerability exists in Google Chrome's AppBound cookie encryption mechanism. This issue arises due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the Chrome elevation service and distinguish between padding and MAC errors, enabling a padding oracle attack. This allows partial decryption of the SYSTEM-DPAPI layer and eventual recovery of the user-DPAPI encrypted cookie key. The vulnerability undermines the core purpose of AppBound Encryption by enabling low-privileged cookie theft through cryptographic misuse and verbose error feedback. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Google Chrome (affected versions not specified) Description: A cookie encryption bypass issue exists due to weak path validation logic within the elevation service of Google Chrome's AppBound mechanism. This allows an attacker to impersonate Chrome by naming their binary similarly and placing it in a similar path, thus retrieving the encrypted cookie key. This enables malicious processes to access cookies intended to be restricted to the Chrome process only. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.