During a malware attack, administrators can use Windows Events logs to check whether sensitive data leaks from Chromium-based Windows browsers. Google provides an event logging method from its Data Protection API (DPAPI) for this purpose.
According to Google, which describes the method in its Security blog, Windows Events make it easier for administrators to discover if a malware attack has stolen sensitive data from Chromium-based web browsers for the Windows operating system. This includes not only the Chrome browser but also Microsoft’s own Edge, as well as Firefox, Opera, Brave, and Vivaldi.
Using the DPAPI
The tech giant indicates that using this method might provide insight into potentially stolen data such as passwords, cookies, and other data. All this is done via the so-called Data Protection API (DPAPI).
The DPAPI protects local secrets, such as passwords and cookies. The API works with a key derived from a user’s login credentials. This should prevent other users from stealing that user’s data from the system. It also protects the secrets when a system is turned off.
One drawback, however, is that the DPAPI associated with secrets works only when users are logged in. It does not protect against local malware attacks. Indeed, malware present on a system can call the same APIs as the browser to obtain the specific DPAPI secrets.
Logging of Windows events
According to Google, the DPAPI event insight is still a valid option for potential data theft. DPAPI usage can be logged in multiple places in Windows, and it is possible to determine whether data has been misappropriated from these places.
The tech giant describes a method for setting up this specific logging. Google indicates that the theft of passwords and cookies by malware cannot be prevented, but the logging of events in Windows provides insight to antivirus and endpoint detection agents and administrators, who can then act accordingly.
Not surprisingly, Google strongly recommends turning on these logging settings for the DPAPI events for Chromium-based browsers in Windows.
It is also important to note that this method only applies to Windows. Google has not yet issued a logging recommendation for Chromium-based browsers on other operating systems.
Also read: Chrome Enterprise Premium offers browser security, for a price