Google is planning to change their way of encrypting/decrypting sensitive data for chrome and chromium based browsers.

[Onyz107]

In Chrome 127 they introduced a new protection on Windows that improves on the DPAPI by providing Application-Bound (App-Bound) Encryption primitives. Rather than allowing any app running as the logged in user to access this data, Chrome can now encrypt data tied to app identity, similar to how the Keychain operates on macOS.

they will be migrating each type of secret to this new system starting with cookies in Chrome 127. In future releases they intend to expand this protection to passwords, payment data, and other persistent authentication tokens, further protecting users from infostealer malware.

And as they stated they did migrate this feature into cookies, I just tried using a basic script to decode the cookies on various windows platforms with the most up-to-date browser and the script failed decrypting the cookies on all of the platforms.

what solution do you think of doing when this change is migrated into browser stored passwords?

Source