Higher privileges needded
"Because the App-Bound service is running with system privileges, attackers need to do more than just coax a user into running a malicious app," Google said at the time. "Now, the malware has to gain system privileges, or inject code into Chrome, something that legitimate software shouldn't be doing."

But the success of the new feature was short-lived. In late September, we reported that multiple infostealers were already able to work around the feature, including Lumma Stealer, StealC, and many others.