Administrators can check Windows Events logs to see if sensitive data is being leaked from Chromium-based Windows browsers during a malware attack. Google provides a method for logging events from the Data Protection API (DPAPI).
According to Google, which describes the method in its Security blog, Windows Events makes it easier for administrators to find out whether a malware attack has stolen sensitive data from Chromium-based web browsers for the Windows operating system. This includes not only the Chrome browser, but also Microsoft Edge, FireFox, Opera, Brave or Vivaldi.
Function DPAPI
More specifically, this concerns possibly stolen data such as passwords, cookies and other data, the tech giant indicates. All this via the so-called Data Protection API (DPAPI).
The DPAPI ensures the protection of local secrets, such as passwords and cookies. The API works with a key that is derived from a user’s login details. This should prevent other users on the system from stealing the data of the users in question. The secrets are also protected when a system is turned off.
A disadvantage is that the DPAPI linked to secrets only works when users are logged in. It does not protect against local malware attacks. Malware present on a system can call the same APIs as the browser to obtain the specific DPAPI secrets.
Windows event logging
According to Google, more DPAPI event insight is now possible for possible data theft. The use of DPAPI can be logged in several places in Windows, making it possible to determine whether data has been stolen.
The tech giant therefore describes in the blog a method for setting up this specific logging. Google indicates that the theft of passwords and cookies due to malware cannot be prevented, but that logging events in Windows still provides insight to antivirus and endpoint detection agents and administrators, who can then act accordingly.
Therefore, Google strongly recommends setting these logging settings for the DPAPI events for Chromium-based browsers in Windows.
It is also important that this method only applies to Windows. Google has not yet issued logging advice for Chromium-based browsers for other operating systems.
Also read: Chrome Enterprise Premium improves browser security, for a fee
Tags: Check data theft Windows Events logs Chromium browsers
